laptop läuft sehr langsam, Tastatureingabe oft zeitverzögert, windows 7, 64bit

smayate · 29.09.2015, 14:21

Hallo liebes Team
erst mal ganz herzlichen Dank, dass Ihr helft!!! :-)

Jemand von Euch hatte mir sehr erfolgreich geholfen bei meinem laptop. Nun habe ich den laptop einer Freundin bei mir zu Hause und möchte um Hilfe bitten.

Der laptop läuft sehr langsam und oft ist die Tastatureingabe zeitverzögert. Avira hatte offenbar einen Fehler gemeldet (und in Quarantäne geschoben), ich weiss leider nicht welchen. sorry.
Ich hahe erst mal noch nichts gemacht, weil ich nichts falsch machen möchte.

windows 7 home premium, servicepack 1
64 bit

Herzlichen Dank und lieber Gruss
Pat

M-K-D-B · 29.09.2015, 14:26

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Schritt 2
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdatei von TDSS-Killer,
die beiden neuen Logdateien von FRST.

smayate · 29.09.2015, 15:22

Hallo Matthias und herzlichen Dank! :-)
Ich muss zwei posts machen , weil zu lang. (TDSSKiller ist im nächsten post)

FRST:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-09-2015 01
durchgeführt von Mona (Administrator) auf HP_MONA (29-09-2015 15:50:23)
Gestartet von C:\Users\Mona\Desktop
Geladene Profile: Mona (Verfügbare Profile: Mona)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2899216 2013-05-28] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [DLCJCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\DLCJtime.dll,RunDLLEntry
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-09-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-13] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2335087299-416370035-993193814-1002\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2335087299-416370035-993193814-1002\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-2335087299-416370035-993193814-1002\...\Policies\Explorer: [NoLogoff] 0
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellExecuteHooks:  - {E54729E8-643D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook64.dll [773192 2014-03-01] ()
ShellExecuteHooks-x32:  - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook32.dll [484936 2014-03-01] ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Mona\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-09-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Mona\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-09-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Mona\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-09-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Mona\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Mona\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Mona\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-23] (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{095DDCF9-864E-4705-A2C1-76BF9EC9365F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E53ACA17-DD30-4196-B389-B09ADC657204}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/12
HKU\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=70100
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {3035FD3C-5308-4863-91DF-75E8C9A9C5A7} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=1&v=a13277-269&apn_uid=0610412911704951&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=hxxp://www.ebay.ch/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^ZX^xdm070^YYA^ch&ptb=06A217DD-4019-4852-BB81-D9A7D564FA22&ind=2014030422&n=780baa56&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {3035FD3C-5308-4863-91DF-75E8C9A9C5A7} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=1&v=a13277-269&apn_uid=0610412911704951&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=hxxp://www.ebay.ch/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^ZX^xdm070^YYA^ch&ptb=06A217DD-4019-4852-BB81-D9A7D564FA22&ind=2014030422&n=780baa56&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = hxxp://www.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=70100
SearchScopes: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> {3035FD3C-5308-4863-91DF-75E8C9A9C5A7} URL = 
SearchScopes: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80760&iwk=247&lng=de
SearchScopes: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=hxxp://www.ebay.ch/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> {FACD5959-88BD-4238-B571-8156DF972316} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Music Toolbar (Dist. by iMesh, Inc.) -> {282b0e54-8981-49eb-9193-5910a1f6fd33} -> C:\PROGRA~2\MUSICT~1\Datamngr\SR0DE8~3\IE\searchresultsDx64.dll Keine Datei
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-08] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Music Toolbar (Dist. by iMesh, Inc.) -> {282b0e54-8981-49eb-9193-5910a1f6fd33} -> C:\PROGRA~2\MUSICT~1\Datamngr\SR0DE8~3\IE\searchresultsDx.dll Keine Datei
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-08] (Advanced Micro Devices)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: BandooIEPlugin Class -> {EB5CEE80-030A-4ED8-8E20-454E9C68380F} -> C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll Keine Datei
Toolbar: HKLM - Music Toolbar (Dist. by iMesh, Inc.) - {282b0e54-8981-49eb-9193-5910a1f6fd33} - C:\PROGRA~2\MUSICT~1\Datamngr\SR0DE8~3\IE\searchresultsDx64.dll Keine Datei
Toolbar: HKLM-x32 - Music Toolbar (Dist. by iMesh, Inc.) - {282b0e54-8981-49eb-9193-5910a1f6fd33} - C:\PROGRA~2\MUSICT~1\Datamngr\SR0DE8~3\IE\searchresultsDx.dll Keine Datei
Toolbar: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Keine Datei
Toolbar: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> Kein Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  Keine Datei
Toolbar: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> Kein Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -  Keine Datei
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\Profiles\f92w0j6a.default
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-06-07] ( HP)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2011-09-28] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
FF Extension: Bandoo for Firefox - C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\Profiles\f92w0j6a.default\Extensions\ffox@bandoo.com [2015-09-23]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2015-09-23]
FF HKLM-x32\...\Firefox\Extensions: [ffox@bandoo.com] - C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\Profiles\f92w0j6a.default\extensions\ffox@bandoo.com
FF HKU\S-1-5-21-2335087299-416370035-993193814-1002\...\Firefox\Extensions: [{AF1E3C7A-149F-2585-543F-FFC62447035C}] - C:\Program Files (x86)\ver1Re-Markable\182.xpi
FF Extension: Re-Markable - C:\Program Files (x86)\ver1Re-Markable\182.xpi [2014-11-26]

Chrome: 
=======
CHR Profile: C:\Users\Mona\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mona\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-06]
CHR Extension: (Bandoo) - C:\Users\Mona\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp [2014-03-01]
CHR Extension: (Avira Browserschutz) - C:\Users\Mona\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-06]
CHR Extension: (Google Wallet) - C:\Users\Mona\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-03-21] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-09-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-09-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-09-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-09-22] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [228104 2015-08-13] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 dlcj_device; C:\Windows\system32\dlcjcoms.exe [452608 2005-07-12] ()
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [Datei ist nicht signiert]
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 51cdb72; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT
S2 AppFrozenPrivacy.exe; C:\Users\Mona\AppData\Local\AppFrozenPrivacy\AppFrozenPrivacy.exe [X]
S2 Bandoo Coordinator; "C:\Program Files (x86)\Bandoo\Bandoo.exe" [X]
S2 DebugLogTooltip.exe; C:\Users\Mona\AppData\Local\DebugLogTooltip\DebugLogTooltip.exe [X]
S2 DOSImportStart.exe; C:\Users\Mona\AppData\Local\DOSImportStart\DOSImportStart.exe [X]
S2 MotionScriptSprite.exe; C:\Users\Mona\AppData\Local\MotionScriptSprite\MotionScriptSprite.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [31872 2012-02-02] (Advanced Micro Devices, Inc.)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [189760 2012-02-05] (AppEx Networks Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162528 2015-09-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-09-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-02] (Broadcom Corporation.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-02] (Broadcom Corporation.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-03-02] (Synaptics Incorporated)
R2 webinstrNew; C:\Windows\system32\Drivers\webinstrNew.sys [58040 2014-11-26] (Corsica)
S1 F06DEFF2-5B9C-490D-910F-35D3A9119622; \??\C:\Program Files (x86)\Music Toolbar\Datamngr\x64\setmgrc2.cfg [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-29 15:50 - 2015-09-29 15:51 - 00025197 _____ C:\Users\Mona\Desktop\FRST.txt
2015-09-29 15:50 - 2015-09-29 15:50 - 00000000 ____D C:\FRST
2015-09-29 15:48 - 2015-09-29 15:48 - 02192384 _____ (Farbar) C:\Users\Mona\Desktop\FRST64.exe
2015-09-23 19:52 - 2015-08-18 03:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-23 19:52 - 2015-08-18 03:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-23 19:52 - 2015-08-15 08:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-23 19:52 - 2015-08-15 08:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-23 19:52 - 2015-08-15 08:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-23 19:52 - 2015-08-15 08:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-23 19:52 - 2015-08-15 08:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-23 19:52 - 2015-08-15 08:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-23 19:52 - 2015-08-15 08:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-23 19:52 - 2015-08-15 08:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-23 19:52 - 2015-08-15 08:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-23 19:52 - 2015-08-15 08:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-23 19:52 - 2015-08-15 08:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-23 19:52 - 2015-08-15 08:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-23 19:52 - 2015-08-15 08:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-23 19:52 - 2015-08-15 08:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-23 19:52 - 2015-08-15 08:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-23 19:52 - 2015-08-15 08:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-23 19:52 - 2015-08-15 08:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-23 19:52 - 2015-08-15 08:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-23 19:52 - 2015-08-15 07:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-23 19:52 - 2015-08-15 07:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-23 19:52 - 2015-08-15 07:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-23 19:52 - 2015-08-15 07:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-23 19:52 - 2015-08-15 07:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-23 19:52 - 2015-08-15 07:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-23 19:52 - 2015-08-15 07:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-23 19:52 - 2015-08-15 07:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-09-23 19:52 - 2015-08-15 07:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-23 19:52 - 2015-08-15 07:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-23 19:52 - 2015-08-15 07:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-09-23 19:52 - 2015-08-15 07:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-09-23 19:52 - 2015-08-15 07:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-23 19:52 - 2015-08-15 07:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-23 19:52 - 2015-08-15 07:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-09-23 19:52 - 2015-08-15 07:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-23 19:52 - 2015-08-15 07:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-23 19:52 - 2015-08-15 07:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-09-23 19:52 - 2015-08-15 07:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-23 19:52 - 2015-08-15 07:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-23 19:52 - 2015-08-15 07:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-23 19:52 - 2015-08-15 07:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-23 19:52 - 2015-08-15 07:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-23 19:52 - 2015-08-15 07:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-23 19:52 - 2015-08-15 07:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-23 19:52 - 2015-08-15 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-23 19:52 - 2015-08-15 07:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-09-23 19:52 - 2015-08-15 07:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-23 19:52 - 2015-08-15 07:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-23 19:52 - 2015-08-15 07:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-23 19:52 - 2015-08-15 07:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-23 19:52 - 2015-08-15 07:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-23 19:52 - 2015-08-15 07:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-23 19:52 - 2015-08-15 07:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-23 19:52 - 2015-08-15 07:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-09-23 19:52 - 2015-08-15 06:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-23 19:52 - 2015-08-15 06:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-23 19:52 - 2015-08-15 06:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-23 19:52 - 2015-08-15 06:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-23 19:52 - 2015-08-15 06:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-23 19:52 - 2015-08-05 19:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-23 19:52 - 2015-08-05 19:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-23 19:52 - 2015-08-05 19:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-23 19:52 - 2015-08-04 20:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-23 19:52 - 2015-08-04 20:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-23 19:52 - 2015-08-04 19:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-23 19:52 - 2015-08-04 19:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-23 19:52 - 2015-08-04 19:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-23 19:52 - 2015-08-04 19:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-23 19:52 - 2015-07-15 05:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-23 19:52 - 2015-07-15 04:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-23 19:51 - 2015-09-02 05:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-23 19:51 - 2015-09-02 05:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-23 19:51 - 2015-09-02 05:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-23 19:51 - 2015-09-02 05:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-23 19:51 - 2015-09-02 04:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-23 19:51 - 2015-09-02 04:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-23 19:51 - 2015-09-02 04:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-23 19:51 - 2015-09-02 04:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-23 19:51 - 2015-09-02 03:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-23 19:51 - 2015-09-02 03:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-23 19:51 - 2015-09-02 03:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-23 19:51 - 2015-08-26 20:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-23 19:51 - 2015-08-26 20:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-23 19:51 - 2015-08-26 20:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-23 19:51 - 2015-08-26 20:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-23 19:51 - 2015-08-26 20:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-23 19:51 - 2015-08-26 20:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-23 19:51 - 2015-08-26 20:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-23 19:51 - 2015-08-26 20:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-23 19:51 - 2015-08-26 20:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-23 19:51 - 2015-08-26 20:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-23 19:51 - 2015-08-26 20:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-23 19:51 - 2015-08-26 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-23 19:51 - 2015-08-26 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-23 19:51 - 2015-08-26 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-23 19:51 - 2015-08-26 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-23 19:51 - 2015-08-26 19:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-23 19:51 - 2015-08-04 19:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-23 19:51 - 2015-08-04 19:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-23 19:51 - 2015-08-04 18:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-23 19:44 - 2015-09-29 15:18 - 00000000 ____D C:\Users\Mona\Documents\compi
2015-09-23 19:24 - 2015-09-23 19:24 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-23 19:24 - 2015-09-23 19:24 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-23 19:24 - 2015-09-23 19:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-23 19:23 - 2015-09-23 19:23 - 00243936 _____ C:\Users\Mona\Downloads\Firefox Setup Stub 41.0.exe
2015-09-22 19:06 - 2015-07-30 15:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-09-22 19:06 - 2015-07-30 15:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-09-22 17:01 - 2015-07-10 19:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-09-22 17:01 - 2015-07-10 19:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-09-22 17:01 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-09-22 17:01 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-09-22 17:01 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-09-22 17:00 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-09-22 17:00 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-09-22 16:56 - 2015-07-16 21:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-09-22 16:56 - 2015-07-16 21:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-09-22 16:56 - 2015-07-16 21:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-09-22 16:56 - 2015-07-16 21:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-09-22 16:56 - 2015-07-16 21:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-09-22 16:56 - 2015-07-16 21:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-09-22 16:56 - 2015-07-11 15:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-09-22 16:55 - 2015-07-15 20:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-22 16:55 - 2015-07-15 20:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-22 16:55 - 2015-07-15 20:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-22 16:55 - 2015-07-15 20:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-09-22 16:55 - 2015-07-15 20:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-22 16:55 - 2015-07-15 20:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-09-22 16:55 - 2015-07-15 20:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-09-22 16:55 - 2015-07-15 20:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-09-22 16:55 - 2015-07-15 20:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-22 16:55 - 2015-07-15 20:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-22 16:55 - 2015-07-15 20:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-22 16:55 - 2015-07-15 20:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-22 16:55 - 2015-07-15 20:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-09-22 16:55 - 2015-07-15 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-09-22 16:55 - 2015-07-15 20:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-22 16:55 - 2015-07-15 20:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-22 16:55 - 2015-07-15 20:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-09-22 16:55 - 2015-07-15 19:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-09-22 16:55 - 2015-07-15 19:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-22 16:55 - 2015-07-15 19:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-09-22 16:55 - 2015-07-15 19:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-09-22 16:55 - 2015-07-15 19:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-09-22 16:55 - 2015-07-15 19:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-09-22 16:55 - 2015-07-15 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-09-22 16:55 - 2015-07-15 19:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-09-22 16:55 - 2015-07-15 19:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-09-22 16:55 - 2015-07-15 19:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-09-22 16:55 - 2015-07-15 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-09-22 16:55 - 2015-07-15 19:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-09-22 16:55 - 2015-07-15 19:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-09-22 16:55 - 2015-07-15 19:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-09-22 16:55 - 2015-07-15 19:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-09-22 16:55 - 2015-07-15 19:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-09-22 16:55 - 2015-07-15 19:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-22 16:55 - 2015-07-15 19:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-09-22 16:55 - 2015-07-15 19:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-09-22 16:55 - 2015-07-15 19:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-09-22 16:55 - 2015-07-15 19:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-09-22 16:55 - 2015-07-15 19:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 18:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-22 16:55 - 2015-07-15 18:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-22 16:55 - 2015-07-15 18:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-22 16:55 - 2015-07-15 18:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-09-22 16:55 - 2015-07-15 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-09-22 16:55 - 2015-07-15 18:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 18:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 18:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 18:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-22 16:53 - 2015-06-09 20:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-09-22 16:53 - 2015-06-09 20:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-09-22 16:52 - 2015-07-15 05:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-09-22 16:48 - 2015-07-15 05:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-22 16:48 - 2015-07-15 05:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-22 16:48 - 2015-07-15 05:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-22 16:48 - 2015-07-15 05:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-22 16:48 - 2015-07-15 04:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-22 16:48 - 2015-07-15 04:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-22 16:48 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-09-22 16:48 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-09-22 16:48 - 2015-07-01 22:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-09-22 16:48 - 2015-07-01 22:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-09-22 16:48 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-09-22 16:48 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-09-22 16:45 - 2015-07-30 20:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-09-22 16:45 - 2015-07-30 20:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-09-22 16:45 - 2015-07-30 20:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-09-22 16:45 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-09-22 16:45 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-09-22 16:45 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-09-22 16:45 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-09-22 16:45 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-09-22 16:45 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-09-22 16:43 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-22 16:43 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-09-22 16:43 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-22 16:43 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-09-22 16:43 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-22 16:43 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-09-22 16:43 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-09-22 16:43 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-22 16:43 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-09-22 16:43 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-09-22 16:43 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-09-22 16:43 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-09-22 16:08 - 2015-09-22 16:08 - 00001138 _____ C:\Users\Public\Desktop\Avira Launcher.lnk

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-29 15:20 - 2009-07-14 06:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-29 15:20 - 2009-07-14 06:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-29 15:10 - 2012-09-30 13:27 - 02066592 _____ C:\Windows\WindowsUpdate.log
2015-09-29 14:55 - 2012-05-14 18:06 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-29 12:06 - 2014-11-26 20:35 - 00000416 _____ C:\Windows\Tasks\Re-Markable Update.job
2015-09-29 11:46 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-29 11:45 - 2014-03-22 16:55 - 00012727 _____ C:\Windows\setupact.log
2015-09-25 21:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-09-25 20:30 - 2013-09-21 11:11 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3F9A1DB0-EBAA-43AC-9979-A5387D076F64}
2015-09-25 09:49 - 2014-11-26 20:35 - 00000000 ____D C:\Program Files (x86)\ver1Re-Markable
2015-09-25 08:04 - 2009-07-14 06:45 - 00267816 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-25 08:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-24 01:14 - 2013-09-21 11:47 - 00000000 ____D C:\Windows\system32\MRT
2015-09-24 00:51 - 2012-09-30 15:45 - 00000000 ____D C:\Users\Mona\AppData\Roaming\Skype
2015-09-23 20:24 - 2013-03-18 23:12 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-23 20:01 - 2013-03-18 23:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-23 20:00 - 2010-11-21 05:47 - 00990564 _____ C:\Windows\PFRO.log
2015-09-23 19:59 - 2012-09-30 13:42 - 00000000 ____D C:\Users\Mona\AppData\Roaming\SoftGrid Client
2015-09-23 19:43 - 2013-03-18 23:26 - 00000000 ____D C:\Users\Mona\AppData\Local\Mozilla
2015-09-23 19:39 - 2014-03-02 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Driver Updater
2015-09-23 19:39 - 2014-03-02 16:57 - 00000000 ____D C:\Program Files (x86)\WinZip Driver Updater
2015-09-23 19:18 - 2014-03-23 09:41 - 00002172 _____ C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-09-23 19:18 - 2014-03-23 09:41 - 00000000 ___RD C:\Users\Mona\OneDrive
2015-09-23 19:15 - 2013-03-16 16:27 - 00000000 ___RD C:\Users\Mona\Podcasts
2015-09-22 19:06 - 2013-03-14 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-22 19:05 - 2013-03-14 11:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-22 19:05 - 2013-03-14 11:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-22 17:08 - 2013-05-22 11:28 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-09-22 17:08 - 2013-05-22 11:28 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2015-09-22 17:04 - 2014-12-29 23:41 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-09-22 16:39 - 2014-11-28 16:36 - 00000000 ____D C:\Program Files\Dl_cats
2015-09-22 16:37 - 2014-12-06 16:11 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-22 16:16 - 2014-11-20 09:32 - 00000000 __SHD C:\Users\Mona\AppData\Local\EmieBrowserModeList
2015-09-22 16:16 - 2014-04-24 01:59 - 00000000 __SHD C:\Users\Mona\AppData\Local\EmieUserList
2015-09-22 16:16 - 2014-04-24 01:59 - 00000000 __SHD C:\Users\Mona\AppData\Local\EmieSiteList
2015-09-22 16:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-22 16:08 - 2014-12-06 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-09-22 16:06 - 2014-12-06 16:15 - 00162528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-09-22 16:06 - 2014-12-06 16:15 - 00141416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-09-22 16:02 - 2012-05-14 18:06 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-22 16:01 - 2012-05-14 18:06 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-22 16:01 - 2012-05-14 18:06 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-02-28 07:49 - 2014-02-28 07:49 - 0700113 _____ () C:\Users\Mona\AppData\Roaming\UserTile.png
2013-03-19 23:04 - 2014-03-29 07:41 - 0007680 _____ () C:\Users\Mona\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Einige Dateien in TEMP:
====================
C:\Users\Mona\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-09-25 20:56

==================== Ende von FRST.txt ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
durchgeführt von Mona (2015-09-29 15:52:04)
Gestartet von C:\Users\Mona\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-09-30 09:24:10)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2335087299-416370035-993193814-500 - Administrator - Disabled)
Gast (S-1-5-21-2335087299-416370035-993193814-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2335087299-416370035-993193814-1003 - Limited - Enabled)
Mona (S-1-5-21-2335087299-416370035-993193814-1002 - Administrator - Enabled) => C:\Users\Mona

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{DB8F3717-56A7-AA87-3324-4CEAB9C7964E}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.14.0 - AppEx Networks)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.12.420 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{315dd168-0794-4cf1-8355-f195cde642fc}) (Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG) Hidden
Bandoo (HKLM-x32\...\Bandoo) (Version: 8.0.0.133476 - Bandoo Media Inc) <==== ACHTUNG
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.140 - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2300 - Broadcom Corporation)
Cake Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.3.5018 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Photo AIO Printer 964 (HKLM\...\Dell Photo AIO Printer 964) (Version:  - )
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{4F34A145-8CF3-400C-B5DB-2B1BF604304D}) (Version: 5.1.4 - Hewlett-Packard)
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom (TM) 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
FLV Player (remove only) (HKLM-x32\...\FLVM Player) (Version:  - ) <==== ACHTUNG
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{AB5BCC55-18E2-46C7-9405-FF61CB888F05}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{0D83FCDE-8CAF-45E6-907D-6AF8E2A5EE01}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP SimplePass (HKLM-x32\...\{4BACA3B8-F63A-44ED-9A8D-48B4D02AD268}) (Version: 6.0.100.276 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6392.0 - IDT)
iMesh (x32 Version: 12.0.0.131834 - iMesh Inc.) Hidden <==== ACHTUNG
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2335087299-416370035-993193814-1002\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 41.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 de)) (Version: 41.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0 - Mozilla)
Music Toolbar for Internet Explorer (Dist. by iMesh, Inc.) (HKLM-x32\...\imeshmusicboxtoolbar181IE) (Version: 1.8.1.0 - IAC Search and Media) <==== ACHTUNG
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.54.309.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.27016 - Realtek Semiconductor Corp.)
Re-Markable (HKLM-x32\...\53BB45AF-DE34-15AA-9295-C9A29AF51976) (Version:  - Re-Markable-software) <==== ACHTUNG
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.5.1 - Synaptics Incorporated)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{D8360C56-B89D-47AA-91A5-8D27A20844FB}) (Version: 4.3.304.0 - Validity Sensors, Inc.)
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Phone app for desktop (HKLM-x32\...\{19773614-FC22-4ACC-AAA3-E6BDA81ACF92}) (Version: 1.1.2726.0 - Microsoft Corporation)
WinZip Driver Updater (HKLM-x32\...\{9854A5C4-5BE5-46E2-A989-352DD8B37E20}_is1) (Version: 1.0.648.15384 - WinZip Computing, S.L. (WinZip Computing))
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

13-07-2015 07:16:42 Windows Update
17-08-2015 11:58:38 Windows Update
22-09-2015 17:12:50 Windows Update
22-09-2015 18:48:18 Windows Update
24-09-2015 01:01:48 Windows Update
29-09-2015 11:57:47 Windows Update

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0D30A251-4646-40ED-8A0E-B0C0127034A7} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {1F81FE25-96D9-487F-B5FD-7F3C7A437DDC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4C18337D-6CE4-43E6-9CAE-06946011E21D} - System32\Tasks\WinZipDriverUpdater_UPDATES => C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe
Task: {5878ACDE-0424-4732-8D07-F1275EBD83F9} - System32\Tasks\Re-Markable Update => C:\Program Files (x86)\ver1Re-Markable\t8Re-MarkableT64.exe
Task: {6365A7D8-C85B-47B7-AEB4-2D06851F9D0E} - System32\Tasks\{FBA76E06-2FDB-425B-94EB-11B3EDD13E33} => pcalua.exe -a "C:\Users\Mona\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FW5PX1C\WindowsPhone.exe" -d C:\Users\Mona\Desktop
Task: {9567C228-25BB-42B9-8051-BE531413C7AC} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ACHTUNG
Task: {9FB25706-69FE-4CDB-B262-D1661B014AE6} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-02-21] (CyberLink)
Task: {A1A1AFA4-246D-47C0-A5A8-2A01F772FA72} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {A57A7ECC-1F5B-45CE-8696-520FD2AAE7F0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated)
Task: {C4BB5360-6CD7-4664-A7DA-078BC1D67A89} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {CE70E88F-7C25-4EF3-AACF-61FF3BD27E2B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {CF44DC00-00DC-4050-9F40-DD560940A5D4} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe
Task: {D94AC378-5D6E-41F6-B5C4-E493E4CB93EC} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)
Task: {F875A22F-1A8E-41B4-A78C-57D4F72659A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Re-Markable Update.job => C:\Program Files (x86)\ver1Re-Markable\t8Re-MarkableT64.exe
Task: C:\Windows\Tasks\WinZipDriverUpdater_UPDATES.job => C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2005-07-12 23:58 - 2005-07-12 23:58 - 00365568 _____ () C:\Windows\System32\dlcjlmpm.dll
2012-03-21 04:30 - 2012-03-21 04:30 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-06-07 06:16 - 2013-06-07 06:16 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2010-02-28 02:33 - 2010-02-28 02:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-01 07:31 - 2014-03-01 07:31 - 00484936 _____ () C:\Windows\SysWOW64\ezUPBHook32.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_0OLFavIE91284348923
AlternateDataStreams: C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_1OCalFavIE91545382048
AlternateDataStreams: C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_2PeopleFav-510560096
AlternateDataStreams: C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_3SkyDriveFav-324886575
AlternateDataStreams: C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_4OLFavIE91410631431

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2335087299-416370035-993193814-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{2AD5A21F-F97C-49E2-B21A-3F75300C7486}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E8AF0ECB-47C4-48C4-8771-688D789C88EB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{61F5C836-73E7-4F03-A837-2AE04E5CD657}] => (Allow) LPort=2869
FirewallRules: [{DBA3DF77-54B7-47EE-8896-8C582167E40C}] => (Allow) LPort=1900
FirewallRules: [{85887DEE-AACE-48A5-9BA2-2E99CFA12B54}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E87B6EEB-D76F-4A8B-A1F6-C008C0E63C8E}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{CD53AD27-9998-4C7C-8966-0480840D526E}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [{B17331D3-05A6-4252-9D0B-9367564D3835}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
FirewallRules: [{42F83011-ECEA-49C2-AC4E-9544DBE0B7D0}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{588D1C66-339A-49D0-B94D-FBC4D3D48FB7}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{4C91D21C-D962-485A-A667-92BDE386E619}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{6A6C38E4-C94C-4B35-8EF4-6D8A6FF4CBEA}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{EF24F5A3-CAC9-49DD-B0CE-7F0E025C68BA}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{56B7AFF5-B339-4A10-92EC-14409EAA7739}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{38F8F7A6-2259-4634-B780-86A4D2ACE25E}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{7CF8603B-63D9-4767-90EC-96E925352764}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{534AAC24-C121-46BF-B8C8-6254A526095B}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [TCP Query User{B3DF8C0A-BBF6-425A-9D61-9483FF8C35F4}C:\program files (x86)\imesh applications\imesh\imesh.exe] => (Block) C:\program files (x86)\imesh applications\imesh\imesh.exe
FirewallRules: [UDP Query User{B2E0D3A5-B9D2-491A-9E84-CD2C6825FA53}C:\program files (x86)\imesh applications\imesh\imesh.exe] => (Block) C:\program files (x86)\imesh applications\imesh\imesh.exe
FirewallRules: [{271C8BDF-2EFF-4825-8202-49BB0601D9E7}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe
FirewallRules: [{9A64DA4B-6357-489E-9D0B-8FB8498D8D36}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe
FirewallRules: [{57428D02-9522-45A0-BBEE-AFA63988D8E3}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~2\IE\dtuser.exe
FirewallRules: [{669E8D33-18DB-46AF-9B82-7065B2DAD0EF}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~2\IE\dtuser.exe
FirewallRules: [{34482316-6126-4CC7-B045-374C63F8E4F5}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~3\IE\dtuser.exe
FirewallRules: [{638F67E4-0E2A-4CE5-AEE6-16F1DFCEAC29}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~3\IE\dtuser.exe
FirewallRules: [{390FA873-A8A6-456A-AD3B-EDF34C3812C8}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~4\IE\dtuser.exe
FirewallRules: [{92C79CE7-689F-42D9-9841-96BC0A4AC35C}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~4\IE\dtuser.exe
FirewallRules: [{2D4BBE47-1E58-4CBC-AEB6-697B8B864F8A}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~1\IE\dtuser.exe
FirewallRules: [{225E13F4-5966-498C-85A6-B706A3428069}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~1\IE\dtuser.exe
FirewallRules: [{1ADA4650-0E09-419A-9125-7A0734E57EF8}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~2\IE\dtuser.exe
FirewallRules: [{4685489F-65FE-41BD-88E7-BBFA35B42364}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~2\IE\dtuser.exe
FirewallRules: [{E11FCAD3-3A75-4453-9BAD-C319386F9E5B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{86C3B2B8-B85D-4648-98CC-8ED0481B179D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{67EC46F5-1A52-4507-A5D8-91080DE3FB28}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{77DE10DF-0F0E-4DF9-8C6E-10B656590D73}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{546A2067-FE26-4499-AF7D-83A4B373BB58}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~3\IE\dtuser.exe
FirewallRules: [{36390584-1637-4278-866A-B6BDD5377765}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~3\IE\dtuser.exe
FirewallRules: [{389E39AD-FDDF-4C0A-B4E9-A6CD5BF9E753}] => (Allow) C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe
FirewallRules: [{24DEE0E0-BBB5-4A1F-BEDD-150BCF60DA1F}] => (Allow) C:\Users\Mona\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{E10FFDC0-D9EA-4A00-9AB2-DBBDD1BCA648}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CE83DE34-24CF-4F65-BC43-B5BDFE235E05}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: F06DEFF2-5B9C-490D-910F-35D3A9119622
Description: F06DEFF2-5B9C-490D-910F-35D3A9119622
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: F06DEFF2-5B9C-490D-910F-35D3A9119622
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/29/2015 03:23:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2824

Error: (09/29/2015 03:23:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2824

Error: (09/29/2015 03:23:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/29/2015 03:23:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1498

Error: (09/29/2015 03:23:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1498

Error: (09/29/2015 03:23:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/29/2015 02:54:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7951511

Error: (09/29/2015 02:54:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7951511

Error: (09/29/2015 02:54:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/29/2015 02:54:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7950497


Systemfehler:
=============
Error: (09/29/2015 11:47:35 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
F06DEFF2-5B9C-490D-910F-35D3A9119622

Error: (09/29/2015 11:47:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Bandoo Coordinator" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/29/2015 11:46:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MotionScriptSprite.exe" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/29/2015 11:46:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DOSImportStart.exe" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/29/2015 11:46:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DebugLogTooltip.exe" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/29/2015 11:46:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppFrozenPrivacy.exe" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/29/2015 11:46:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.

Error: (09/26/2015 01:02:37 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Sicherheitscenter" wurde mit folgendem Fehler beendet: 
%%1747

Error: (09/26/2015 01:02:36 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: Fehler beim Starten des Assistenten für das Sprachpaket-Setup. Führen Sie einen Neustart des Systems aus, und führen Sie den Assistenten erneut aus.

Error: (09/26/2015 01:02:36 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b


==================== Speicherinformationen =========================== 

Prozessor: AMD A6-4400M APU with Radeon(tm) HD Graphics 
Prozentuale Nutzung des RAM: 50%
Installierter physikalischer RAM: 3554.36 MB
Verfügbarer physikalischer RAM: 1753.32 MB
Summe virtueller Speicher: 7106.93 MB
Verfügbarer virtueller Speicher: 4702.61 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:443 GB) (Free:362.6 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]
Drive d: (Recovery) (Fixed) (Total:22.47 GB) (Free:2.36 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F15014C2)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=443 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== Ende von Addition.txt ============================

smayate · 29.09.2015, 15:23

Code:

ATTFilter

15:58:40.0243 0x1158  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
15:58:57.0301 0x1158  ============================================================
15:58:57.0301 0x1158  Current date / time: 2015/09/29 15:58:57.0301
15:58:57.0301 0x1158  SystemInfo:
15:58:57.0301 0x1158  
15:58:57.0301 0x1158  OS Version: 6.1.7601 ServicePack: 1.0
15:58:57.0301 0x1158  Product type: Workstation
15:58:57.0301 0x1158  ComputerName: HP_MONA
15:58:57.0301 0x1158  UserName: Mona
15:58:57.0301 0x1158  Windows directory: C:\Windows
15:58:57.0301 0x1158  System windows directory: C:\Windows
15:58:57.0301 0x1158  Running under WOW64
15:58:57.0301 0x1158  Processor architecture: Intel x64
15:58:57.0302 0x1158  Number of processors: 2
15:58:57.0302 0x1158  Page size: 0x1000
15:58:57.0302 0x1158  Boot type: Normal boot
15:58:57.0302 0x1158  ============================================================
15:58:58.0014 0x1158  KLMD registered as C:\Windows\system32\drivers\02598962.sys
15:58:59.0529 0x1158  System UUID: {1D36284C-5217-91E6-567A-68EB5C84D1C4}
15:59:00.0544 0x1158  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:59:00.0632 0x1158  ============================================================
15:59:00.0632 0x1158  \Device\Harddisk0\DR0:
15:59:00.0644 0x1158  MBR partitions:
15:59:00.0644 0x1158  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
15:59:00.0644 0x1158  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x375FD800
15:59:00.0644 0x1158  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x37661800, BlocksNum 0x2CF0800
15:59:00.0644 0x1158  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33800
15:59:00.0644 0x1158  ============================================================
15:59:00.0665 0x1158  C: <-> \Device\Harddisk0\DR0\Partition2
15:59:00.0722 0x1158  D: <-> \Device\Harddisk0\DR0\Partition3
15:59:00.0739 0x1158  F: <-> \Device\Harddisk0\DR0\Partition4
15:59:00.0739 0x1158  ============================================================
15:59:00.0739 0x1158  Initialize success
15:59:00.0740 0x1158  ============================================================
16:02:22.0532 0x14f0  ============================================================
16:02:22.0532 0x14f0  Scan started
16:02:22.0532 0x14f0  Mode: Manual; SigCheck; TDLFS; 
16:02:22.0532 0x14f0  ============================================================
16:02:22.0532 0x14f0  KSN ping started
16:02:36.0354 0x14f0  KSN ping finished: true
16:02:36.0822 0x14f0  ================ Scan system memory ========================
16:02:36.0822 0x14f0  System memory - ok
16:02:36.0822 0x14f0  ================ Scan services =============================
16:02:36.0993 0x14f0  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:02:37.0071 0x14f0  1394ohci - ok
16:02:37.0118 0x14f0  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] 51cdb72         C:\Windows\system32\rundll32.exe
16:02:37.0134 0x14f0  51cdb72 - ok
16:02:37.0165 0x14f0  [ 899B7E724BF19F17978B6A37B864A277, F7D166DC5F7642D4B834B1E0D956929BA94F3E4D402989FC1A681A08FA1F86B6 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
16:02:37.0196 0x14f0  Accelerometer - ok
16:02:37.0243 0x14f0  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:02:37.0274 0x14f0  ACPI - ok
16:02:37.0305 0x14f0  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:02:37.0321 0x14f0  AcpiPmi - ok
16:02:37.0461 0x14f0  [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:02:37.0508 0x14f0  AdobeARMservice - ok
16:02:37.0602 0x14f0  [ C6D147C12C424373B016C0AB0A6C61EB, 043D44F3C942CFC3558E782938C26849BF648A58A7AA62C4A526E37DE4136C27 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:02:37.0633 0x14f0  AdobeFlashPlayerUpdateSvc - ok
16:02:37.0711 0x14f0  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:02:37.0742 0x14f0  adp94xx - ok
16:02:37.0789 0x14f0  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:02:37.0804 0x14f0  adpahci - ok
16:02:37.0836 0x14f0  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:02:37.0851 0x14f0  adpu320 - ok
16:02:37.0867 0x14f0  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:02:37.0914 0x14f0  AeLookupSvc - ok
16:02:37.0945 0x14f0  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
16:02:37.0976 0x14f0  AFD - ok
16:02:38.0007 0x14f0  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
16:02:38.0007 0x14f0  agp440 - ok
16:02:38.0023 0x14f0  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
16:02:38.0038 0x14f0  ALG - ok
16:02:38.0085 0x14f0  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:02:38.0101 0x14f0  aliide - ok
16:02:38.0132 0x14f0  [ 6DB9EAD84DF457C198FB05C0ECD9F065, 49E8DC4CA0C33126FD5BBE43D4C181D872FA2E5B6CC42B0EBB905E1FF33B81CA ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:02:38.0148 0x14f0  AMD External Events Utility - ok
16:02:38.0210 0x14f0  AMD FUEL Service - ok
16:02:38.0257 0x14f0  [ 2EF1BA6D5DC79FCE5E9216C8C2D3F193, E59E79AF44878AAC09DF5DE8CEDB9088800711553C7C7E358328274C116B46F9 ] amdhub30        C:\Windows\system32\drivers\amdhub30.sys
16:02:38.0288 0x14f0  amdhub30 - ok
16:02:38.0319 0x14f0  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:02:38.0335 0x14f0  amdide - ok
16:02:38.0366 0x14f0  [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64        C:\Windows\system32\drivers\amdiox64.sys
16:02:38.0382 0x14f0  amdiox64 - ok
16:02:38.0413 0x14f0  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
16:02:38.0428 0x14f0  AmdK8 - ok
16:02:39.0193 0x14f0  [ 412F818740EF8BAEABDC2FE93B012C2F, 6AE99D055BF168BE98737727C9D9CBD0D0496D86AF5A8C7E13F76D7CE8FF32AC ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:02:39.0458 0x14f0  amdkmdag - ok
16:02:39.0536 0x14f0  [ F5813195AC4F235DBEA6349DF6CA1E5D, EEACC1410668D253FEE026FD9303AEAD22D30611E64AAA18B31234C92DCC8B7A ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
16:02:39.0552 0x14f0  amdkmdap - ok
16:02:39.0598 0x14f0  [ 554FB0F28C411FB1EAFD4EA46A8CAAA4, 99DB7282E1DC0E0E0C0B82873A94F8FCAC8883297665EE5D242D34A4D0705C89 ] amdkmpfd        C:\Windows\system32\drivers\amdkmpfd.sys
16:02:39.0614 0x14f0  amdkmpfd - ok
16:02:39.0614 0x14f0  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
16:02:39.0630 0x14f0  AmdPPM - ok
16:02:39.0661 0x14f0  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:02:39.0676 0x14f0  amdsata - ok
16:02:39.0708 0x14f0  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:02:39.0723 0x14f0  amdsbs - ok
16:02:39.0739 0x14f0  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:02:39.0754 0x14f0  amdxata - ok
16:02:39.0770 0x14f0  [ 541A6C49C792ED71FB3EFF8C815CFE60, BC8D740C980CA60C06364CB75BDA323A1604C4CFAF753FD8C44D2FF312C6C7E1 ] amdxhc          C:\Windows\system32\drivers\amdxhc.sys
16:02:39.0786 0x14f0  amdxhc - ok
16:02:39.0801 0x14f0  [ A1434F35B7B171CB697D74D33F7D029F, 97688D8C388066D02036DEF388AD7D8BE55DB268185CECE88128195D87422496 ] amd_sata        C:\Windows\system32\drivers\amd_sata.sys
16:02:39.0817 0x14f0  amd_sata - ok
16:02:39.0832 0x14f0  [ E9B5A82FA268BB2D1B012030D5F4E096, 9EBE4DD2B86EE62D5E47ED85FC6271FE66A5A564227C7C8B7A576FD54A2CFACB ] amd_xata        C:\Windows\system32\drivers\amd_xata.sys
16:02:39.0848 0x14f0  amd_xata - ok
16:02:40.0051 0x14f0  [ 9FE1AC875A7AD7B7FF28FEC8B754968D, EEE04D4073E49332C85028B62E8A035EAA2284526A3F3820133492C8F8CBA3D5 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
16:02:40.0082 0x14f0  AntiVirMailService - ok
16:02:40.0176 0x14f0  [ E20B4F23EB153635D67944F63454EC84, FEE76A74767CDB33415C64F08AE1FF248F505AF22C1F1BA1EBB5CC6A75E3926F ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:02:40.0207 0x14f0  AntiVirSchedulerService - ok
16:02:40.0300 0x14f0  [ E20B4F23EB153635D67944F63454EC84, FEE76A74767CDB33415C64F08AE1FF248F505AF22C1F1BA1EBB5CC6A75E3926F ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:02:40.0332 0x14f0  AntiVirService - ok
16:02:40.0503 0x14f0  [ D9A8EE3F4A1E604B9315B34A5AA4569E, 287BA8FA1949646E03D39F36F50C016251358A8A454EE19D249E76A723F1455E ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
16:02:40.0550 0x14f0  AntiVirWebService - ok
16:02:40.0628 0x14f0  AppFrozenPrivacy.exe - ok
16:02:40.0675 0x14f0  [ A0711D119BA4B48A1470C768D301013E, 536366F809125D2C2171597C8C2CB3271BE5C6B373152112E0D970749776E00A ] AppID           C:\Windows\system32\drivers\appid.sys
16:02:40.0706 0x14f0  AppID - ok
16:02:40.0722 0x14f0  [ 173C90AF5B243B4DD86F95CA154CB58A, 349F566DADC96B31FDC34C4F26545FB880844DBF84E5821AA0D0CAA91FB837E1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:02:40.0737 0x14f0  AppIDSvc - ok
16:02:40.0784 0x14f0  [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo         C:\Windows\System32\appinfo.dll
16:02:40.0800 0x14f0  Appinfo - ok
16:02:40.0862 0x14f0  [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:02:40.0862 0x14f0  Apple Mobile Device - ok
16:02:40.0909 0x14f0  [ BC6526297C2E1377949F79A3AC622BAD, D3710E13B584CE847497E9959577B6C38C632DA0D1F75579C0F4B419250BB10A ] APXACC          C:\Windows\system32\DRIVERS\appexDrv.sys
16:02:40.0909 0x14f0  APXACC - ok
16:02:40.0956 0x14f0  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
16:02:40.0956 0x14f0  arc - ok
16:02:40.0971 0x14f0  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:02:40.0987 0x14f0  arcsas - ok
16:02:41.0096 0x14f0  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:02:41.0143 0x14f0  aspnet_state - ok
16:02:41.0174 0x14f0  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:02:41.0205 0x14f0  AsyncMac - ok
16:02:41.0236 0x14f0  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:02:41.0252 0x14f0  atapi - ok
16:02:41.0299 0x14f0  [ 2B3B05C0A7768BF033217EB8F33F9C35, F7B13158440CAE46EC93F29BA47A960194A5A2AD71B5BF628AF4661CEE096402 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
16:02:41.0299 0x14f0  AtiHDAudioService - ok
16:02:41.0392 0x14f0  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:02:41.0424 0x14f0  AudioEndpointBuilder - ok
16:02:41.0470 0x14f0  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:02:41.0502 0x14f0  AudioSrv - ok
16:02:41.0548 0x14f0  [ 24843902369DC82B4691F816F08F2938, 330E22C6007B10FE9C232BBCA2F388ADA17DEDBAA11BEC2A70377A4466DFB6FA ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
16:02:41.0564 0x14f0  avgntflt - ok
16:02:41.0626 0x14f0  [ 043E5F34C3878C844568658B79B3E55C, D13D8FC5205562E02F252C0EE1AB2236C9212445D6EC3715041EBDF993CB467F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
16:02:41.0658 0x14f0  avipbb - ok
16:02:41.0767 0x14f0  [ 24680B56D862F1DE30C13FC64B80F568, 4B30EB73369691B915F5615E1BF6C95B070E184BC42BCC505C94410014A04EB3 ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
16:02:41.0782 0x14f0  Avira.ServiceHost - ok
16:02:41.0845 0x14f0  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
16:02:41.0860 0x14f0  avkmgr - ok
16:02:41.0923 0x14f0  [ 13253E5E3B6BDF945B63B336A8C9489B, 671C716E43F89D4BDDAA2BE045CDEBBB569C85BC2BA334E1F550187B79A7740D ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
16:02:41.0954 0x14f0  avnetflt - ok
16:02:42.0001 0x14f0  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:02:42.0016 0x14f0  AxInstSV - ok
16:02:42.0079 0x14f0  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
16:02:42.0126 0x14f0  b06bdrv - ok
16:02:42.0172 0x14f0  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:02:42.0188 0x14f0  b57nd60a - ok
16:02:42.0235 0x14f0  Bandoo Coordinator - ok
16:02:42.0344 0x14f0  [ BC9E4469FE2CE605902D4C8BB09E8236, 13C906DEE487E46037F6DAB82CD65B49CECCA8A7BAC9E1FFD34767AA288A9B76 ] bcbtums         C:\Windows\system32\drivers\bcbtums.sys
16:02:42.0360 0x14f0  bcbtums - ok
16:02:42.0750 0x14f0  [ D41E6CCB9752F551049D2E0C437DD03D, 25D021CDE719CDFCF3645457DFE4D30248C5EBC943D9FEACE4D1B8DEAEFE2C7A ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
16:02:42.0874 0x14f0  BCM43XX - ok
16:02:42.0921 0x14f0  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:02:42.0937 0x14f0  BDESVC - ok
16:02:42.0984 0x14f0  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:02:43.0030 0x14f0  Beep - ok
16:02:43.0077 0x14f0  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
16:02:43.0124 0x14f0  BFE - ok
16:02:43.0171 0x14f0  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
16:02:43.0233 0x14f0  BITS - ok
16:02:43.0264 0x14f0  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
16:02:43.0280 0x14f0  blbdrive - ok
16:02:43.0358 0x14f0  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:02:43.0389 0x14f0  Bonjour Service - ok
16:02:43.0420 0x14f0  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:02:43.0436 0x14f0  bowser - ok
16:02:43.0467 0x14f0  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
16:02:43.0483 0x14f0  BrFiltLo - ok
16:02:43.0498 0x14f0  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
16:02:43.0498 0x14f0  BrFiltUp - ok
16:02:43.0530 0x14f0  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
16:02:43.0545 0x14f0  Browser - ok
16:02:43.0623 0x14f0  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:02:43.0670 0x14f0  Brserid - ok
16:02:43.0686 0x14f0  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:02:43.0701 0x14f0  BrSerWdm - ok
16:02:43.0717 0x14f0  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:02:43.0732 0x14f0  BrUsbMdm - ok
16:02:43.0732 0x14f0  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:02:43.0748 0x14f0  BrUsbSer - ok
16:02:43.0779 0x14f0  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
16:02:43.0795 0x14f0  BthEnum - ok
16:02:43.0826 0x14f0  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:02:43.0842 0x14f0  BTHMODEM - ok
16:02:43.0873 0x14f0  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
16:02:43.0888 0x14f0  BthPan - ok
16:02:43.0982 0x14f0  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
16:02:44.0013 0x14f0  BTHPORT - ok
16:02:44.0044 0x14f0  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
16:02:44.0076 0x14f0  bthserv - ok
16:02:44.0091 0x14f0  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
16:02:44.0107 0x14f0  BTHUSB - ok
16:02:44.0169 0x14f0  [ 93F0E54C65EF7FCB56287FA685E4C4B7, FF8644C2F9DC4CDB1BDBD7C25968225769B2DAE7E063BE0FEDCD51809C48CB4D ] btwampfl        C:\Windows\system32\drivers\btwampfl.sys
16:02:44.0200 0x14f0  btwampfl - ok
16:02:44.0232 0x14f0  [ D1F3C58892C621935947C0261BAEF3C0, AEDAF86A78F615C9124A968568FAA41AA145E6AAE910AB16E370B83BC67BB603 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
16:02:44.0263 0x14f0  btwaudio - ok
16:02:44.0310 0x14f0  [ 9C7A3858D87F3A2574C1D326CA6C1461, EA98D1DE3E1BF3BB952FC11511082EC1D398B448C712141B7FC35AFB7E40C4E5 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
16:02:44.0325 0x14f0  btwavdt - ok
16:02:44.0450 0x14f0  [ CE6AD9E2874D19069569F03C819B558C, 719326983BC442B416651DB51DD20AA32455B93A79C48B386913296F65B50E6F ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:02:44.0481 0x14f0  btwdins - ok
16:02:44.0512 0x14f0  [ AC602E3B6940B48E454D90545D85E8C3, EA178018C7EF6B99D7F1E68314DD9E54EFBDEADD9EF649E46975E546956232A9 ] BTWDPAN         C:\Windows\system32\DRIVERS\btwdpan.sys
16:02:44.0528 0x14f0  BTWDPAN - ok
16:02:44.0528 0x14f0  [ B1ACFD00CDD13B48D86F46BFEC153BF9, CD7BE27D93364735511CC714B85CB7D97E21E84E3C2361EC405BADAAEA550925 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
16:02:44.0544 0x14f0  btwl2cap - ok
16:02:44.0575 0x14f0  [ BB892C59D453E127797F8C5B203678DC, 9ED6E44B1E1050F275BEDE733970F455867147F6EC08CD6522E5AA2F55CB5B71 ] btwrchid        C:\Windows\system32\drivers\btwrchid.sys
16:02:44.0590 0x14f0  btwrchid - ok
16:02:44.0762 0x14f0  [ FECA9F830A5C6BAB9978E6781A26AE2B, CA1681A2F4FA849815B8E823805E078DB9C050CEE86E9E394B2A37B57CC474A6 ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
16:02:44.0809 0x14f0  c2cautoupdatesvc - ok
16:02:44.0934 0x14f0  [ 5B33709F7FE59BB625F113EED86AFC5C, 8D29FE242D55526FDEB2CB4009B5DE19C93972E872BE6328AD3305E360A3D44B ] c2cpnrsvc       C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
16:02:44.0996 0x14f0  c2cpnrsvc - ok
16:02:45.0027 0x14f0  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:02:45.0058 0x14f0  cdfs - ok
16:02:45.0090 0x14f0  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
16:02:45.0105 0x14f0  cdrom - ok
16:02:45.0136 0x14f0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:02:45.0183 0x14f0  CertPropSvc - ok
16:02:45.0199 0x14f0  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
16:02:45.0214 0x14f0  circlass - ok
16:02:45.0277 0x14f0  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
16:02:45.0292 0x14f0  CLFS - ok
16:02:45.0339 0x14f0  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:02:45.0355 0x14f0  clr_optimization_v2.0.50727_32 - ok
16:02:45.0402 0x14f0  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:02:45.0433 0x14f0  clr_optimization_v2.0.50727_64 - ok
16:02:45.0495 0x14f0  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:02:45.0526 0x14f0  clr_optimization_v4.0.30319_32 - ok
16:02:45.0558 0x14f0  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:02:45.0573 0x14f0  clr_optimization_v4.0.30319_64 - ok
16:02:45.0620 0x14f0  [ 50F92C943F18B070F166D019DFAB3D9A, A997EAFFC1598B1D0A9E1A4475F25418CA8AA6B703B53A71B1AF028E247C9950 ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
16:02:45.0636 0x14f0  clwvd - ok
16:02:45.0667 0x14f0  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
16:02:45.0682 0x14f0  CmBatt - ok
16:02:45.0698 0x14f0  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:02:45.0714 0x14f0  cmdide - ok
16:02:45.0760 0x14f0  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
16:02:45.0792 0x14f0  CNG - ok
16:02:45.0838 0x14f0  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
16:02:45.0838 0x14f0  Compbatt - ok
16:02:45.0870 0x14f0  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:02:45.0885 0x14f0  CompositeBus - ok
16:02:45.0901 0x14f0  COMSysApp - ok
16:02:45.0916 0x14f0  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
16:02:45.0932 0x14f0  crcdisk - ok
16:02:45.0979 0x14f0  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:02:45.0994 0x14f0  CryptSvc - ok
16:02:46.0104 0x14f0  [ B4D1D62A09F09CB2DFD55628350CDAFB, 7DD3CE77D88B5AFAC4B6187F4CA6D50B7BD3398207163B2A1E4C76467801FF28 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
16:02:46.0182 0x14f0  cvhsvc - ok
16:02:46.0260 0x14f0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:02:46.0306 0x14f0  DcomLaunch - ok
16:02:46.0322 0x14f0  DebugLogTooltip.exe - ok
16:02:46.0353 0x14f0  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
16:02:46.0400 0x14f0  defragsvc - ok
16:02:46.0431 0x14f0  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:02:46.0462 0x14f0  DfsC - ok
16:02:46.0509 0x14f0  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:02:46.0540 0x14f0  Dhcp - ok
16:02:46.0556 0x14f0  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
16:02:46.0587 0x14f0  discache - ok
16:02:46.0618 0x14f0  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
16:02:46.0618 0x14f0  Disk - ok
16:02:46.0634 0x14f0  dlcj_device - ok
16:02:46.0665 0x14f0  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:02:46.0696 0x14f0  Dnscache - ok
16:02:46.0696 0x14f0  DOSImportStart.exe - ok
16:02:46.0743 0x14f0  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:02:46.0774 0x14f0  dot3svc - ok
16:02:46.0806 0x14f0  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
16:02:46.0837 0x14f0  DPS - ok
16:02:46.0884 0x14f0  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:02:46.0915 0x14f0  drmkaud - ok
16:02:46.0993 0x14f0  [ F59E2FE2687A5C30598F9099F318EB73, 80A0B1CC758BD3C4AEAB8E5804120D8A145F918B527F41DEF02A0E4EBE170F37 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:02:47.0102 0x14f0  DXGKrnl - ok
16:02:47.0133 0x14f0  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
16:02:47.0164 0x14f0  EapHost - ok
16:02:47.0336 0x14f0  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
16:02:47.0601 0x14f0  ebdrv - ok
16:02:47.0632 0x14f0  [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] EFS             C:\Windows\System32\lsass.exe
16:02:47.0664 0x14f0  EFS - ok
16:02:47.0773 0x14f0  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:02:47.0866 0x14f0  ehRecvr - ok
16:02:47.0882 0x14f0  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
16:02:47.0898 0x14f0  ehSched - ok
16:02:47.0944 0x14f0  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
16:02:47.0976 0x14f0  elxstor - ok
16:02:48.0007 0x14f0  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:02:48.0007 0x14f0  ErrDev - ok
16:02:48.0069 0x14f0  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
16:02:48.0116 0x14f0  EventSystem - ok
16:02:48.0147 0x14f0  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
16:02:48.0178 0x14f0  exfat - ok
16:02:48.0194 0x14f0  ezSharedSvc - ok
16:02:48.0210 0x14f0  F06DEFF2-5B9C-490D-910F-35D3A9119622 - ok
16:02:48.0225 0x14f0  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:02:48.0272 0x14f0  fastfat - ok
16:02:48.0334 0x14f0  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
16:02:48.0459 0x14f0  Fax - ok
16:02:48.0475 0x14f0  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
16:02:48.0490 0x14f0  fdc - ok
16:02:48.0522 0x14f0  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
16:02:48.0553 0x14f0  fdPHost - ok
16:02:48.0568 0x14f0  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:02:48.0600 0x14f0  FDResPub - ok
16:02:48.0631 0x14f0  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:02:48.0646 0x14f0  FileInfo - ok
16:02:48.0662 0x14f0  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:02:48.0693 0x14f0  Filetrace - ok
16:02:48.0709 0x14f0  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
16:02:48.0724 0x14f0  flpydisk - ok
16:02:48.0802 0x14f0  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:02:48.0834 0x14f0  FltMgr - ok
16:02:48.0943 0x14f0  [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache       C:\Windows\system32\FntCache.dll
16:02:49.0021 0x14f0  FontCache - ok
16:02:49.0068 0x14f0  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:02:49.0083 0x14f0  FontCache3.0.0.0 - ok
16:02:49.0208 0x14f0  [ 60BCE8BBD1C515007BB335ACEFBFC246, 263E55B718C34A308AE318A09A1A8F09D7AEC680D82B03AE1D258FC1707625FB ] FPLService      C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
16:02:49.0333 0x14f0  FPLService - ok
16:02:49.0348 0x14f0  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:02:49.0364 0x14f0  FsDepends - ok
16:02:49.0395 0x14f0  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:02:49.0395 0x14f0  Fs_Rec - ok
16:02:49.0442 0x14f0  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:02:49.0458 0x14f0  fvevol - ok
16:02:49.0504 0x14f0  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:02:49.0520 0x14f0  gagp30kx - ok
16:02:49.0551 0x14f0  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
16:02:49.0567 0x14f0  GamesAppService - ok
16:02:49.0645 0x14f0  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:02:49.0692 0x14f0  gpsvc - ok
16:02:49.0707 0x14f0  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:02:49.0723 0x14f0  hcw85cir - ok
16:02:49.0770 0x14f0  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:02:49.0801 0x14f0  HdAudAddService - ok
16:02:49.0832 0x14f0  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:02:49.0848 0x14f0  HDAudBus - ok
16:02:49.0863 0x14f0  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
16:02:49.0879 0x14f0  HidBatt - ok
16:02:49.0894 0x14f0  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:02:49.0910 0x14f0  HidBth - ok
16:02:49.0941 0x14f0  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
16:02:49.0957 0x14f0  HidIr - ok
16:02:49.0972 0x14f0  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
16:02:50.0004 0x14f0  hidserv - ok
16:02:50.0050 0x14f0  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:02:50.0097 0x14f0  HidUsb - ok
16:02:50.0113 0x14f0  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:02:50.0144 0x14f0  hkmsvc - ok
16:02:50.0175 0x14f0  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:02:50.0206 0x14f0  HomeGroupListener - ok
16:02:50.0222 0x14f0  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:02:50.0253 0x14f0  HomeGroupProvider - ok
16:02:50.0331 0x14f0  [ 77E81E788CC63E65272A7D247F441505, EA57947495A6FD5B6FCC06AD396AEEEEE44AA5EB924B1A4D71C81B1265120F7B ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
16:02:50.0362 0x14f0  HP Support Assistant Service - ok
16:02:50.0394 0x14f0  [ D104FF402FC3DDB686E6DEF00334DB26, 6CCE56587C02ECE474C6BF959C4A6F752A1FF0B718FBE8EE4FD9755313A207C1 ] hpdskflt        C:\Windows\system32\drivers\hpdskflt.sys
16:02:50.0394 0x14f0  hpdskflt - ok
16:02:50.0534 0x14f0  [ D2946D9F020AE76E9CEF9B4A6DF838C0, C29CE594879385DA12B8EAA90B258905827B613839CCD820DE49215B68676995 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
16:02:50.0674 0x14f0  hpqwmiex - ok
16:02:50.0721 0x14f0  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:02:50.0752 0x14f0  HpSAMD - ok
16:02:50.0784 0x14f0  [ 55FFCBB036D7BE4BCA6FA1421203A27F, 5BB865FC631390F59AF5F2452D4D2DA47E34A49E194C8010E942F5A2013F3895 ] hpsrv           C:\Windows\system32\Hpservice.exe
16:02:50.0784 0x14f0  hpsrv - ok
16:02:50.0830 0x14f0  [ 2BEC76BDCD1BC080210325E7B5094834, 9CD9DF5C974C20F38423B07063A4F44E533B3B4EF39E01AC701C04BFC5F3EC53 ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
16:02:50.0830 0x14f0  HPWMISVC - ok
16:02:50.0908 0x14f0  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:02:51.0049 0x14f0  HTTP - ok
16:02:51.0080 0x14f0  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:02:51.0096 0x14f0  hwpolicy - ok
16:02:51.0142 0x14f0  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:02:51.0174 0x14f0  i8042prt - ok
16:02:51.0236 0x14f0  [ D1753C06EE17E29352B065EACF3F10D0, 4DD4C991FAA3CCF99DF8DC9F8F5DEEDEECD55977F0C3AA8C404DEFD21E32A62B ] iaStor          C:\Windows\system32\drivers\iaStor.sys
16:02:51.0345 0x14f0  iaStor - ok
16:02:51.0392 0x14f0  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:02:51.0408 0x14f0  iaStorV - ok
16:02:51.0470 0x14f0  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:02:51.0564 0x14f0  idsvc - ok
16:02:51.0595 0x14f0  IEEtwCollectorService - ok
16:02:51.0610 0x14f0  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:02:51.0626 0x14f0  iirsp - ok
16:02:51.0704 0x14f0  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
16:02:51.0766 0x14f0  IKEEXT - ok
16:02:51.0782 0x14f0  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:02:51.0782 0x14f0  intelide - ok
16:02:51.0829 0x14f0  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
16:02:51.0844 0x14f0  intelppm - ok
16:02:51.0891 0x14f0  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:02:51.0922 0x14f0  IPBusEnum - ok
16:02:51.0954 0x14f0  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:02:51.0985 0x14f0  IpFilterDriver - ok
16:02:52.0032 0x14f0  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:02:52.0141 0x14f0  iphlpsvc - ok
16:02:52.0172 0x14f0  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:02:52.0188 0x14f0  IPMIDRV - ok
16:02:52.0219 0x14f0  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:02:52.0250 0x14f0  IPNAT - ok
16:02:52.0281 0x14f0  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:02:52.0297 0x14f0  IRENUM - ok
16:02:52.0312 0x14f0  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:02:52.0328 0x14f0  isapnp - ok
16:02:52.0344 0x14f0  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:02:52.0359 0x14f0  iScsiPrt - ok
16:02:52.0390 0x14f0  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
16:02:52.0406 0x14f0  kbdclass - ok
16:02:52.0437 0x14f0  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
16:02:52.0453 0x14f0  kbdhid - ok
16:02:52.0468 0x14f0  [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] KeyIso          C:\Windows\system32\lsass.exe
16:02:52.0484 0x14f0  KeyIso - ok
16:02:52.0531 0x14f0  [ 67A1743377EBB5D9A370A8C2086CFDCC, 2F0FD6C1969B1EEEEFFC1A8F972E1E90F1AD9558FF00EC159BC19ED927FD4BF5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:02:52.0546 0x14f0  KSecDD - ok
16:02:52.0578 0x14f0  [ 522A1595D5701800DD41B2D472F5AAED, B62924AE94A5AC454AD6057BC133D717BB1C6445BE36D6BECAB76E1600F60C33 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:02:52.0593 0x14f0  KSecPkg - ok
16:02:52.0640 0x14f0  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:02:52.0687 0x14f0  ksthunk - ok
16:02:52.0734 0x14f0  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:02:52.0765 0x14f0  KtmRm - ok
16:02:52.0827 0x14f0  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:02:52.0874 0x14f0  LanmanServer - ok
16:02:52.0890 0x14f0  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:02:52.0921 0x14f0  LanmanWorkstation - ok
16:02:52.0952 0x14f0  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:02:52.0983 0x14f0  lltdio - ok
16:02:53.0030 0x14f0  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:02:53.0077 0x14f0  lltdsvc - ok
16:02:53.0092 0x14f0  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:02:53.0124 0x14f0  lmhosts - ok
16:02:53.0155 0x14f0  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:02:53.0170 0x14f0  LSI_FC - ok
16:02:53.0202 0x14f0  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:02:53.0233 0x14f0  LSI_SAS - ok
16:02:53.0248 0x14f0  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
16:02:53.0264 0x14f0  LSI_SAS2 - ok
16:02:53.0280 0x14f0  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:02:53.0295 0x14f0  LSI_SCSI - ok
16:02:53.0326 0x14f0  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
16:02:53.0358 0x14f0  luafv - ok
16:02:53.0389 0x14f0  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:02:53.0404 0x14f0  Mcx2Svc - ok
16:02:53.0420 0x14f0  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
16:02:53.0436 0x14f0  megasas - ok
16:02:53.0482 0x14f0  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
16:02:53.0514 0x14f0  MegaSR - ok
16:02:53.0545 0x14f0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
16:02:53.0576 0x14f0  MMCSS - ok
16:02:53.0607 0x14f0  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
16:02:53.0638 0x14f0  Modem - ok
16:02:53.0670 0x14f0  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:02:53.0685 0x14f0  monitor - ok
16:02:53.0701 0x14f0  MotionScriptSprite.exe - ok
16:02:53.0748 0x14f0  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:02:53.0779 0x14f0  mouclass - ok
16:02:53.0794 0x14f0  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:02:53.0810 0x14f0  mouhid - ok
16:02:53.0841 0x14f0  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:02:53.0857 0x14f0  mountmgr - ok
16:02:53.0935 0x14f0  [ E96D4881189E3241A80EE54EFAB02E00, 13DC3174A2A5CF20C63C3EA5E2FF4060B15B40B02CCB29B41EC7A53047B69D9F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:02:53.0966 0x14f0  MozillaMaintenance - ok
16:02:54.0028 0x14f0  [ 73150F67D20270FF95A021A22E64F28A, A8878DEFBE437FB453F8E9243FB5C787D07AC7415A4475388D479C10417C524F ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
16:02:54.0060 0x14f0  MpFilter - ok
16:02:54.0091 0x14f0  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:02:54.0106 0x14f0  mpio - ok
16:02:54.0138 0x14f0  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:02:54.0169 0x14f0  mpsdrv - ok
16:02:54.0216 0x14f0  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:02:54.0372 0x14f0  MpsSvc - ok
16:02:54.0403 0x14f0  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:02:54.0434 0x14f0  MRxDAV - ok
16:02:54.0465 0x14f0  [ B2081803D510DCE174992BA880EDCA70, 37DB53C9756EC03EB7165DEB58251615D70B7C86DF32A54DE25ADAF30A04D792 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:02:54.0481 0x14f0  mrxsmb - ok
16:02:54.0559 0x14f0  [ 552FA62B0EFECD22D8D52499324BCA4F, C3A02C9C30C36928AC7B1025496544967187A05BEF5D100B54F2C0155E47145C ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:02:54.0590 0x14f0  mrxsmb10 - ok
16:02:54.0621 0x14f0  [ 97687971F9CB30E2633DE0F1296B9F61, 865DA87523E4C32D65D55D5475A5CDDFA10699780DA500E6D606384FB3BEB1BE ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:02:54.0637 0x14f0  mrxsmb20 - ok
16:02:54.0652 0x14f0  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:02:54.0668 0x14f0  msahci - ok
16:02:54.0746 0x14f0  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:02:54.0762 0x14f0  msdsm - ok
16:02:54.0824 0x14f0  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
16:02:54.0855 0x14f0  MSDTC - ok
16:02:54.0886 0x14f0  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:02:54.0918 0x14f0  Msfs - ok
16:02:54.0933 0x14f0  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:02:54.0964 0x14f0  mshidkmdf - ok
16:02:54.0996 0x14f0  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:02:54.0996 0x14f0  msisadrv - ok
16:02:55.0027 0x14f0  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:02:55.0058 0x14f0  MSiSCSI - ok
16:02:55.0074 0x14f0  msiserver - ok
16:02:55.0105 0x14f0  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:02:55.0136 0x14f0  MSKSSRV - ok
16:02:55.0183 0x14f0  [ CE996C1821021ADF8E28E80A54E846A8, 99042E895B6C2EA80F3BA65563A12C8EBA882E3AD6A21DD8E799B0112C75DDD2 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:02:55.0214 0x14f0  MsMpSvc - ok
16:02:55.0214 0x14f0  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:02:55.0245 0x14f0  MSPCLOCK - ok
16:02:55.0261 0x14f0  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:02:55.0292 0x14f0  MSPQM - ok
16:02:55.0354 0x14f0  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:02:55.0370 0x14f0  MsRPC - ok
16:02:55.0417 0x14f0  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:02:55.0432 0x14f0  mssmbios - ok
16:02:55.0464 0x14f0  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:02:55.0495 0x14f0  MSTEE - ok
16:02:55.0510 0x14f0  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
16:02:55.0526 0x14f0  MTConfig - ok
16:02:55.0542 0x14f0  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
16:02:55.0557 0x14f0  Mup - ok
16:02:55.0588 0x14f0  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
16:02:55.0635 0x14f0  napagent - ok
16:02:55.0698 0x14f0  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:02:55.0713 0x14f0  NativeWifiP - ok
16:02:55.0807 0x14f0  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:02:55.0916 0x14f0  NDIS - ok
16:02:55.0963 0x14f0  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:02:55.0994 0x14f0  NdisCap - ok
16:02:56.0010 0x14f0  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:02:56.0056 0x14f0  NdisTapi - ok
16:02:56.0072 0x14f0  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:02:56.0103 0x14f0  Ndisuio - ok
16:02:56.0150 0x14f0  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:02:56.0197 0x14f0  NdisWan - ok
16:02:56.0212 0x14f0  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:02:56.0244 0x14f0  NDProxy - ok
16:02:56.0290 0x14f0  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:02:56.0322 0x14f0  NetBIOS - ok
16:02:56.0368 0x14f0  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:02:56.0400 0x14f0  NetBT - ok
16:02:56.0415 0x14f0  [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] Netlogon        C:\Windows\system32\lsass.exe
16:02:56.0431 0x14f0  Netlogon - ok
16:02:56.0478 0x14f0  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
16:02:56.0524 0x14f0  Netman - ok
16:02:56.0556 0x14f0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:02:56.0571 0x14f0  NetMsmqActivator - ok
16:02:56.0587 0x14f0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:02:56.0602 0x14f0  NetPipeActivator - ok
16:02:56.0680 0x14f0  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
16:02:56.0727 0x14f0  netprofm - ok
16:02:56.0743 0x14f0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:02:56.0758 0x14f0  NetTcpActivator - ok
16:02:56.0758 0x14f0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:02:56.0774 0x14f0  NetTcpPortSharing - ok
16:02:56.0821 0x14f0  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:02:56.0836 0x14f0  nfrd960 - ok
16:02:56.0868 0x14f0  [ 4774AD83C650001B337B92E5E5DA337B, 138ECC7F556D8A12AE58B78B68F6515BE4C00F9F062596B48B6CA6C010F13035 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:02:56.0883 0x14f0  NisDrv - ok
16:02:56.0914 0x14f0  [ 96B7D15161A778B359E707796CCEA646, 9E4A25D9848FAECC517474EAD548E7975CBE3F41AAA964E5245E78F2A723925E ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
16:02:56.0946 0x14f0  NisSrv - ok
16:02:56.0977 0x14f0  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:02:57.0024 0x14f0  NlaSvc - ok
16:02:57.0039 0x14f0  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:02:57.0070 0x14f0  Npfs - ok
16:02:57.0102 0x14f0  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
16:02:57.0133 0x14f0  nsi - ok
16:02:57.0148 0x14f0  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:02:57.0180 0x14f0  nsiproxy - ok
16:02:57.0273 0x14f0  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:02:57.0351 0x14f0  Ntfs - ok
16:02:57.0382 0x14f0  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
16:02:57.0414 0x14f0  Null - ok
16:02:57.0460 0x14f0  [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
16:02:57.0476 0x14f0  NVENETFD - ok
16:02:57.0507 0x14f0  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:02:57.0523 0x14f0  nvraid - ok
16:02:57.0585 0x14f0  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:02:57.0632 0x14f0  nvstor - ok
16:02:57.0679 0x14f0  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:02:57.0710 0x14f0  nv_agp - ok
16:02:57.0726 0x14f0  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:02:57.0741 0x14f0  ohci1394 - ok
16:02:57.0772 0x14f0  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:02:57.0788 0x14f0  ose - ok
16:02:58.0100 0x14f0  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:02:58.0334 0x14f0  osppsvc - ok
16:02:58.0365 0x14f0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:02:58.0396 0x14f0  p2pimsvc - ok
16:02:58.0428 0x14f0  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
16:02:58.0443 0x14f0  p2psvc - ok
16:02:58.0459 0x14f0  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
16:02:58.0474 0x14f0  Parport - ok
16:02:58.0506 0x14f0  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:02:58.0521 0x14f0  partmgr - ok
16:02:58.0568 0x14f0  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:02:58.0599 0x14f0  PcaSvc - ok
16:02:58.0693 0x14f0  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
16:02:58.0724 0x14f0  pci - ok
16:02:58.0740 0x14f0  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
16:02:58.0755 0x14f0  pciide - ok
16:02:58.0786 0x14f0  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:02:58.0802 0x14f0  pcmcia - ok
16:02:58.0818 0x14f0  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:02:58.0833 0x14f0  pcw - ok
16:02:58.0896 0x14f0  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:02:59.0036 0x14f0  PEAUTH - ok
16:02:59.0083 0x14f0  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:02:59.0114 0x14f0  PerfHost - ok
16:02:59.0192 0x14f0  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
16:02:59.0270 0x14f0  pla - ok
16:02:59.0332 0x14f0  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:02:59.0364 0x14f0  PlugPlay - ok
16:02:59.0395 0x14f0  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:02:59.0410 0x14f0  PNRPAutoReg - ok
16:02:59.0488 0x14f0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:02:59.0520 0x14f0  PNRPsvc - ok
16:02:59.0566 0x14f0  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:02:59.0613 0x14f0  PolicyAgent - ok
16:02:59.0629 0x14f0  [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power           C:\Windows\system32\umpo.dll
16:02:59.0660 0x14f0  Power - ok
16:02:59.0691 0x14f0  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:02:59.0738 0x14f0  PptpMiniport - ok
16:02:59.0754 0x14f0  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
16:02:59.0769 0x14f0  Processor - ok
16:02:59.0800 0x14f0  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:02:59.0832 0x14f0  ProfSvc - ok
16:02:59.0847 0x14f0  [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:02:59.0863 0x14f0  ProtectedStorage - ok
16:02:59.0910 0x14f0  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:02:59.0972 0x14f0  Psched - ok
16:03:00.0050 0x14f0  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:03:00.0190 0x14f0  ql2300 - ok
16:03:00.0222 0x14f0  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:03:00.0253 0x14f0  ql40xx - ok
16:03:00.0284 0x14f0  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
16:03:00.0300 0x14f0  QWAVE - ok
16:03:00.0346 0x14f0  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:03:00.0362 0x14f0  QWAVEdrv - ok
16:03:00.0378 0x14f0  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:03:00.0409 0x14f0  RasAcd - ok
16:03:00.0440 0x14f0  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:03:00.0471 0x14f0  RasAgileVpn - ok
16:03:00.0502 0x14f0  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
16:03:00.0549 0x14f0  RasAuto - ok
16:03:00.0565 0x14f0  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:03:00.0596 0x14f0  Rasl2tp - ok
16:03:00.0658 0x14f0  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
16:03:00.0690 0x14f0  RasMan - ok
16:03:00.0721 0x14f0  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:03:00.0752 0x14f0  RasPppoe - ok
16:03:00.0768 0x14f0  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:03:00.0799 0x14f0  RasSstp - ok
16:03:00.0846 0x14f0  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:03:00.0892 0x14f0  rdbss - ok
16:03:00.0908 0x14f0  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
16:03:00.0924 0x14f0  rdpbus - ok
16:03:00.0939 0x14f0  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:03:00.0986 0x14f0  RDPCDD - ok
16:03:01.0017 0x14f0  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:03:01.0048 0x14f0  RDPENCDD - ok
16:03:01.0064 0x14f0  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:03:01.0095 0x14f0  RDPREFMP - ok
16:03:01.0158 0x14f0  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:03:01.0204 0x14f0  RdpVideoMiniport - ok
16:03:01.0236 0x14f0  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:03:01.0267 0x14f0  RDPWD - ok
16:03:01.0282 0x14f0  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:03:01.0314 0x14f0  rdyboost - ok
16:03:01.0329 0x14f0  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:03:01.0360 0x14f0  RemoteAccess - ok
16:03:01.0392 0x14f0  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:03:01.0438 0x14f0  RemoteRegistry - ok
16:03:01.0470 0x14f0  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
16:03:01.0485 0x14f0  RFCOMM - ok
16:03:01.0501 0x14f0  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:03:01.0548 0x14f0  RpcEptMapper - ok
16:03:01.0579 0x14f0  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
16:03:01.0594 0x14f0  RpcLocator - ok
16:03:01.0672 0x14f0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
16:03:01.0735 0x14f0  RpcSs - ok
16:03:01.0766 0x14f0  [ C855010A28099C6916123B28CA51351F, 386A0FD281471DCD94E5CE13FA247BE4376BB8359853771F28A24FE25DEAC4B7 ] RSBASTOR        C:\Windows\system32\DRIVERS\RtsBaStor.sys
16:03:01.0782 0x14f0  RSBASTOR - ok
16:03:01.0813 0x14f0  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:03:01.0844 0x14f0  rspndr - ok
16:03:01.0906 0x14f0  [ C5CD940EFFADE1F6246730BCA14E9FE6, 89DA870C50765D6E7344DCE56CDEB590BAC6927EA6C41B4F05B1C5C3D6ECA1FA ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
16:03:02.0031 0x14f0  RTL8167 - ok
16:03:02.0047 0x14f0  [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] SamSs           C:\Windows\system32\lsass.exe
16:03:02.0062 0x14f0  SamSs - ok
16:03:02.0094 0x14f0  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:03:02.0109 0x14f0  sbp2port - ok
16:03:02.0156 0x14f0  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:03:02.0187 0x14f0  SCardSvr - ok
16:03:02.0218 0x14f0  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:03:02.0250 0x14f0  scfilter - ok
16:03:02.0328 0x14f0  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
16:03:02.0374 0x14f0  Schedule - ok
16:03:02.0421 0x14f0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:03:02.0452 0x14f0  SCPolicySvc - ok
16:03:02.0484 0x14f0  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
16:03:02.0515 0x14f0  sdbus - ok
16:03:02.0577 0x14f0  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:03:02.0624 0x14f0  SDRSVC - ok
16:03:02.0686 0x14f0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:03:02.0733 0x14f0  secdrv - ok
16:03:02.0764 0x14f0  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
16:03:02.0796 0x14f0  seclogon - ok
16:03:02.0827 0x14f0  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
16:03:02.0858 0x14f0  SENS - ok
16:03:02.0889 0x14f0  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:03:02.0905 0x14f0  SensrSvc - ok
16:03:02.0936 0x14f0  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
16:03:02.0952 0x14f0  Serenum - ok
16:03:02.0967 0x14f0  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
16:03:02.0983 0x14f0  Serial - ok
16:03:03.0014 0x14f0  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:03:03.0014 0x14f0  sermouse - ok
16:03:03.0061 0x14f0  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
16:03:03.0092 0x14f0  SessionEnv - ok
16:03:03.0123 0x14f0  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:03:03.0139 0x14f0  sffdisk - ok
16:03:03.0154 0x14f0  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:03:03.0154 0x14f0  sffp_mmc - ok
16:03:03.0186 0x14f0  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:03:03.0201 0x14f0  sffp_sd - ok
16:03:03.0217 0x14f0  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
16:03:03.0232 0x14f0  sfloppy - ok
16:03:03.0279 0x14f0  [ 21AB491BBCC8C1B26FDC402A374AB196, DD973C9963C840200D153A15078152D499639730D065BB8122C6BE65D4372300 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
16:03:03.0404 0x14f0  Sftfs - ok
16:03:03.0466 0x14f0  [ 4E1BB8A9CCDB4BAF41F7F9A930EB121D, D994B20DACEB187BEB6530309E2185040B58105E4FD5AC1DA435712F9DE027D0 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
16:03:03.0576 0x14f0  sftlist - ok
16:03:03.0622 0x14f0  [ 3B8D43FEEFF7A187534DDDFD675FE123, 9308D5C552FE3AF1121A3F7B7595547C6B892FF500377953F3B623511D84698C ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
16:03:03.0654 0x14f0  Sftplay - ok
16:03:03.0685 0x14f0  [ F1D1B1DC7A8765A09D7640FBF8D20970, 72E59B04BC44DAFFB88987C16CF3F9DC35438B15879E102FD83013673E0DB66F ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
16:03:03.0700 0x14f0  Sftredir - ok
16:03:03.0732 0x14f0  [ B3B9ADE7F8C4AF0C20E712E040588543, 9A6BB11DA046BF6F0239952871263E148FAE91FB21065613645114B5FA054EC5 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
16:03:03.0763 0x14f0  Sftvol - ok
16:03:03.0794 0x14f0  [ CECFDE5D3701B2D914862F5E6C3DFE18, E7627F90630C306324A39DC3C652B37D255F90636AC19D3302EE5B85BD504BD5 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
16:03:03.0810 0x14f0  sftvsa - ok
16:03:03.0841 0x14f0  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:03:03.0888 0x14f0  SharedAccess - ok
16:03:03.0934 0x14f0  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:03:03.0981 0x14f0  ShellHWDetection - ok
16:03:04.0012 0x14f0  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
16:03:04.0028 0x14f0  SiSRaid2 - ok
16:03:04.0059 0x14f0  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:03:04.0075 0x14f0  SiSRaid4 - ok
16:03:04.0153 0x14f0  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:03:04.0184 0x14f0  SkypeUpdate - ok
16:03:04.0231 0x14f0  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:03:04.0262 0x14f0  Smb - ok
16:03:04.0278 0x14f0  [ 54A2D7457F6B13D9641D8BA2C92E9D6E, 381173BB8CA814548C6224110E5E452DF418D184D70A9C429F727C673FD8F38F ] SmbDrv          C:\Windows\system32\drivers\Smb_driver.sys
16:03:04.0293 0x14f0  SmbDrv - ok
16:03:04.0324 0x14f0  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:03:04.0340 0x14f0  SNMPTRAP - ok
16:03:04.0371 0x14f0  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:03:04.0387 0x14f0  spldr - ok
16:03:04.0418 0x14f0  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
16:03:04.0527 0x14f0  Spooler - ok
16:03:04.0699 0x14f0  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
16:03:04.0902 0x14f0  sppsvc - ok
16:03:04.0933 0x14f0  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:03:04.0964 0x14f0  sppuinotify - ok
16:03:05.0011 0x14f0  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:03:05.0042 0x14f0  srv - ok
16:03:05.0136 0x14f0  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:03:05.0167 0x14f0  srv2 - ok
16:03:05.0229 0x14f0  [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
16:03:05.0245 0x14f0  SrvHsfHDA - ok
16:03:05.0354 0x14f0  [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
16:03:05.0479 0x14f0  SrvHsfV92 - ok
16:03:05.0510 0x14f0  [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
16:03:05.0635 0x14f0  SrvHsfWinac - ok
16:03:05.0666 0x14f0  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:03:05.0682 0x14f0  srvnet - ok
16:03:05.0713 0x14f0  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:03:05.0760 0x14f0  SSDPSRV - ok
16:03:05.0775 0x14f0  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:03:05.0806 0x14f0  SstpSvc - ok
16:03:05.0884 0x14f0  [ 78AA0311C611F2537ACD4DD3C839E83D, 2E597D2F507AAA398AD0AE5D9A34794249DCBA00E391284F89BA91A16C82F957 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
16:03:05.0916 0x14f0  STacSV - ok
16:03:05.0947 0x14f0  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
16:03:05.0947 0x14f0  stexstor - ok
16:03:06.0056 0x14f0  [ 9F21BBDA0227A08C86175C2AB5F17F70, 0077CD130DFB69C236823EFED495E1D74D8368DD34C5EE6A8435FEADA4F9EB94 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
16:03:06.0150 0x14f0  STHDA - ok
16:03:06.0228 0x14f0  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
16:03:06.0337 0x14f0  stisvc - ok
16:03:06.0384 0x14f0  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:03:06.0399 0x14f0  swenum - ok
16:03:06.0430 0x14f0  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
16:03:06.0508 0x14f0  swprv - ok
16:03:06.0586 0x14f0  [ 50647FA8EFACB6C80FD29669FE9C1666, A1307C46B86F658BDAE29C34FEACFE841ABECDE1EA9A04B1A2C7C36295811FA3 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
16:03:06.0618 0x14f0  SynTP - ok
16:03:06.0742 0x14f0  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
16:03:06.0852 0x14f0  SysMain - ok
16:03:06.0898 0x14f0  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:03:06.0914 0x14f0  TabletInputService - ok
16:03:06.0992 0x14f0  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:03:07.0039 0x14f0  TapiSrv - ok
16:03:07.0054 0x14f0  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
16:03:07.0086 0x14f0  TBS - ok
16:03:07.0179 0x14f0  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:03:07.0304 0x14f0  Tcpip - ok
16:03:07.0398 0x14f0  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:03:07.0444 0x14f0  TCPIP6 - ok
16:03:07.0491 0x14f0  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:03:07.0491 0x14f0  tcpipreg - ok
16:03:07.0522 0x14f0  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:03:07.0554 0x14f0  TDPIPE - ok
16:03:07.0569 0x14f0  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:03:07.0585 0x14f0  TDTCP - ok
16:03:07.0600 0x14f0  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:03:07.0632 0x14f0  tdx - ok
16:03:07.0663 0x14f0  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:03:07.0678 0x14f0  TermDD - ok
16:03:07.0756 0x14f0  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
16:03:07.0881 0x14f0  TermService - ok
16:03:07.0912 0x14f0  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
16:03:07.0928 0x14f0  Themes - ok
16:03:07.0975 0x14f0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
16:03:08.0022 0x14f0  THREADORDER - ok
16:03:08.0053 0x14f0  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
16:03:08.0084 0x14f0  TrkWks - ok
16:03:08.0162 0x14f0  [ 6BFB75B76411CC57A72FCC1D0201E166, 8F3A97E7651501F58018EB6081178B2A05ADFBF48C6126E0176FE231A261893E ] TrueService     C:\Program Files\Common Files\AuthenTec\TrueService.exe
16:03:08.0178 0x14f0  TrueService - ok
16:03:08.0240 0x14f0  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:03:08.0287 0x14f0  TrustedInstaller - ok
16:03:08.0334 0x14f0  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:03:08.0349 0x14f0  tssecsrv - ok
16:03:08.0396 0x14f0  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:03:08.0412 0x14f0  TsUsbFlt - ok
16:03:08.0443 0x14f0  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
16:03:08.0458 0x14f0  TsUsbGD - ok
16:03:08.0505 0x14f0  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:03:08.0536 0x14f0  tunnel - ok
16:03:08.0568 0x14f0  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:03:08.0583 0x14f0  uagp35 - ok
16:03:08.0661 0x14f0  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:03:08.0708 0x14f0  udfs - ok
16:03:08.0739 0x14f0  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:03:08.0755 0x14f0  UI0Detect - ok
16:03:08.0802 0x14f0  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:03:08.0817 0x14f0  uliagpkx - ok
16:03:08.0864 0x14f0  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:03:08.0880 0x14f0  umbus - ok
16:03:08.0895 0x14f0  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
16:03:08.0911 0x14f0  UmPass - ok
16:03:08.0958 0x14f0  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
16:03:09.0004 0x14f0  upnphost - ok
16:03:09.0036 0x14f0  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:03:09.0051 0x14f0  usbccgp - ok
16:03:09.0082 0x14f0  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:03:09.0114 0x14f0  usbcir - ok
16:03:09.0145 0x14f0  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:03:09.0145 0x14f0  usbehci - ok
16:03:09.0176 0x14f0  [ 33A58C5630200E17B51C8D73DD64181B, 75707B7E5CE686119CA430944477C9A6DBD5AA4211FDDECFF0986EACA65975B3 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
16:03:09.0192 0x14f0  usbfilter - ok
16:03:09.0223 0x14f0  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:03:09.0254 0x14f0  usbhub - ok
16:03:09.0285 0x14f0  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
16:03:09.0285 0x14f0  usbohci - ok
16:03:09.0332 0x14f0  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:03:09.0348 0x14f0  usbprint - ok
16:03:09.0379 0x14f0  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:03:09.0394 0x14f0  usbscan - ok
16:03:09.0410 0x14f0  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:03:09.0426 0x14f0  USBSTOR - ok
16:03:09.0457 0x14f0  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:03:09.0472 0x14f0  usbuhci - ok
16:03:09.0519 0x14f0  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
16:03:09.0550 0x14f0  usbvideo - ok
16:03:09.0582 0x14f0  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
16:03:09.0628 0x14f0  UxSms - ok
16:03:09.0644 0x14f0  [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] VaultSvc        C:\Windows\system32\lsass.exe
16:03:09.0660 0x14f0  VaultSvc - ok
16:03:09.0675 0x14f0  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:03:09.0675 0x14f0  vdrvroot - ok
16:03:09.0784 0x14f0  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
16:03:09.0909 0x14f0  vds - ok
16:03:09.0940 0x14f0  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:03:09.0956 0x14f0  vga - ok
16:03:09.0972 0x14f0  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:03:10.0003 0x14f0  VgaSave - ok
16:03:10.0034 0x14f0  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:03:10.0050 0x14f0  vhdmp - ok
16:03:10.0065 0x14f0  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:03:10.0065 0x14f0  viaide - ok
16:03:10.0096 0x14f0  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:03:10.0096 0x14f0  volmgr - ok
16:03:10.0190 0x14f0  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:03:10.0221 0x14f0  volmgrx - ok
16:03:10.0252 0x14f0  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:03:10.0284 0x14f0  volsnap - ok
16:03:10.0315 0x14f0  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:03:10.0330 0x14f0  vsmraid - ok
16:03:10.0440 0x14f0  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
16:03:10.0564 0x14f0  VSS - ok
16:03:10.0596 0x14f0  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:03:10.0611 0x14f0  vwifibus - ok
16:03:10.0627 0x14f0  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:03:10.0642 0x14f0  vwififlt - ok
16:03:10.0720 0x14f0  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
16:03:10.0783 0x14f0  W32Time - ok
16:03:10.0798 0x14f0  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:03:10.0814 0x14f0  WacomPen - ok
16:03:10.0861 0x14f0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:03:10.0892 0x14f0  WANARP - ok
16:03:10.0908 0x14f0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:03:10.0939 0x14f0  Wanarpv6 - ok
16:03:11.0064 0x14f0  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
16:03:11.0142 0x14f0  WatAdminSvc - ok
16:03:11.0235 0x14f0  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
16:03:11.0360 0x14f0  wbengine - ok
16:03:11.0407 0x14f0  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:03:11.0422 0x14f0  WbioSrvc - ok
16:03:11.0485 0x14f0  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:03:11.0532 0x14f0  wcncsvc - ok
16:03:11.0547 0x14f0  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:03:11.0578 0x14f0  WcsPlugInService - ok
16:03:11.0594 0x14f0  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
16:03:11.0610 0x14f0  Wd - ok
16:03:11.0688 0x14f0  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:03:11.0781 0x14f0  Wdf01000 - ok
16:03:11.0812 0x14f0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:03:11.0828 0x14f0  WdiServiceHost - ok
16:03:11.0828 0x14f0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:03:11.0859 0x14f0  WdiSystemHost - ok
16:03:11.0906 0x14f0  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
16:03:11.0937 0x14f0  WebClient - ok
16:03:12.0015 0x14f0  [ FD252CB816CD1192B7DB3126A667C819, 3901001B05D07C9C7A5C6DDC9644D4954287674B5C5135A2F10C4383B85C4B7B ] webinstrNew     C:\Windows\system32\Drivers\webinstrNew.sys
16:03:12.0046 0x14f0  webinstrNew - ok
16:03:12.0078 0x14f0  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:03:12.0124 0x14f0  Wecsvc - ok
16:03:12.0124 0x14f0  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:03:12.0171 0x14f0  wercplsupport - ok
16:03:12.0187 0x14f0  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:03:12.0234 0x14f0  WerSvc - ok
16:03:12.0265 0x14f0  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:03:12.0296 0x14f0  WfpLwf - ok
16:03:12.0312 0x14f0  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:03:12.0327 0x14f0  WIMMount - ok
16:03:12.0343 0x14f0  WinDefend - ok
16:03:12.0374 0x14f0  WinHttpAutoProxySvc - ok
16:03:12.0421 0x14f0  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:03:12.0468 0x14f0  Winmgmt - ok
16:03:12.0577 0x14f0  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
16:03:12.0717 0x14f0  WinRM - ok
16:03:12.0764 0x14f0  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
16:03:12.0780 0x14f0  WinUsb - ok
16:03:12.0842 0x14f0  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:03:12.0967 0x14f0  Wlansvc - ok
16:03:13.0045 0x14f0  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:03:13.0060 0x14f0  wlcrasvc - ok
16:03:13.0263 0x14f0  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:03:13.0404 0x14f0  wlidsvc - ok
16:03:13.0435 0x14f0  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:03:13.0450 0x14f0  WmiAcpi - ok
16:03:13.0497 0x14f0  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:03:13.0513 0x14f0  wmiApSrv - ok
16:03:13.0544 0x14f0  WMPNetworkSvc - ok
16:03:13.0622 0x14f0  [ 83B6CA03C846FCD47F9883D77D1EB27B, 1616DBBC95085B6618B7F884383507E2A54D561A41288E79FA6DC99218C02802 ] WMZuneComm      C:\Program Files\Zune\WMZuneComm.exe
16:03:13.0669 0x14f0  WMZuneComm - ok
16:03:13.0700 0x14f0  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:03:13.0716 0x14f0  WPCSvc - ok
16:03:13.0731 0x14f0  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:03:13.0762 0x14f0  WPDBusEnum - ok
16:03:13.0778 0x14f0  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:03:13.0825 0x14f0  ws2ifsl - ok
16:03:13.0840 0x14f0  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
16:03:13.0856 0x14f0  wscsvc - ok
16:03:13.0872 0x14f0  WSearch - ok
16:03:14.0012 0x14f0  [ 39D604E190DFE2E483B637D6796ABAFF, 52DCCEA0DB59F00C615D94CC2B70FC1C335E553E8FC79AAC8C8C7D9EE1F6111D ] wuauserv        C:\Windows\system32\wuaueng.dll
16:03:14.0184 0x14f0  wuauserv - ok
16:03:14.0230 0x14f0  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:03:14.0246 0x14f0  WudfPf - ok
16:03:14.0324 0x14f0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:03:14.0355 0x14f0  WUDFRd - ok
16:03:14.0386 0x14f0  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:03:14.0402 0x14f0  wudfsvc - ok
16:03:14.0433 0x14f0  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:03:14.0464 0x14f0  WwanSvc - ok
16:03:14.0901 0x14f0  [ 67B787C34FB2888D01B130AE007042D8, E44878E53F265C89F271B08B81C129105E42D1C78C14467B2D96E28A9A428B1A ] ZuneNetworkSvc  C:\Program Files\Zune\ZuneNss.exe
16:03:15.0260 0x14f0  ZuneNetworkSvc - ok
16:03:15.0338 0x14f0  [ 4D89FC1C20CF655739EFAC5DA81A67BC, 788D0A5B9972ED6D80242C0C5E80AB0FAB44A708B896D5F724AC1559A291C8DD ] ZuneWlanCfgSvc  C:\Program Files\Zune\ZuneWlanCfgSvc.exe
16:03:15.0369 0x14f0  ZuneWlanCfgSvc - ok
16:03:15.0385 0x14f0  ================ Scan global ===============================
16:03:15.0416 0x14f0  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
16:03:15.0463 0x14f0  [ E80CA72FA43BF258E72C408CEF9839BE, 06482E80F43AD91F4B9E5919A0C50219382213D59EACF9FBAE7AFD7A321F30D2 ] C:\Windows\system32\winsrv.dll
16:03:15.0478 0x14f0  [ E80CA72FA43BF258E72C408CEF9839BE, 06482E80F43AD91F4B9E5919A0C50219382213D59EACF9FBAE7AFD7A321F30D2 ] C:\Windows\system32\winsrv.dll
16:03:15.0525 0x14f0  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
16:03:15.0572 0x14f0  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
16:03:15.0572 0x14f0  [ Global ] - ok
16:03:15.0572 0x14f0  ================ Scan MBR ==================================
16:03:15.0588 0x14f0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:03:16.0680 0x14f0  \Device\Harddisk0\DR0 - ok
16:03:16.0680 0x14f0  ================ Scan VBR ==================================
16:03:16.0695 0x14f0  [ 14892163282460AD4FE93C1049B33C77 ] \Device\Harddisk0\DR0\Partition1
16:03:16.0695 0x14f0  \Device\Harddisk0\DR0\Partition1 - ok
16:03:16.0711 0x14f0  [ 23583DAA6BFEB27BF1F336AA4589A342 ] \Device\Harddisk0\DR0\Partition2
16:03:16.0711 0x14f0  \Device\Harddisk0\DR0\Partition2 - ok
16:03:16.0742 0x14f0  [ CD1710B2F4E841D584127F86B5B1C784 ] \Device\Harddisk0\DR0\Partition3
16:03:16.0742 0x14f0  \Device\Harddisk0\DR0\Partition3 - ok
16:03:16.0758 0x14f0  [ 240C6DE803039A3C7735E189E790D55A ] \Device\Harddisk0\DR0\Partition4
16:03:16.0758 0x14f0  \Device\Harddisk0\DR0\Partition4 - ok
16:03:16.0758 0x14f0  ================ Scan generic autorun ======================
16:03:16.0758 0x14f0  SynTPEnh - ok
16:03:16.0882 0x14f0  [ 35BA4E6632BA690EA6421C1E03537D0E, 99D6B4DB12ABE3A7F44AB1B2D626978E85231185AE280D9516986027BC8385CB ] c:\Program Files\Microsoft Security Client\msseces.exe
16:03:16.0976 0x14f0  MSC - ok
16:03:16.0976 0x14f0  DLCJCATS - ok
16:03:17.0085 0x14f0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
16:03:17.0194 0x14f0  Sidebar - ok
16:03:17.0210 0x14f0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
16:03:17.0241 0x14f0  mctadmin - ok
16:03:17.0350 0x14f0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
16:03:17.0397 0x14f0  Sidebar - ok
16:03:17.0413 0x14f0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
16:03:17.0428 0x14f0  mctadmin - ok
16:03:17.0569 0x14f0  [ C2D2FFD27F46815951C9562F0A2EC864, 892A5DC5C3D797E3FD36230710BA9AF43ADA5CDFD19A03268D20D5A9DA3CCB3A ] C:\Users\Mona\AppData\Local\Microsoft\OneDrive\OneDrive.exe
16:03:17.0600 0x14f0  OneDrive - ok
16:03:17.0600 0x14f0  Waiting for KSN requests completion. In queue: 125
16:03:18.0614 0x14f0  Waiting for KSN requests completion. In queue: 125
16:03:19.0628 0x14f0  Waiting for KSN requests completion. In queue: 125
16:03:20.0689 0x14f0  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.12.420 ), 0x41000 ( enabled : updated )
16:03:20.0704 0x14f0  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x61000 ( enabled : updated )
16:03:20.0704 0x14f0  Win FW state via NFP2: enabled ( trusted )
16:03:23.0154 0x14f0  ============================================================
16:03:23.0154 0x14f0  Scan finished
16:03:23.0154 0x14f0  ============================================================
16:03:23.0169 0x0f58  Detected object count: 0
16:03:23.0169 0x0f58  Actual detected object count: 0

M-K-D-B · 29.09.2015, 18:11

Ich sehe da einiges an Adware/Malware, wir kümmern uns darum und beginnen erst einmal so:

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die Logdatei von JRT,
die beiden neuen Logdateien von FRST.

smayate · 30.09.2015, 13:47

ich hoffe ich habe alles richtig gemacht:

Code:

ATTFilter

# AdwCleaner v5.009 - Bericht erstellt am 30/09/2015 um 12:41:21
# Aktualisiert am 27/09/2015 von Xplode
# Datenbank : 2015-09-30.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Mona - HP_MONA
# Gestartet von : C:\Users\Mona\Desktop\AdwCleaner_5.009.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****

[-] Dienst Gelöscht : Bandoo Coordinator
[-] Dienst Gelöscht : webinstrNew
[-] Dienst Gelöscht : 51cdb72
[-] Dienst Gelöscht : F06DEFF2-5B9C-490D-910F-35D3A9119622
[!] Dienst Nicht Gelöscht : webinstrNew

***** [ Ordner ] *****

[-] Ordner Gelöscht : C:\SiteRanker
[-] Ordner Gelöscht : C:\Program Files (x86)\FLVM Player
[-] Ordner Gelöscht : C:\Program Files (x86)\edealpop
[-] Ordner Gelöscht : C:\Program Files (x86)\WinZip Driver Updater
[-] Ordner Gelöscht : C:\Program Files (x86)\ver1Re-Markable
[-] Ordner Gelöscht : C:\ProgramData\Bandoo
[-] Ordner Gelöscht : C:\ProgramData\Browser Manager
[-] Ordner Gelöscht : C:\ProgramData\BrowserProtect
[-] Ordner Gelöscht : C:\ProgramData\wincert
[-] Ordner Gelöscht : C:\ProgramData\Kromtech
[-] Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandoo
[-] Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Driver Updater
[-] Ordner Gelöscht : C:\Users\Mona\AppData\Local\iMesh
[-] Ordner Gelöscht : C:\Users\Mona\AppData\Local\PackageAware
[-] Ordner Gelöscht : C:\Users\Mona\AppData\Local\Kromtech
[-] Ordner Gelöscht : C:\Users\Mona\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp
[-] Ordner Gelöscht : C:\Users\Mona\AppData\LocalLow\Bandoo
[-] Ordner Gelöscht : C:\Users\Mona\AppData\LocalLow\iac
[-] Ordner Gelöscht : C:\Users\Mona\AppData\LocalLow\searchresultstb
[-] Ordner Gelöscht : C:\Users\Mona\AppData\LocalLow\SiteRanker
[-] Ordner Gelöscht : C:\Users\Mona\AppData\Roaming\Bandoo
[-] Ordner Gelöscht : C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player
[-] Ordner Gelöscht : C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\Profiles\f92w0j6a.default\Extensions\ffox@bandoo.com

***** [ Dateien ] *****

[-] Datei Gelöscht : C:\Users\Mona\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.superfish.com_0.localstorage-journal
[-] Datei Gelöscht : C:\Users\Mona\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
[-] Datei Gelöscht : C:\Users\Mona\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.reimageplus.com_0.localstorage
[-] Datei Gelöscht : C:\Users\Mona\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.reimageplus.com_0.localstorage-journal
[-] Datei Gelöscht : C:\Users\Mona\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk
[-] Datei Gelöscht : C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
[-] Datei Gelöscht : C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\Profiles\17w1uy86.default\user.js
[-] Datei Gelöscht : C:\Users\Mona\Desktop\FLVM Player.lnk
[-] Datei Gelöscht : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.url
[-] Datei Gelöscht : C:\Users\Public\Desktop\WinZip Driver Updater.lnk
[-] Datei Gelöscht : C:\Windows\Sysnative\drivers\webinstrNew.sys

***** [ Verknüpfungen ] *****


***** [ Geplante Tasks ] *****

[-] Task Gelöscht : LaunchApp
[-] Task Gelöscht : WinZipDriverUpdater_UPDATES
[-] Task Gelöscht : Re-Markable Update
[-] Task Gelöscht : Re-Markable Update
[-] Task Gelöscht : Adobe Flash Player Updater

***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BandooCoordinator.EXE
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\FlashAnimator.DLL
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Launcher.EXE
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCoordinator.BandooCoordinator
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCoordinator.BandooCoordinator.1
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCoordinator.CoordinatorUI
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCoordinator.CoordinatorUI.1
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCoordinator.hxxpAsyncResult
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCoordinator.hxxpAsyncResult.1
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCoordinator.PlugInNotifier
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCoordinator.PlugInNotifier.1
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooIEPlugin.BandooIEPlugin
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooIEPlugin.BandooIEPlugin.1
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BFlashAnimator.BFlashAnimatorCtrl
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BFlashAnimator.BFlashAnimatorCtrl.1
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BGIFAnimator.BGIFAnimatorCtrl
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BGIFAnimator.BGIFAnimatorCtrl.1
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMPlayCDAudioOnArrival
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMRipCDAudioOnArrival
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowCDAudioOnArrival
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowVolumeOnArrival
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249}
[-] Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ffox@bandoo.com]
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3AD7A5B6-610D-4A82-979E-0AED20920690}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{969D2C61-9B16-407C-86B7-397BF4579BE6}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9C123289-82E1-4DA7-A3C2-B8D28AAD114B}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A01A3335-0C30-4312-A430-92356CC37A92}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EDE2C296-2458-4E3B-A846-4B512C0703B5}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{074E4EFE-81BB-4EA4-866E-082CB0E01070}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0CE5B352-9D9C-41E1-9551-FCCD92820217}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10273591-D084-4328-A7D0-49E051FCDE7B}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{167B2B5F-2757-434A-BBDA-2FDB2003F14F}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{282B0E54-8981-49EB-9193-5910A1F6FD33}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2E9A60EA-5554-49C3-BC9D-D0404DBACC62}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3E63C9BC-DD51-4E83-ABA6-B350EAD28531}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44CFFEF4-E7E1-44BD-B1F5-29F828ADA1B8}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{950F80EF-32C2-47DD-9C35-9576E21EE66E}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CE1CB632-6817-47B3-8587-D05AF75D6D5A}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF2B6317-C367-401B-83B8-80302D6588A7}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F5379B4B-24D8-432A-9A96-BE75EE5117DB}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F7FB2BC4-6C27-4EAC-B5E2-037B71FDE101}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD53FE35-4368-4B71-89D6-F29F3DB29DF1}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{148132E6-626D-4A5E-8063-A761EB29A50B}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F8AB43ED-EC88-4DE7-B213-F89157D29C62}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01222E21-6BD0-4EB3-94F1-967EB09CCED5}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{33DDFC61-F531-4982-8C32-4212B7835D44}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9005ED5-4A1D-4606-A4DF-1A25E7D7B417}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{596BB86E-F1E5-A1DE-3363-41AB634E77EF}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A3492A3A-6715-9371-F8DB-1C48CC4DAAA1}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3AD7A5B6-610D-4A82-979E-0AED20920690}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4410C118-B23C-406C-9F52-9CDABD90A5EA}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{62E5C9E1-A0E8-4F8C-8EAF-0F9250CC5786}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{969D2C61-9B16-407C-86B7-397BF4579BE6}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C123289-82E1-4DA7-A3C2-B8D28AAD114B}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A147AA03-820F-4A0F-9F34-D6CB4004A2F9}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EC96F516-51B2-4B46-8451-8665F5A6BA2B}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F07FBD3E-2048-44A4-9065-71BF551E2672}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{282B0E54-8981-49EB-9193-5910A1F6FD33}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{282B0E54-8981-49EB-9193-5910A1F6FD33}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D25FB7A-8902-4291-960E-9ADA051CFBBF}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{282B0E54-8981-49EB-9193-5910A1F6FD33}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{282B0E54-8981-49EB-9193-5910A1F6FD33}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CE1CB632-6817-47B3-8587-D05AF75D6D5A}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{282B0E54-8981-49EB-9193-5910A1F6FD33}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{282B0E54-8981-49EB-9193-5910A1F6FD33}]
[-] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
[-] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{282B0E54-8981-49EB-9193-5910A1F6FD33}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{2C353E32-B8AC-4B82-B988-4C2D3394388A}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{950F80EF-32C2-47DD-9C35-9576E21EE66E}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{01222E21-6BD0-4EB3-94F1-967EB09CCED5}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{33DDFC61-F531-4982-8C32-4212B7835D44}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A9005ED5-4A1D-4606-A4DF-1A25E7D7B417}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{596BB86E-F1E5-A1DE-3363-41AB634E77EF}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A3492A3A-6715-9371-F8DB-1C48CC4DAAA1}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{282B0E54-8981-49EB-9193-5910A1F6FD33}
[-] Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{282B0E54-8981-49EB-9193-5910A1F6FD33}]
[-] Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110A9EA2-8810-4C04-B916-CFD4E9427FEC}
[-] Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
[-] Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
[-] Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
[-] Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
[-] Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
[-] Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
[-] Schlüssel Gelöscht : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Schlüssel Gelöscht : HKCU\Software\APNDTX
[-] Schlüssel Gelöscht : HKCU\Software\DriverTuner_Init
[-] Schlüssel Gelöscht : HKCU\Software\DriverTuner
[-] Schlüssel Gelöscht : HKCU\Software\Kromtech
[-] Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Re-Markable
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Bandoo
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Upt
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\WinUpd
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\SI-App
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\RST
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bandoo
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLVM Player
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9854A5C4-5BE5-46E2-A989-352DD8B37E20}_is1
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\imeshmusicboxtoolbar181IE
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\53BB45AF-DE34-15AA-9295-C9A29AF51976
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\APNDTX
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\DriverTuner_Init
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\DriverTuner
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\Kromtech
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Upt
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Kromtech
[!] Schlüssel Nicht Gelöscht : HKU\S-1-5-21-2335087299-416370035-993193814-1002\Software\AppDataLow\Software\Re-Markable
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\1A594BF8F3A4D1C4DB72F3A32B6E7636
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\1A594BF8F3A4D1C4DB72F3A32B6E7636
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1A594BF8F3A4D1C4DB72F3A32B6E7636
[!] Schlüssel Nicht Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}
[!] Schlüssel Nicht Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[!] Schlüssel Nicht Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
[!] Schlüssel Nicht Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[!] Schlüssel Nicht Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
[!] Schlüssel Nicht Gelöscht : HKU\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}
[!] Schlüssel Nicht Gelöscht : HKU\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[!] Schlüssel Nicht Gelöscht : HKU\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}

***** [ Internetbrowser ] *****

[-] [C:\Users\Mona\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : ask.com
[-] [C:\Users\Mona\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : eu.ask.com
[-] [C:\Users\Mona\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : dts.search.ask.com
[-] [C:\Users\Mona\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : dloejdefkancmfajekobpfoacecnhpgp

*************************

:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [28174 Bytes] ##########

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 30.09.2015
Suchlaufzeit: 13:23
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.09.30.03
Rootkit-Datenbank: v2015.09.22.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Mona

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 366548
Abgelaufene Zeit: 25 Min., 19 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 12
PUP.Optional.DataMngr, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\${dtUserElevationPolicyID}, In Quarantäne, [37d4171f8a01eb4b1da67f58da2a9e62], 
PUP.Optional.DataMngr, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\${dtUserElevationPolicyID}, In Quarantäne, [967566d0bbd064d2c5fe2aad16ee8e72], 
PUP.Optional.Bandoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2405497D-0447-4C68-A4F7-FDA4DAD3A75F}, In Quarantäne, [749753e34a41280e6320c1cf699b5ba5], 
PUP.Optional.Bandoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3B7AB4EA-CE19-40B8-8306-2B93A241C49D}, In Quarantäne, [bd4e8da93d4e8bab1d66523e45bf2bd5], 
PUP.Optional.Bandoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{539BA1D0-644E-4108-9175-F35EB575E41D}, In Quarantäne, [be4dfb3b701b82b4cfb43d530bf98878], 
PUP.Optional.Bandoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6E50152C-ABDA-445D-99BD-7212FA655381}, In Quarantäne, [36d5c76fbdcee3534a39414f8e7654ac], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{75685C45-50A6-4939-90E6-80B9BA5869E3}, In Quarantäne, [1af1e84ea5e6f34357839a19a46038c8], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}, In Quarantäne, [d338b284deadb97dc218eac9da2ae719], 
PUP.Optional.Bandoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E4128F81-2547-4648-A344-FF49B9DDCB59}, In Quarantäne, [e427a78fa0eb8ea8790aaae620e42bd5], 
PUP.Optional.Bandoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E74AA101-FB30-4BCD-B15B-68549149B975}, In Quarantäne, [4ebdba7cf7942a0ce49f434df21246ba], 
PUP.Optional.Bandoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FC7B9BF8-B3F7-4F97-83E8-3CFEF4F5CBC2}, In Quarantäne, [6ba047ef701b41f5f58e6927b4504db3], 
PUP.Optional.MusicBoxToolBar, HKU\S-1-5-21-2335087299-416370035-993193814-1002\SOFTWARE\imeshmusicboxtoolbar181, In Quarantäne, [ba51a591aae183b3abcdab0a8a7a40c0], 

Registrierungswerte: 10
PUP.Optional.Bandoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2405497D-0447-4C68-A4F7-FDA4DAD3A75F}|AppPath, C:\PROGRA~2\MUSICT~1\Datamngr\SR0DE8~3\IE, In Quarantäne, [749753e34a41280e6320c1cf699b5ba5]
PUP.Optional.Bandoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3B7AB4EA-CE19-40B8-8306-2B93A241C49D}|AppPath, C:\PROGRA~2\MUSICT~1\Datamngr\SRTOOL~2\IE, In Quarantäne, [bd4e8da93d4e8bab1d66523e45bf2bd5]
PUP.Optional.Bandoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{539BA1D0-644E-4108-9175-F35EB575E41D}|AppPath, C:\PROGRA~2\MUSICT~1\Datamngr\SRTOOL~1\IE, In Quarantäne, [be4dfb3b701b82b4cfb43d530bf98878]
PUP.Optional.Bandoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6E50152C-ABDA-445D-99BD-7212FA655381}|AppPath, C:\PROGRA~2\MUSICT~1\Datamngr\SR0DE8~1\IE, In Quarantäne, [36d5c76fbdcee3534a39414f8e7654ac]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{75685c45-50a6-4939-90e6-80b9ba5869e3}|AppPath, C:\Program Files (x86)\RadioRage_4j\bar\1.bin, In Quarantäne, [1af1e84ea5e6f34357839a19a46038c8]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{a25aa6e2-1cde-4d0f-a5d4-4898d7fb3c86}|AppPath, C:\Program Files (x86)\RadioRage_4j\bar\1.bin, In Quarantäne, [d338b284deadb97dc218eac9da2ae719]
PUP.Optional.Bandoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E4128F81-2547-4648-A344-FF49B9DDCB59}|AppPath, C:\PROGRA~2\MUSICT~1\Datamngr\SRTOOL~3\IE, In Quarantäne, [e427a78fa0eb8ea8790aaae620e42bd5]
PUP.Optional.Bandoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E74AA101-FB30-4BCD-B15B-68549149B975}|AppPath, C:\PROGRA~2\MUSICT~1\Datamngr\SR0DE8~2\IE, In Quarantäne, [4ebdba7cf7942a0ce49f434df21246ba]
PUP.Optional.Bandoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FC7B9BF8-B3F7-4F97-83E8-3CFEF4F5CBC2}|AppPath, C:\PROGRA~2\MUSICT~1\Datamngr\SRTOOL~4\IE, In Quarantäne, [6ba047ef701b41f5f58e6927b4504db3]
PUP.Optional.Markable, HKU\S-1-5-21-2335087299-416370035-993193814-1002\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{AF1E3C7A-149F-2585-543F-FFC62447035C}, C:\Program Files (x86)\ver1Re-Markable\182.xpi, In Quarantäne, [6f9c7cba315a4fe75388357abd47d12f]

Registrierungsdaten: 2
Hijack.StartPage, HKU\S-1-5-21-2335087299-416370035-993193814-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://www.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=70100, Gut: (www.google.com), Schlecht: (hxxp://www.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=70100),Ersetzt,[3ecd4aec5338e25441120f6e6f96f50b]
Hijack.SearchBar, HKU\S-1-5-21-2335087299-416370035-993193814-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://www.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=70100, Gut: (www.google.com/), Schlecht: (hxxp://www.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=70100),Ersetzt,[41ca7bbb296260d62a2a6c1148bde21e]

Ordner: 11
Rogue.Multiple, C:\ProgramData\600440862, In Quarantäne, [8487171fc0cb76c01cc5eb0a55ad38c8], 
PUP.Optional.DataMngr, C:\Users\Mona\AppData\LocalLow\DataMngr, In Quarantäne, [58b31b1bdeadcb6b443e47d4bc47ff01], 
PUP.Optional.Bandoo, C:\Users\Mona\AppData\LocalLow\imeshmusicboxtoolbar181, In Quarantäne, [967583b374171422047be6525fa4f709], 
PUP.Optional.Bandoo, C:\Users\Mona\AppData\LocalLow\imeshmusicboxtoolbar181\chrome, In Quarantäne, [967583b374171422047be6525fa4f709], 
PUP.Optional.Bandoo, C:\Users\Mona\AppData\LocalLow\imeshmusicboxtoolbar181\chrome\content, In Quarantäne, [967583b374171422047be6525fa4f709], 
PUP.Optional.Bandoo, C:\Users\Mona\AppData\LocalLow\imeshmusicboxtoolbar181\chrome\content\widgets, In Quarantäne, [967583b374171422047be6525fa4f709], 
PUP.Optional.Bandoo, C:\Users\Mona\AppData\LocalLow\imeshmusicboxtoolbar181\chrome\content\widgets\net.vmn.www.RadioBeta, In Quarantäne, [967583b374171422047be6525fa4f709], 
PUP.Optional.Bandoo, C:\Users\Mona\AppData\LocalLow\imeshmusicboxtoolbar181\chrome\net.vmn.www.RadioBeta, In Quarantäne, [967583b374171422047be6525fa4f709], 
PUP.Optional.Bandoo, C:\Users\Mona\AppData\LocalLow\imeshmusicboxtoolbar181\chrome\widgets, In Quarantäne, [967583b374171422047be6525fa4f709], 
PUP.Optional.Bandoo, C:\Users\Mona\AppData\LocalLow\imeshmusicboxtoolbar181\chrome\widgets\net.vmn.www.RadioBeta, In Quarantäne, [967583b374171422047be6525fa4f709], 
PUP.Optional.Bandoo, C:\Users\Mona\AppData\LocalLow\imeshmusicboxtoolbar181\search, In Quarantäne, [967583b374171422047be6525fa4f709], 

Dateien: 16
PUP.Optional.Bandoo, C:\bnd5438.tmp.exe, In Quarantäne, [ea21ad891c6fdd59f878c4f0010421df], 
PUP.Optional.Bandoo, C:\bndBAC8.tmp.exe, In Quarantäne, [0b00290d2e5df1454e22dcd811f406fa], 
Trojan.Crypt, C:\Users\Mona\AppData\Local\Temp\Low\a, In Quarantäne, [ac5f2a0c44476fc76ac730baa160b749], 
PUP.Optional.WebInstr, C:\Windows\System32\drivers\Msft_Kernel_webinstrNew_01009.Wdf, In Quarantäne, [83882610216a7abc7e042ca347bd8c74], 
PUP.Optional.DataMngr, C:\Users\Mona\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, In Quarantäne, [58b31b1bdeadcb6b443e47d4bc47ff01], 
PUP.Optional.DataMngr, C:\Users\Mona\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}64, In Quarantäne, [58b31b1bdeadcb6b443e47d4bc47ff01], 
PUP.Optional.Bandoo, C:\Users\Mona\AppData\LocalLow\imeshmusicboxtoolbar181\apnuserid.dat, In Quarantäne, [967583b374171422047be6525fa4f709], 
PUP.Optional.Bandoo, C:\Users\Mona\AppData\LocalLow\imeshmusicboxtoolbar181\appid.dat, In Quarantäne, [967583b374171422047be6525fa4f709], 
PUP.Optional.Bandoo, C:\Users\Mona\AppData\LocalLow\imeshmusicboxtoolbar181\dtx.ini, In Quarantäne, [967583b374171422047be6525fa4f709], 
PUP.Optional.Bandoo, C:\Users\Mona\AppData\LocalLow\imeshmusicboxtoolbar181\geodata.xml, In Quarantäne, [967583b374171422047be6525fa4f709], 
PUP.Optional.Bandoo, C:\Users\Mona\AppData\LocalLow\imeshmusicboxtoolbar181\guid.dat, In Quarantäne, [967583b374171422047be6525fa4f709], 
PUP.Optional.Bandoo, C:\Users\Mona\AppData\LocalLow\imeshmusicboxtoolbar181\log.txt, In Quarantäne, [967583b374171422047be6525fa4f709], 
PUP.Optional.Bandoo, C:\Users\Mona\AppData\LocalLow\imeshmusicboxtoolbar181\preferences.dat, In Quarantäne, [967583b374171422047be6525fa4f709], 
PUP.Optional.Bandoo, C:\Users\Mona\AppData\LocalLow\imeshmusicboxtoolbar181\sysid.dat, In Quarantäne, [967583b374171422047be6525fa4f709], 
PUP.Optional.Bandoo, C:\Users\Mona\AppData\LocalLow\imeshmusicboxtoolbar181\trackid.dat, In Quarantäne, [967583b374171422047be6525fa4f709], 
PUP.Optional.Bandoo, C:\Users\Mona\AppData\LocalLow\imeshmusicboxtoolbar181\search\imeshmusicboxtoolbar181-search-history.xml, In Quarantäne, [967583b374171422047be6525fa4f709], 

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Home Premium x64
Ran by Mona on 30.09.2015 at 14:11:08.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\TuneUpUtilities_Task_BkGndMaintenance



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioRage_4j.ToolbarProtector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioRage_4j.ToolbarProtector.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{3035FD3C-5308-4863-91DF-75E8C9A9C5A7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}



~~~ Files

Successfully deleted: [File] C:\Windows\SysWOW64\sho2852.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\sho6198.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\sho7436.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoE33B.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoFD0F.tmp



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Mona\Appdata\Local\{9398EF2B-766F-40E2-983A-4E2FC45B0499}
Successfully deleted: [Empty Folder] C:\Users\Mona\Appdata\Local\{BE2CB084-F609-447A-A08C-C4AFD24F3ADE}
Successfully deleted: [Empty Folder] C:\Users\Mona\Appdata\Local\{C944EF43-997C-4084-B67D-E9CC135F873B}



~~~ Chrome


[C:\Users\Mona\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Mona\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Mona\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Mona\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.09.2015 at 14:16:54.41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

smayate · 30.09.2015, 13:48

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-09-2015 01
durchgeführt von Mona (Administrator) auf HP_MONA (30-09-2015 14:26:58)
Gestartet von C:\Users\Mona\Desktop
Geladene Profile: Mona (Verfügbare Profile: Mona)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2899216 2013-05-28] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [DLCJCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\DLCJtime.dll,RunDLLEntry
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-09-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-13] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2335087299-416370035-993193814-1002\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2335087299-416370035-993193814-1002\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-2335087299-416370035-993193814-1002\...\Policies\Explorer: [NoLogoff] 0
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellExecuteHooks:  - {E54729E8-643D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook64.dll [773192 2014-03-01] ()
ShellExecuteHooks-x32:  - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook32.dll [484936 2014-03-01] ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Mona\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-09-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Mona\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-09-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Mona\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-09-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Mona\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Mona\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Mona\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-23] (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{095DDCF9-864E-4705-A2C1-76BF9EC9365F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E53ACA17-DD30-4196-B389-B09ADC657204}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/12
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {3035FD3C-5308-4863-91DF-75E8C9A9C5A7} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=hxxp://www.ebay.ch/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=hxxp://www.ebay.ch/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = 
SearchScopes: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> {3035FD3C-5308-4863-91DF-75E8C9A9C5A7} URL = 
SearchScopes: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=hxxp://www.ebay.ch/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> {FACD5959-88BD-4238-B571-8156DF972316} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-08] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-08] (Advanced Micro Devices)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Keine Datei
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\Profiles\f92w0j6a.default
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-06-07] ( HP)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2011-09-28] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2015-09-23]

Chrome: 
=======
CHR Profile: C:\Users\Mona\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mona\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-06]
CHR Extension: (Avira Browserschutz) - C:\Users\Mona\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-06]
CHR Extension: (Google Wallet) - C:\Users\Mona\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-03-21] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-09-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-09-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-09-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-09-22] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [228104 2015-08-13] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 dlcj_device; C:\Windows\system32\dlcjcoms.exe [452608 2005-07-12] ()
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [Datei ist nicht signiert]
S2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 AppFrozenPrivacy.exe; C:\Users\Mona\AppData\Local\AppFrozenPrivacy\AppFrozenPrivacy.exe [X]
S2 DebugLogTooltip.exe; C:\Users\Mona\AppData\Local\DebugLogTooltip\DebugLogTooltip.exe [X]
S2 DOSImportStart.exe; C:\Users\Mona\AppData\Local\DOSImportStart\DOSImportStart.exe [X]
S2 MotionScriptSprite.exe; C:\Users\Mona\AppData\Local\MotionScriptSprite\MotionScriptSprite.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [31872 2012-02-02] (Advanced Micro Devices, Inc.)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [189760 2012-02-05] (AppEx Networks Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162528 2015-09-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-09-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-02] (Broadcom Corporation.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-02] (Broadcom Corporation.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-03-02] (Synaptics Incorporated)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-30 14:16 - 2015-09-30 14:16 - 00002251 _____ C:\Users\Mona\Desktop\JRT.txt
2015-09-30 14:10 - 2015-09-30 14:10 - 01798976 _____ (Malwarebytes) C:\Users\Mona\Desktop\JRT.exe
2015-09-30 14:03 - 2015-09-30 14:03 - 00010206 _____ C:\Users\Mona\Desktop\mbam.txt
2015-09-30 13:22 - 2015-09-30 14:04 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-30 13:21 - 2015-09-30 13:21 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-09-30 13:21 - 2015-09-30 13:21 - 00000000 ____D C:\Users\Mona\Desktop\ Malwarebytes Anti-Malware 
2015-09-30 13:21 - 2015-09-30 13:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-30 13:21 - 2015-09-30 13:21 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-09-30 13:21 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-30 13:21 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-30 13:21 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-30 13:03 - 2015-09-30 13:03 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Mona\Desktop\mbam-setup-2.1.8.1057.exe
2015-09-30 12:34 - 2015-09-30 12:41 - 00000000 ____D C:\AdwCleaner
2015-09-30 12:29 - 2015-09-30 12:29 - 01670656 _____ C:\Users\Mona\Desktop\AdwCleaner_5.009.exe
2015-09-29 15:57 - 2015-09-29 15:57 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Mona\Desktop\tdsskiller.exe
2015-09-29 15:52 - 2015-09-29 15:52 - 00030570 _____ C:\Users\Mona\Desktop\Addition.txt
2015-09-29 15:50 - 2015-09-30 14:27 - 00000000 ____D C:\FRST
2015-09-29 15:50 - 2015-09-30 14:26 - 00018560 _____ C:\Users\Mona\Desktop\FRST.txt
2015-09-29 15:48 - 2015-09-29 15:48 - 02192384 _____ (Farbar) C:\Users\Mona\Desktop\FRST64.exe
2015-09-23 19:52 - 2015-08-18 03:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-23 19:52 - 2015-08-18 03:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-23 19:52 - 2015-08-15 08:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-23 19:52 - 2015-08-15 08:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-23 19:52 - 2015-08-15 08:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-23 19:52 - 2015-08-15 08:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-23 19:52 - 2015-08-15 08:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-23 19:52 - 2015-08-15 08:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-23 19:52 - 2015-08-15 08:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-23 19:52 - 2015-08-15 08:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-23 19:52 - 2015-08-15 08:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-23 19:52 - 2015-08-15 08:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-23 19:52 - 2015-08-15 08:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-23 19:52 - 2015-08-15 08:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-23 19:52 - 2015-08-15 08:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-23 19:52 - 2015-08-15 08:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-23 19:52 - 2015-08-15 08:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-23 19:52 - 2015-08-15 08:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-23 19:52 - 2015-08-15 08:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-23 19:52 - 2015-08-15 08:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-23 19:52 - 2015-08-15 07:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-23 19:52 - 2015-08-15 07:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-23 19:52 - 2015-08-15 07:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-23 19:52 - 2015-08-15 07:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-23 19:52 - 2015-08-15 07:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-23 19:52 - 2015-08-15 07:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-23 19:52 - 2015-08-15 07:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-23 19:52 - 2015-08-15 07:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-09-23 19:52 - 2015-08-15 07:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-23 19:52 - 2015-08-15 07:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-23 19:52 - 2015-08-15 07:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-09-23 19:52 - 2015-08-15 07:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-09-23 19:52 - 2015-08-15 07:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-23 19:52 - 2015-08-15 07:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-23 19:52 - 2015-08-15 07:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-09-23 19:52 - 2015-08-15 07:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-23 19:52 - 2015-08-15 07:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-23 19:52 - 2015-08-15 07:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-09-23 19:52 - 2015-08-15 07:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-23 19:52 - 2015-08-15 07:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-23 19:52 - 2015-08-15 07:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-23 19:52 - 2015-08-15 07:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-23 19:52 - 2015-08-15 07:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-23 19:52 - 2015-08-15 07:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-23 19:52 - 2015-08-15 07:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-23 19:52 - 2015-08-15 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-23 19:52 - 2015-08-15 07:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-09-23 19:52 - 2015-08-15 07:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-23 19:52 - 2015-08-15 07:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-23 19:52 - 2015-08-15 07:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-23 19:52 - 2015-08-15 07:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-23 19:52 - 2015-08-15 07:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-23 19:52 - 2015-08-15 07:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-23 19:52 - 2015-08-15 07:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-23 19:52 - 2015-08-15 07:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-09-23 19:52 - 2015-08-15 06:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-23 19:52 - 2015-08-15 06:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-23 19:52 - 2015-08-15 06:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-23 19:52 - 2015-08-15 06:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-23 19:52 - 2015-08-15 06:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-23 19:52 - 2015-08-05 19:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-23 19:52 - 2015-08-05 19:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-23 19:52 - 2015-08-05 19:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-23 19:52 - 2015-08-04 20:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-23 19:52 - 2015-08-04 20:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-23 19:52 - 2015-08-04 19:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-23 19:52 - 2015-08-04 19:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-23 19:52 - 2015-08-04 19:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-23 19:52 - 2015-08-04 19:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-23 19:52 - 2015-07-15 05:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-23 19:52 - 2015-07-15 04:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-23 19:51 - 2015-09-02 05:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-23 19:51 - 2015-09-02 05:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-23 19:51 - 2015-09-02 05:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-23 19:51 - 2015-09-02 05:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-23 19:51 - 2015-09-02 04:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-23 19:51 - 2015-09-02 04:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-23 19:51 - 2015-09-02 04:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-23 19:51 - 2015-09-02 04:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-23 19:51 - 2015-09-02 03:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-23 19:51 - 2015-09-02 03:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-23 19:51 - 2015-09-02 03:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-23 19:51 - 2015-08-26 20:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-23 19:51 - 2015-08-26 20:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-23 19:51 - 2015-08-26 20:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-23 19:51 - 2015-08-26 20:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-23 19:51 - 2015-08-26 20:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-23 19:51 - 2015-08-26 20:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-23 19:51 - 2015-08-26 20:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-23 19:51 - 2015-08-26 20:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-23 19:51 - 2015-08-26 20:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-23 19:51 - 2015-08-26 20:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-23 19:51 - 2015-08-26 20:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-23 19:51 - 2015-08-26 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-23 19:51 - 2015-08-26 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-23 19:51 - 2015-08-26 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-23 19:51 - 2015-08-26 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-23 19:51 - 2015-08-26 19:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-23 19:51 - 2015-08-04 19:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-23 19:51 - 2015-08-04 19:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-23 19:51 - 2015-08-04 18:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-23 19:44 - 2015-09-30 14:07 - 00000000 ____D C:\Users\Mona\Documents\compi
2015-09-23 19:24 - 2015-09-23 19:24 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-23 19:24 - 2015-09-23 19:24 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-23 19:24 - 2015-09-23 19:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-23 19:23 - 2015-09-23 19:23 - 00243936 _____ C:\Users\Mona\Downloads\Firefox Setup Stub 41.0.exe
2015-09-22 19:06 - 2015-07-30 15:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-09-22 19:06 - 2015-07-30 15:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-09-22 17:01 - 2015-07-10 19:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-09-22 17:01 - 2015-07-10 19:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-09-22 17:01 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-09-22 17:01 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-09-22 17:01 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-09-22 17:00 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-09-22 17:00 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-09-22 16:56 - 2015-07-16 21:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-09-22 16:56 - 2015-07-16 21:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-09-22 16:56 - 2015-07-16 21:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-09-22 16:56 - 2015-07-16 21:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-09-22 16:56 - 2015-07-16 21:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-09-22 16:56 - 2015-07-16 21:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-09-22 16:56 - 2015-07-11 15:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-09-22 16:55 - 2015-07-15 20:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-22 16:55 - 2015-07-15 20:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-22 16:55 - 2015-07-15 20:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-22 16:55 - 2015-07-15 20:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-09-22 16:55 - 2015-07-15 20:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-22 16:55 - 2015-07-15 20:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-09-22 16:55 - 2015-07-15 20:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-09-22 16:55 - 2015-07-15 20:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-09-22 16:55 - 2015-07-15 20:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-22 16:55 - 2015-07-15 20:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-22 16:55 - 2015-07-15 20:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-22 16:55 - 2015-07-15 20:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-22 16:55 - 2015-07-15 20:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-09-22 16:55 - 2015-07-15 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-09-22 16:55 - 2015-07-15 20:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-22 16:55 - 2015-07-15 20:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-22 16:55 - 2015-07-15 20:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-09-22 16:55 - 2015-07-15 19:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-09-22 16:55 - 2015-07-15 19:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-22 16:55 - 2015-07-15 19:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-09-22 16:55 - 2015-07-15 19:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-09-22 16:55 - 2015-07-15 19:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-09-22 16:55 - 2015-07-15 19:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-09-22 16:55 - 2015-07-15 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-09-22 16:55 - 2015-07-15 19:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-09-22 16:55 - 2015-07-15 19:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-09-22 16:55 - 2015-07-15 19:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-09-22 16:55 - 2015-07-15 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-09-22 16:55 - 2015-07-15 19:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-09-22 16:55 - 2015-07-15 19:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-09-22 16:55 - 2015-07-15 19:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-09-22 16:55 - 2015-07-15 19:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-09-22 16:55 - 2015-07-15 19:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-09-22 16:55 - 2015-07-15 19:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-22 16:55 - 2015-07-15 19:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-09-22 16:55 - 2015-07-15 19:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-09-22 16:55 - 2015-07-15 19:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-09-22 16:55 - 2015-07-15 19:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-09-22 16:55 - 2015-07-15 19:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 18:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-22 16:55 - 2015-07-15 18:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-22 16:55 - 2015-07-15 18:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-22 16:55 - 2015-07-15 18:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-09-22 16:55 - 2015-07-15 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-09-22 16:55 - 2015-07-15 18:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 18:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 18:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 18:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-22 16:53 - 2015-06-09 20:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-09-22 16:53 - 2015-06-09 20:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-09-22 16:52 - 2015-07-15 05:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-09-22 16:48 - 2015-07-15 05:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-22 16:48 - 2015-07-15 05:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-22 16:48 - 2015-07-15 05:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-22 16:48 - 2015-07-15 05:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-22 16:48 - 2015-07-15 04:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-22 16:48 - 2015-07-15 04:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-22 16:48 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-09-22 16:48 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-09-22 16:48 - 2015-07-01 22:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-09-22 16:48 - 2015-07-01 22:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-09-22 16:48 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-09-22 16:48 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-09-22 16:45 - 2015-07-30 20:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-09-22 16:45 - 2015-07-30 20:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-09-22 16:45 - 2015-07-30 20:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-09-22 16:45 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-09-22 16:45 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-09-22 16:45 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-09-22 16:45 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-09-22 16:45 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-09-22 16:45 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-09-22 16:43 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-22 16:43 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-09-22 16:43 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-22 16:43 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-09-22 16:43 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-22 16:43 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-09-22 16:43 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-09-22 16:43 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-22 16:43 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-09-22 16:43 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-09-22 16:43 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-09-22 16:43 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-09-22 16:08 - 2015-09-22 16:08 - 00001138 _____ C:\Users\Public\Desktop\Avira Launcher.lnk

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-30 14:02 - 2009-07-14 06:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-30 14:02 - 2009-07-14 06:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-30 13:58 - 2012-09-30 13:27 - 01087959 _____ C:\Windows\WindowsUpdate.log
2015-09-30 13:53 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-30 13:52 - 2014-03-22 16:55 - 00012839 _____ C:\Windows\setupact.log
2015-09-30 13:52 - 2010-11-21 05:47 - 00998520 _____ C:\Windows\PFRO.log
2015-09-30 13:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-09-30 13:51 - 2012-09-30 13:42 - 00000000 ____D C:\Users\Mona\AppData\Roaming\SoftGrid Client
2015-09-30 12:28 - 2013-09-21 11:11 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3F9A1DB0-EBAA-43AC-9979-A5387D076F64}
2015-09-25 21:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-09-25 08:04 - 2009-07-14 06:45 - 00267816 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-25 08:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-24 01:14 - 2013-09-21 11:47 - 00000000 ____D C:\Windows\system32\MRT
2015-09-24 00:51 - 2012-09-30 15:45 - 00000000 ____D C:\Users\Mona\AppData\Roaming\Skype
2015-09-23 20:24 - 2013-03-18 23:12 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-23 20:01 - 2013-03-18 23:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-23 19:43 - 2013-03-18 23:26 - 00000000 ____D C:\Users\Mona\AppData\Local\Mozilla
2015-09-23 19:18 - 2014-03-23 09:41 - 00002172 _____ C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-09-23 19:18 - 2014-03-23 09:41 - 00000000 ___RD C:\Users\Mona\OneDrive
2015-09-23 19:15 - 2013-03-16 16:27 - 00000000 ___RD C:\Users\Mona\Podcasts
2015-09-22 19:06 - 2013-03-14 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-22 19:05 - 2013-03-14 11:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-22 19:05 - 2013-03-14 11:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-22 17:08 - 2013-05-22 11:28 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-09-22 17:08 - 2013-05-22 11:28 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2015-09-22 17:04 - 2014-12-29 23:41 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-09-22 16:39 - 2014-11-28 16:36 - 00000000 ____D C:\Program Files\Dl_cats
2015-09-22 16:37 - 2014-12-06 16:11 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-22 16:16 - 2014-11-20 09:32 - 00000000 __SHD C:\Users\Mona\AppData\Local\EmieBrowserModeList
2015-09-22 16:16 - 2014-04-24 01:59 - 00000000 __SHD C:\Users\Mona\AppData\Local\EmieUserList
2015-09-22 16:16 - 2014-04-24 01:59 - 00000000 __SHD C:\Users\Mona\AppData\Local\EmieSiteList
2015-09-22 16:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-22 16:08 - 2014-12-06 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-09-22 16:06 - 2014-12-06 16:15 - 00162528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-09-22 16:06 - 2014-12-06 16:15 - 00141416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-09-22 16:01 - 2012-05-14 18:06 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-22 16:01 - 2012-05-14 18:06 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-02-28 07:49 - 2014-02-28 07:49 - 0700113 _____ () C:\Users\Mona\AppData\Roaming\UserTile.png
2013-03-19 23:04 - 2014-03-29 07:41 - 0007680 _____ () C:\Users\Mona\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Einige Dateien in TEMP:
====================
C:\Users\Mona\AppData\Local\Temp\avgnt.exe
C:\Users\Mona\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-09-25 20:56

==================== Ende von FRST.txt ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
durchgeführt von Mona (2015-09-30 14:29:38)
Gestartet von C:\Users\Mona\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-09-30 09:24:10)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2335087299-416370035-993193814-500 - Administrator - Disabled)
Gast (S-1-5-21-2335087299-416370035-993193814-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2335087299-416370035-993193814-1003 - Limited - Enabled)
Mona (S-1-5-21-2335087299-416370035-993193814-1002 - Administrator - Enabled) => C:\Users\Mona

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{DB8F3717-56A7-AA87-3324-4CEAB9C7964E}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.14.0 - AppEx Networks)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.12.420 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{315dd168-0794-4cf1-8355-f195cde642fc}) (Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.140 - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2300 - Broadcom Corporation)
Cake Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.3.5018 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Photo AIO Printer 964 (HKLM\...\Dell Photo AIO Printer 964) (Version:  - )
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{4F34A145-8CF3-400C-B5DB-2B1BF604304D}) (Version: 5.1.4 - Hewlett-Packard)
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom (TM) 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{AB5BCC55-18E2-46C7-9405-FF61CB888F05}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{0D83FCDE-8CAF-45E6-907D-6AF8E2A5EE01}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP SimplePass (HKLM-x32\...\{4BACA3B8-F63A-44ED-9A8D-48B4D02AD268}) (Version: 6.0.100.276 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6392.0 - IDT)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2335087299-416370035-993193814-1002\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 41.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 de)) (Version: 41.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0 - Mozilla)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.54.309.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.27016 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.5.1 - Synaptics Incorporated)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{D8360C56-B89D-47AA-91A5-8D27A20844FB}) (Version: 4.3.304.0 - Validity Sensors, Inc.)
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Phone app for desktop (HKLM-x32\...\{19773614-FC22-4ACC-AAA3-E6BDA81ACF92}) (Version: 1.1.2726.0 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

13-07-2015 07:16:42 Windows Update
17-08-2015 11:58:38 Windows Update
22-09-2015 17:12:50 Windows Update
22-09-2015 18:48:18 Windows Update
24-09-2015 01:01:48 Windows Update
29-09-2015 11:57:47 Windows Update
30-09-2015 14:11:15 JRT Pre-Junkware Removal

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0D30A251-4646-40ED-8A0E-B0C0127034A7} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {1F81FE25-96D9-487F-B5FD-7F3C7A437DDC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6365A7D8-C85B-47B7-AEB4-2D06851F9D0E} - System32\Tasks\{FBA76E06-2FDB-425B-94EB-11B3EDD13E33} => pcalua.exe -a "C:\Users\Mona\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FW5PX1C\WindowsPhone.exe" -d C:\Users\Mona\Desktop
Task: {9FB25706-69FE-4CDB-B262-D1661B014AE6} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-02-21] (CyberLink)
Task: {A1A1AFA4-246D-47C0-A5A8-2A01F772FA72} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {C4BB5360-6CD7-4664-A7DA-078BC1D67A89} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {CE70E88F-7C25-4EF3-AACF-61FF3BD27E2B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {D94AC378-5D6E-41F6-B5C4-E493E4CB93EC} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)
Task: {F875A22F-1A8E-41B4-A78C-57D4F72659A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2005-07-12 23:58 - 2005-07-12 23:58 - 00365568 _____ () C:\Windows\System32\dlcjlmpm.dll
2014-03-01 07:31 - 2014-03-01 07:31 - 00484936 _____ () C:\Windows\SysWOW64\ezUPBHook32.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_0OLFavIE91284348923
AlternateDataStreams: C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_1OCalFavIE91545382048
AlternateDataStreams: C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_2PeopleFav-510560096
AlternateDataStreams: C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_3SkyDriveFav-324886575
AlternateDataStreams: C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_4OLFavIE91410631431

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2335087299-416370035-993193814-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{2AD5A21F-F97C-49E2-B21A-3F75300C7486}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E8AF0ECB-47C4-48C4-8771-688D789C88EB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{61F5C836-73E7-4F03-A837-2AE04E5CD657}] => (Allow) LPort=2869
FirewallRules: [{DBA3DF77-54B7-47EE-8896-8C582167E40C}] => (Allow) LPort=1900
FirewallRules: [{85887DEE-AACE-48A5-9BA2-2E99CFA12B54}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E87B6EEB-D76F-4A8B-A1F6-C008C0E63C8E}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{CD53AD27-9998-4C7C-8966-0480840D526E}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [{B17331D3-05A6-4252-9D0B-9367564D3835}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
FirewallRules: [{42F83011-ECEA-49C2-AC4E-9544DBE0B7D0}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{588D1C66-339A-49D0-B94D-FBC4D3D48FB7}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{4C91D21C-D962-485A-A667-92BDE386E619}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{6A6C38E4-C94C-4B35-8EF4-6D8A6FF4CBEA}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{EF24F5A3-CAC9-49DD-B0CE-7F0E025C68BA}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{56B7AFF5-B339-4A10-92EC-14409EAA7739}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{38F8F7A6-2259-4634-B780-86A4D2ACE25E}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{7CF8603B-63D9-4767-90EC-96E925352764}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{534AAC24-C121-46BF-B8C8-6254A526095B}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [TCP Query User{B3DF8C0A-BBF6-425A-9D61-9483FF8C35F4}C:\program files (x86)\imesh applications\imesh\imesh.exe] => (Block) C:\program files (x86)\imesh applications\imesh\imesh.exe
FirewallRules: [UDP Query User{B2E0D3A5-B9D2-491A-9E84-CD2C6825FA53}C:\program files (x86)\imesh applications\imesh\imesh.exe] => (Block) C:\program files (x86)\imesh applications\imesh\imesh.exe
FirewallRules: [{271C8BDF-2EFF-4825-8202-49BB0601D9E7}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe
FirewallRules: [{9A64DA4B-6357-489E-9D0B-8FB8498D8D36}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe
FirewallRules: [{57428D02-9522-45A0-BBEE-AFA63988D8E3}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~2\IE\dtuser.exe
FirewallRules: [{669E8D33-18DB-46AF-9B82-7065B2DAD0EF}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~2\IE\dtuser.exe
FirewallRules: [{34482316-6126-4CC7-B045-374C63F8E4F5}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~3\IE\dtuser.exe
FirewallRules: [{638F67E4-0E2A-4CE5-AEE6-16F1DFCEAC29}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~3\IE\dtuser.exe
FirewallRules: [{390FA873-A8A6-456A-AD3B-EDF34C3812C8}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~4\IE\dtuser.exe
FirewallRules: [{92C79CE7-689F-42D9-9841-96BC0A4AC35C}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~4\IE\dtuser.exe
FirewallRules: [{2D4BBE47-1E58-4CBC-AEB6-697B8B864F8A}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~1\IE\dtuser.exe
FirewallRules: [{225E13F4-5966-498C-85A6-B706A3428069}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~1\IE\dtuser.exe
FirewallRules: [{1ADA4650-0E09-419A-9125-7A0734E57EF8}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~2\IE\dtuser.exe
FirewallRules: [{4685489F-65FE-41BD-88E7-BBFA35B42364}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~2\IE\dtuser.exe
FirewallRules: [{E11FCAD3-3A75-4453-9BAD-C319386F9E5B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{86C3B2B8-B85D-4648-98CC-8ED0481B179D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{67EC46F5-1A52-4507-A5D8-91080DE3FB28}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{77DE10DF-0F0E-4DF9-8C6E-10B656590D73}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{546A2067-FE26-4499-AF7D-83A4B373BB58}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~3\IE\dtuser.exe
FirewallRules: [{36390584-1637-4278-866A-B6BDD5377765}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~3\IE\dtuser.exe
FirewallRules: [{389E39AD-FDDF-4C0A-B4E9-A6CD5BF9E753}] => (Allow) C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe
FirewallRules: [{24DEE0E0-BBB5-4A1F-BEDD-150BCF60DA1F}] => (Allow) C:\Users\Mona\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{E10FFDC0-D9EA-4A00-9AB2-DBBDD1BCA648}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CE83DE34-24CF-4F65-BC43-B5BDFE235E05}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/30/2015 02:23:38 PM) (Source: Application Virtualization Client) (EventID: 2007) (User: )
Description: Der Application Virtualization-Kerndienst wurde nicht richtig initialisiert.

Error: (09/30/2015 02:23:38 PM) (Source: Application Virtualization Client) (EventID: 3030) (User: )
Description: {tid=6A8}
Der Clientkern konnte nicht initialisiert werden (Rückgabecode 04502307-000D4002).

Error: (09/30/2015 02:23:38 PM) (Source: Application Virtualization Client) (EventID: 5002) (User: )
Description: {tid=6A8}
Fehler bei der Initialisierung, da Application Virtualization Client keine Instanz des Dateisystems abrufen konnte (Rückgabecode 16D0EA0A-0000E0A2).

Error: (09/30/2015 02:23:22 PM) (Source: Application Virtualization Client) (EventID: 2007) (User: )
Description: Der Application Virtualization-Kerndienst wurde nicht richtig initialisiert.

Error: (09/30/2015 02:23:22 PM) (Source: Application Virtualization Client) (EventID: 3030) (User: )
Description: {tid=15DC}
Der Clientkern konnte nicht initialisiert werden (Rückgabecode 04502307-000D4002).

Error: (09/30/2015 02:23:22 PM) (Source: Application Virtualization Client) (EventID: 5002) (User: )
Description: {tid=15DC}
Fehler bei der Initialisierung, da Application Virtualization Client keine Instanz des Dateisystems abrufen konnte (Rückgabecode 16D0EA0A-0000E0A2).

Error: (09/30/2015 02:23:04 PM) (Source: Application Virtualization Client) (EventID: 2007) (User: )
Description: Der Application Virtualization-Kerndienst wurde nicht richtig initialisiert.

Error: (09/30/2015 02:23:04 PM) (Source: Application Virtualization Client) (EventID: 3030) (User: )
Description: {tid=1464}
Der Clientkern konnte nicht initialisiert werden (Rückgabecode 04502307-000D4002).

Error: (09/30/2015 02:23:04 PM) (Source: Application Virtualization Client) (EventID: 5002) (User: )
Description: {tid=1464}
Fehler bei der Initialisierung, da Application Virtualization Client keine Instanz des Dateisystems abrufen konnte (Rückgabecode 16D0EA0A-0000E0A2).

Error: (09/30/2015 02:21:49 PM) (Source: Application Virtualization Client) (EventID: 2007) (User: )
Description: Der Application Virtualization-Kerndienst wurde nicht richtig initialisiert.


Systemfehler:
=============
Error: (09/30/2015 02:23:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Application Virtualization Client" wurde mit folgendem Fehler beendet: 
%%1114

Error: (09/30/2015 02:23:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Application Virtualization Client" wurde mit folgendem Fehler beendet: 
%%1114

Error: (09/30/2015 02:23:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Application Virtualization Client" wurde mit folgendem Fehler beendet: 
%%1114

Error: (09/30/2015 02:21:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Application Virtualization Client" wurde mit folgendem Fehler beendet: 
%%1114

Error: (09/30/2015 02:20:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Application Virtualization Client" wurde mit folgendem Fehler beendet: 
%%1114

Error: (09/30/2015 02:20:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Application Virtualization Client" wurde mit folgendem Fehler beendet: 
%%1114

Error: (09/30/2015 02:19:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Application Virtualization Client" wurde mit folgendem Fehler beendet: 
%%1114

Error: (09/30/2015 02:12:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/30/2015 02:12:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Office Software Protection Platform" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/30/2015 02:12:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


==================== Speicherinformationen =========================== 

Prozessor: AMD A6-4400M APU with Radeon(tm) HD Graphics 
Prozentuale Nutzung des RAM: 41%
Installierter physikalischer RAM: 3554.36 MB
Verfügbarer physikalischer RAM: 2073.66 MB
Summe virtueller Speicher: 7106.93 MB
Verfügbarer virtueller Speicher: 5045.89 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:443 GB) (Free:362.78 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]
Drive d: (Recovery) (Fixed) (Total:22.47 GB) (Free:2.36 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F15014C2)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=443 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== Ende von Addition.txt ============================

M-K-D-B · 30.09.2015, 17:04

Servus,

wir spüren noch evtl. Reste auf, bevor wir dann im Anschluss mit der 2. Bereinigungswelle starten.

Starte FRST erneut. Kopiere den Inhalt der folgenden Code-Box oben in die Zeile:

Code:

ATTFilter

AppFrozenPrivacy;DebugLogTooltip;DOSImportStart;MotionScriptSprite;imesh;inbox.com;Bandoo;SiteRanker;FLVM Player;edealpop;WinZip Driver Updater;Re-Markable;Browser Manager;BrowserProtect;Kromtech;searchresultstb;

Drücke auf Registry-Suche.
FRST beginnt mit dem Suchlauf. Dies kann einige Zeit dauern.
Am Ende erstellt FRST eine Textdatei Search.txt.
Poste mir deren Inhalt mit deiner nächsten Antwort.

smayate · 01.10.2015, 20:02

Code:

ATTFilter

Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
durchgeführt von Mona (2015-10-01 21:00:13)
Gestartet von C:\Users\Mona\Desktop
Start-Modus: Normal

================== Registry-Suche: "AppFrozenPrivacy;DebugLogTooltip;DOSImportStart;MotionScriptSprite;imesh;inbox.com;Bandoo;SiteRanker;FLVM Player;edealpop;WinZip Driver Updater;Re-Markable;Browser Manager;BrowserProtect;Kromtech;searchresultstb" ===========


===================== Suchergebnis für "AppFrozenPrivacy" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppFrozenPrivacy.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\AppFrozenPrivacy.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\ContextualOSWinsock.exe]
"LocalDumpFolder"="C:\Users\Mona\AppData\Local\AppFrozenPrivacy\desktop"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppFrozenPrivacy.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppFrozenPrivacy.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppFrozenPrivacy.exe]
"DisplayName"="AppFrozenPrivacy.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AppFrozenPrivacy.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AppFrozenPrivacy.exe]
"DisplayName"="AppFrozenPrivacy.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AppFrozenPrivacy.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AppFrozenPrivacy.exe]
"DisplayName"="AppFrozenPrivacy.exe"


===================== Suchergebnis für "DebugLogTooltip" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DebugLogTooltip.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\AddonCommandOffice.exe]
"LocalDumpFolder"="C:\Users\Mona\AppData\Local\DebugLogTooltip\desktop"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\DebugLogTooltip.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DebugLogTooltip.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DebugLogTooltip.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DebugLogTooltip.exe]
"DisplayName"="DebugLogTooltip.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\DebugLogTooltip.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\DebugLogTooltip.exe]
"DisplayName"="DebugLogTooltip.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DebugLogTooltip.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DebugLogTooltip.exe]
"DisplayName"="DebugLogTooltip.exe"


===================== Suchergebnis für "DOSImportStart" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOSImportStart.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\DOSImportStart.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\FrozenImportRepository.exe]
"LocalDumpFolder"="C:\Users\Mona\AppData\Local\DOSImportStart\desktop"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOSImportStart.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DOSImportStart.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DOSImportStart.exe]
"DisplayName"="DOSImportStart.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\DOSImportStart.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\DOSImportStart.exe]
"DisplayName"="DOSImportStart.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DOSImportStart.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DOSImportStart.exe]
"DisplayName"="DOSImportStart.exe"


===================== Suchergebnis für "MotionScriptSprite" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MotionScriptSprite.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\CursorPathPrivacy.exe]
"LocalDumpFolder"="C:\Users\Mona\AppData\Local\MotionScriptSprite\desktop"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\MotionScriptSprite.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MotionScriptSprite.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MotionScriptSprite.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MotionScriptSprite.exe]
"DisplayName"="MotionScriptSprite.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MotionScriptSprite.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MotionScriptSprite.exe]
"DisplayName"="MotionScriptSprite.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MotionScriptSprite.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MotionScriptSprite.exe]
"DisplayName"="MotionScriptSprite.exe"


===================== Suchergebnis für "imesh" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.AAC\OpenWithList\iMesh.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.aifc\OpenWithList\iMesh.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ape\OpenWithList\iMesh.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.au\OpenWithList\iMesh.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cda\OpenWithList\iMesh.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.flv\OpenWithList\iMesh.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.m1v\OpenWithList\iMesh.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.m4e\OpenWithList\iMesh.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.midi\OpenWithList\iMesh.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mkv\OpenWithList\iMesh.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mp2\OpenWithList\iMesh.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mp3\OpenWithList\iMesh.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mpa\OpenWithList\iMesh.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mpeg\OpenWithList\iMesh.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mpv2\OpenWithList\iMesh.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ram\OpenWithList\iMesh.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.rmi\OpenWithList\iMesh.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.snd\OpenWithList\iMesh.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vob\OpenWithList\iMesh.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wm\OpenWithList\iMesh.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.WMD\OpenWithList\iMesh.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wmx\OpenWithList\iMesh.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}]
""="QuickTimeShellExt"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C41C967C-1BD4-404c-8393-A34F94156193}]
""="iMesh"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioCD\shell\PlayWithiMesh]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioCD\shell\PlayWithiMesh\Command]
""=""C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe" --playdrive %L"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}\InprocServer32]
""="C:\Program Files (x86)\Windows Live\Photo Gallery\WLXQuickTimeShellExt.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{02AFA80F-4BEE-41FD-8572-214B58A9EF90}\InprocServer32]
""="C:\Program Files (x86)\iMesh Applications\iMesh\ac3filter.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376}\InprocServer32]
""="C:\Program Files (x86)\iMesh Applications\iMesh\ac3filter.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}\InprocServer32]
""="C:\Program Files (x86)\iMesh Applications\iMesh\MP4Splitter.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{525F116F-04AD-40A2-AE2F-A0C4E1AFEF98}\InprocServer32]
""="C:\Program Files (x86)\iMesh Applications\iMesh\VSFilter.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}\InprocServer32]
""="C:\Program Files (x86)\iMesh Applications\iMesh\MP4Splitter.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{90A9B7D2-3794-45EA-9E23-140E3938D2D9}\InprocServer32]
""="C:\Program Files (x86)\iMesh Applications\iMesh\ac3filter.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9852A670-F845-491B-9BE6-EBD841B8A613}\InprocServer32]
""="C:\Program Files (x86)\iMesh Applications\iMesh\VSFilter.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44}\InprocServer32]
""="C:\Program Files (x86)\iMesh Applications\iMesh\ac3filter.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ACE4747B-35BD-4E97-9DD7-1D4245B0695C}\InprocServer32]
""="C:\Program Files (x86)\iMesh Applications\iMesh\VSFilter.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CE77C59C-CFD2-429F-868C-8B04D23F94CA}\InprocServer32]
""="C:\Program Files (x86)\iMesh Applications\iMesh\VSFilter.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}\InprocServer32]
""="C:\Program Files (x86)\iMesh Applications\iMesh\MP4Splitter.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F544E0F5-CA3C-47EA-A64D-35FCF1602396}\InprocServer32]
""="C:\Program Files (x86)\iMesh Applications\iMesh\VSFilter.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{17FA043C-E30A-4BB5-9E4C-F47755678584}]
""="IImeShortcutMenuLaunchRequest"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{C41C967C-1BD4-404c-8393-A34F94156193}]
""="iMesh"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\iMesh.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMMediaPlayerOnArrival]
"Provider"="iMesh"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\iMesh Applications\iMesh\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\iMesh Applications\iMesh\HTML\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\PROGRA~3\iMesh\CreativesFiles\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\albumsview\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\artistsview\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\cdripview\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\ielogin\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\images\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\loginbox\images\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\scripts\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\videosview\images\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\welcome\images\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\iMesh\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0602AE0C946A76E45AE6F8B893B021FE]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\FixAudioDriverSignature.reg"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4\766F6333940964D4896BC447E3BE5C1B]
"File"="WLXQuickTimeShellExt.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0AACDB0ABC4C1744385AC00DEDEB1079]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\videosview\images\defpreview.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D83EAE0D5F1F5B46A4F31502F4BA842]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\HTML\Recommendation_Offline.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FEB8C4EB738C46408819CB11A64A9DE]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\HTML\offline.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1057B924D0C56AB46AE944A38A4A0A13]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\albumsview\albums.css"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1935C24A2B568C14C93D2C635437CD7C]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Users\Mona\AppData\Local\Temp\SetupDataMngr_iMesh.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A0C04077D0828E43BEA598A94E09972]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\HTML\Images\bg-top.jpg"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\243AED44EBB116A4BA6BB7B531CE6990]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\avcodec-51.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2792FA0E568184749BD892C0CED16740]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\Skins\Default.skn"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2CA20E76CD6F31947AD9C173280C2D77]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\ielogin\images\background.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2F02DE74CE7B2E541BFCB9D3CF71045C]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\loginbox\fberror.css"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\344302332E8194646A551E23B418A3BA]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\PROGRA~3\iMesh\Player.swf"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38786EA47CE80B84FBBA59CE7B558763]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\artistsview\images\defpreview.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42A762EC6B0AD19459635CE92364B14B]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\HTML\error.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\450B6DD24D9DE9B4CBAB91B3BAD689E4]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\HTML\loading.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4E1B2BA04D0961A46A1733DB9512E708]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\loginbox\images\login_back.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5285A0B88A98AE546B518325AB7DB3D2]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\UpdateInst.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5B64EFD9F8627AF48A9352992E94BB4C]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\WMHelper.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E654E43112A67841A82B5E9EC29089B]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\lame_enc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6ECCF2D6192B80D4290B5CB91F48A3F2]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\MP4Splitter.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FA5193E90884CE4BBD66CDE246B9A18]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\HTML\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\85C0344E205FCBC46AF4E804F88533A9]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\videosview\videos.css"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8A2F1F5F693C60646B6EBE91E09ADA72]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\Skins\Default.xml"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\99A7BF28040B4424BBC49971BEC9D3DD]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\PROGRA~3\iMesh\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1770D5CFCB326940B71C1835DF71A74]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1096D8E4B4B1EB4EAF4CF0F7873285E]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.ico"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B7A802BFEF67D7C4AB5CB3BC8E1D2C6A]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\ielogin\login.css"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BFDA3C44DA5F6444EBF5F2300F0F7B5E]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CC678FA5786698E4888EB08958094052]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\welcome\welcome.css"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CD7FDCC105F31164FA14723E5F5B8385]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\IMWebControl.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2F5E7F43C22542418F70306A157CD88]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\avutil-49.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D59983CDD34E80341B955D11E5A1D93E]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\MpaDecFilter.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E48B07A9D44E3F54CB3CF13E13A77F50]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\scripts\bottom_wnd.tis"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4F7EAFD5BF1D6B438CCD5ED5CAFFB02]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\richlist\empty.css"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ECF9D219F0DBCE440811BE84D4BF009B]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\Skins\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1D38563C571E4E42B8301988B51956C]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\Skins\Settings.xml"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F346D592E0F79C64BAB2EB903659C371]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\iMesh\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FF83654E0B8C5EF4EA612A3BDA17B7F4]
"1A594BF8F3A4D1C4DB72F3A32B6E7636"="C:\Program Files (x86)\iMesh Applications\iMesh\Skins\html\albumsview\images\add_hot.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
"iMesh"="SOFTWARE\iMesh\Capabilities"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\IMMediaPlayerOnArrival]
"DefaultIcon"="C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe, 0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\IMMediaPlayerOnArrival]
"ProgID"="iMesh.LauncherEventHandler"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}\InprocServer32]
""="C:\Program Files (x86)\Windows Live\Photo Gallery\WLXQuickTimeShellExt.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{02AFA80F-4BEE-41FD-8572-214B58A9EF90}\InprocServer32]
""="C:\Program Files (x86)\iMesh Applications\iMesh\ac3filter.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376}\InprocServer32]
""="C:\Program Files (x86)\iMesh Applications\iMesh\ac3filter.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}\InprocServer32]
""="C:\Program Files (x86)\iMesh Applications\iMesh\MP4Splitter.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{525F116F-04AD-40A2-AE2F-A0C4E1AFEF98}\InprocServer32]
""="C:\Program Files (x86)\iMesh Applications\iMesh\VSFilter.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}\InprocServer32]
""="C:\Program Files (x86)\iMesh Applications\iMesh\MP4Splitter.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{90A9B7D2-3794-45EA-9E23-140E3938D2D9}\InprocServer32]
""="C:\Program Files (x86)\iMesh Applications\iMesh\ac3filter.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9852A670-F845-491B-9BE6-EBD841B8A613}\InprocServer32]
""="C:\Program Files (x86)\iMesh Applications\iMesh\VSFilter.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44}\InprocServer32]
""="C:\Program Files (x86)\iMesh Applications\iMesh\ac3filter.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{ACE4747B-35BD-4E97-9DD7-1D4245B0695C}\InprocServer32]
""="C:\Program Files (x86)\iMesh Applications\iMesh\VSFilter.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{CE77C59C-CFD2-429F-868C-8B04D23F94CA}\InprocServer32]
""="C:\Program Files (x86)\iMesh Applications\iMesh\VSFilter.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}\InprocServer32]
""="C:\Program Files (x86)\iMesh Applications\iMesh\MP4Splitter.ax"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F544E0F5-CA3C-47EA-A64D-35FCF1602396}\InprocServer32]
""="C:\Program Files (x86)\iMesh Applications\iMesh\VSFilter.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{17FA043C-E30A-4BB5-9E4C-F47755678584}]
""="IImeShortcutMenuLaunchRequest"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{C41C967C-1BD4-404c-8393-A34F94156193}]
""="iMesh"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\RegisteredApplications]
"iMesh"="SOFTWARE\iMesh\Capabilities"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{B3DF8C0A-BBF6-425A-9D61-9483FF8C35F4}C:\program files (x86)\imesh applications\imesh\imesh.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\imesh applications\imesh\imesh.exe|Name=iMesh|Desc=iMesh|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{B2E0D3A5-B9D2-491A-9E84-CD2C6825FA53}C:\program files (x86)\imesh applications\imesh\imesh.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\imesh applications\imesh\imesh.exe|Name=iMesh|Desc=iMesh|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{271C8BDF-2EFF-4825-8202-49BB0601D9E7}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe|Name=Music Toolbar (Dist. by iMesh, Inc.) DTX Broker|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{57428D02-9522-45A0-BBEE-AFA63988D8E3}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~2\IE\dtuser.exe|Name=Music Toolbar (Dist. by iMesh, Inc.) DTX Broker|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{34482316-6126-4CC7-B045-374C63F8E4F5}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~3\IE\dtuser.exe|Name=Music Toolbar (Dist. by iMesh, Inc.) DTX Broker|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{390FA873-A8A6-456A-AD3B-EDF34C3812C8}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~4\IE\dtuser.exe|Name=Music Toolbar (Dist. by iMesh, Inc.) DTX Broker|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2D4BBE47-1E58-4CBC-AEB6-697B8B864F8A}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~1\IE\dtuser.exe|Name=Music Toolbar (Dist. by iMesh, Inc.) DTX Broker|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1ADA4650-0E09-419A-9125-7A0734E57EF8}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~2\IE\dtuser.exe|Name=Music Toolbar (Dist. by iMesh, Inc.) DTX Broker|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{546A2067-FE26-4499-AF7D-83A4B373BB58}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~3\IE\dtuser.exe|Name=Music Toolbar (Dist. by iMesh, Inc.) DTX Broker|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{B3DF8C0A-BBF6-425A-9D61-9483FF8C35F4}C:\program files (x86)\imesh applications\imesh\imesh.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\imesh applications\imesh\imesh.exe|Name=iMesh|Desc=iMesh|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{B2E0D3A5-B9D2-491A-9E84-CD2C6825FA53}C:\program files (x86)\imesh applications\imesh\imesh.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\imesh applications\imesh\imesh.exe|Name=iMesh|Desc=iMesh|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{271C8BDF-2EFF-4825-8202-49BB0601D9E7}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe|Name=Music Toolbar (Dist. by iMesh, Inc.) DTX Broker|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{57428D02-9522-45A0-BBEE-AFA63988D8E3}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~2\IE\dtuser.exe|Name=Music Toolbar (Dist. by iMesh, Inc.) DTX Broker|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{34482316-6126-4CC7-B045-374C63F8E4F5}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~3\IE\dtuser.exe|Name=Music Toolbar (Dist. by iMesh, Inc.) DTX Broker|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{390FA873-A8A6-456A-AD3B-EDF34C3812C8}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~4\IE\dtuser.exe|Name=Music Toolbar (Dist. by iMesh, Inc.) DTX Broker|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2D4BBE47-1E58-4CBC-AEB6-697B8B864F8A}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~1\IE\dtuser.exe|Name=Music Toolbar (Dist. by iMesh, Inc.) DTX Broker|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1ADA4650-0E09-419A-9125-7A0734E57EF8}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~2\IE\dtuser.exe|Name=Music Toolbar (Dist. by iMesh, Inc.) DTX Broker|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{546A2067-FE26-4499-AF7D-83A4B373BB58}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~3\IE\dtuser.exe|Name=Music Toolbar (Dist. by iMesh, Inc.) DTX Broker|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{B3DF8C0A-BBF6-425A-9D61-9483FF8C35F4}C:\program files (x86)\imesh applications\imesh\imesh.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\imesh applications\imesh\imesh.exe|Name=iMesh|Desc=iMesh|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{B2E0D3A5-B9D2-491A-9E84-CD2C6825FA53}C:\program files (x86)\imesh applications\imesh\imesh.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\imesh applications\imesh\imesh.exe|Name=iMesh|Desc=iMesh|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{271C8BDF-2EFF-4825-8202-49BB0601D9E7}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe|Name=Music Toolbar (Dist. by iMesh, Inc.) DTX Broker|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{57428D02-9522-45A0-BBEE-AFA63988D8E3}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~2\IE\dtuser.exe|Name=Music Toolbar (Dist. by iMesh, Inc.) DTX Broker|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{34482316-6126-4CC7-B045-374C63F8E4F5}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~3\IE\dtuser.exe|Name=Music Toolbar (Dist. by iMesh, Inc.) DTX Broker|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{390FA873-A8A6-456A-AD3B-EDF34C3812C8}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~4\IE\dtuser.exe|Name=Music Toolbar (Dist. by iMesh, Inc.) DTX Broker|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2D4BBE47-1E58-4CBC-AEB6-697B8B864F8A}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~1\IE\dtuser.exe|Name=Music Toolbar (Dist. by iMesh, Inc.) DTX Broker|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1ADA4650-0E09-419A-9125-7A0734E57EF8}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~2\IE\dtuser.exe|Name=Music Toolbar (Dist. by iMesh, Inc.) DTX Broker|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{546A2067-FE26-4499-AF7D-83A4B373BB58}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~3\IE\dtuser.exe|Name=Music Toolbar (Dist. by iMesh, Inc.) DTX Broker|"

[HKEY_USERS\S-1-5-21-2335087299-416370035-993193814-1002\Software\AppDataLow\Software\imeshmusicboxtoolbar181]

[HKEY_USERS\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ape\UserChoice]
"Progid"="iMesh.file"

[HKEY_USERS\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
"Progid"="iMesh.file"

[HKEY_USERS\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4e\UserChoice]
"Progid"="iMesh.file"

[HKEY_USERS\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
"Progid"="iMesh.file"

[HKEY_USERS\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\UserChoice]
"Progid"="iMesh.file"

[HKEY_USERS\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\UserChoice]
"Progid"="iMesh.file"

[HKEY_USERS\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Windows\CurrentVersion\Run-]
"iMesh"=""C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe" --lightmode"

[HKEY_USERS\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Users\Mona\Downloads\iMeshSetup-r0-n-bi.exe"="1"


===================== Suchergebnis für "Bandoo" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BandooV8.exe]

[HKEY_USERS\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Users\Mona\Downloads\BandooV8.exe"="1"


===================== Suchergebnis für "SiteRanker" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run-]
"SiteRanker"=""C:\Program Files (x86)\SiteRanker\SiteRankTray.exe""


===================== Suchergebnis für "WinZip Driver Updater" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip Driver Updater]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{389E39AD-FDDF-4C0A-B4E9-A6CD5BF9E753}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe|Name=WinZipDriverUpdater|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{389E39AD-FDDF-4C0A-B4E9-A6CD5BF9E753}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe|Name=WinZipDriverUpdater|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{389E39AD-FDDF-4C0A-B4E9-A6CD5BF9E753}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe|Name=WinZipDriverUpdater|"

[HKEY_USERS\S-1-5-21-2335087299-416370035-993193814-1002\Software\Nico Mak Computing\WinZip Driver Updater]

[HKEY_USERS\S-1-5-21-2335087299-416370035-993193814-1002\Software\Nico Mak Computing\WinZip Driver Updater]
"Download Path"="C:\Users\Mona\AppData\Roaming\WinZip\WinZipDU\WinZip Driver Updater\Download\"


===================== Suchergebnis für "Re-Markable" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6F788CCF-DCB3-5606-775B-E13C560D822F}\1.0\0\HELPDIR]
""="C:\Program Files (x86)\ver1Re-Markable"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6F788CCF-DCB3-5606-775B-E13C560D822F}\1.0\0\win64]
""="C:\Program Files (x86)\ver1Re-Markable\182_x64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6F788CCF-DCB3-5606-775B-E13C560D822F}\1.0\0\HELPDIR]
""="C:\Program Files (x86)\ver1Re-Markable"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6F788CCF-DCB3-5606-775B-E13C560D822F}\1.0\0\win64]
""="C:\Program Files (x86)\ver1Re-Markable\182_x64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6F788CCF-DCB3-5606-775B-E13C560D822F}\1.0\0\HELPDIR]
""="C:\Program Files (x86)\ver1Re-Markable"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6F788CCF-DCB3-5606-775B-E13C560D822F}\1.0\0\win64]
""="C:\Program Files (x86)\ver1Re-Markable\182_x64.dll"


===================== Suchergebnis für "Kromtech" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AF85DB83-06F2-4ECF-97CF-C46EDB06BE29}]
"LocalService"="KromtechAccountService"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{AF85DB83-06F2-4ECF-97CF-C46EDB06BE29}]
"LocalService"="KromtechAccountService"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{AF85DB83-06F2-4ECF-97CF-C46EDB06BE29}]
"LocalService"="KromtechAccountService"

[HKEY_USERS\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ca458171_0]
""="{0.0.0.00000000}.{ea7321d7-ef64-4e27-b77d-3aff6e2da081}|\Device\HarddiskVolume2\Program Files\Kromtech\PCKeeper Live\PCKeeper.exe%b{00000000-0000-0000-0000-000000000000}"

====== Ende von Suche ======

M-K-D-B · 02.10.2015, 13:59

Wir entfernen noch die letzten Reste und kontrollieren anschließend nochmal alles, damit dein Rechner auch sauber ist.
Hinweis: Die Suchläufe mit EEK und ESET können länger dauern.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2335087299-416370035-993193814-1002\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2335087299-416370035-993193814-1002\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-2335087299-416370035-993193814-1002\...\Policies\Explorer: [NoLogoff] 0
SearchScopes: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = 
SearchScopes: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> {3035FD3C-5308-4863-91DF-75E8C9A9C5A7} URL = 
Toolbar: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Keine Datei
S2 AppFrozenPrivacy.exe; C:\Users\Mona\AppData\Local\AppFrozenPrivacy\AppFrozenPrivacy.exe [X]
C:\Users\Mona\AppData\Local\AppFrozenPrivacy
S2 DebugLogTooltip.exe; C:\Users\Mona\AppData\Local\DebugLogTooltip\DebugLogTooltip.exe [X]
C:\Users\Mona\AppData\Local\DebugLogTooltip
S2 DOSImportStart.exe; C:\Users\Mona\AppData\Local\DOSImportStart\DOSImportStart.exe [X]
C:\Users\Mona\AppData\Local\DOSImportStart
S2 MotionScriptSprite.exe; C:\Users\Mona\AppData\Local\MotionScriptSprite\MotionScriptSprite.exe [X]
C:\Users\Mona\AppData\Local\MotionScriptSprite
Task: {6365A7D8-C85B-47B7-AEB4-2D06851F9D0E} - System32\Tasks\{FBA76E06-2FDB-425B-94EB-11B3EDD13E33} => pcalua.exe -a "C:\Users\Mona\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FW5PX1C\WindowsPhone.exe" -d C:\Users\Mona\Desktop
AlternateDataStreams: C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_0OLFavIE91284348923
AlternateDataStreams: C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_1OCalFavIE91545382048
AlternateDataStreams: C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_2PeopleFav-510560096
AlternateDataStreams: C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_3SkyDriveFav-324886575
AlternateDataStreams: C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_4OLFavIE91410631431
FirewallRules: [TCP Query User{B3DF8C0A-BBF6-425A-9D61-9483FF8C35F4}C:\program files (x86)\imesh applications\imesh\imesh.exe] => (Block) C:\program files (x86)\imesh applications\imesh\imesh.exe
FirewallRules: [UDP Query User{B2E0D3A5-B9D2-491A-9E84-CD2C6825FA53}C:\program files (x86)\imesh applications\imesh\imesh.exe] => (Block) C:\program files (x86)\imesh applications\imesh\imesh.exe
FirewallRules: [{271C8BDF-2EFF-4825-8202-49BB0601D9E7}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe
FirewallRules: [{9A64DA4B-6357-489E-9D0B-8FB8498D8D36}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe
FirewallRules: [{57428D02-9522-45A0-BBEE-AFA63988D8E3}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~2\IE\dtuser.exe
FirewallRules: [{669E8D33-18DB-46AF-9B82-7065B2DAD0EF}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~2\IE\dtuser.exe
FirewallRules: [{34482316-6126-4CC7-B045-374C63F8E4F5}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~3\IE\dtuser.exe
FirewallRules: [{638F67E4-0E2A-4CE5-AEE6-16F1DFCEAC29}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~3\IE\dtuser.exe
FirewallRules: [{390FA873-A8A6-456A-AD3B-EDF34C3812C8}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~4\IE\dtuser.exe
FirewallRules: [{92C79CE7-689F-42D9-9841-96BC0A4AC35C}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~4\IE\dtuser.exe
FirewallRules: [{2D4BBE47-1E58-4CBC-AEB6-697B8B864F8A}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~1\IE\dtuser.exe
FirewallRules: [{225E13F4-5966-498C-85A6-B706A3428069}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~1\IE\dtuser.exe
FirewallRules: [{1ADA4650-0E09-419A-9125-7A0734E57EF8}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~2\IE\dtuser.exe
FirewallRules: [{4685489F-65FE-41BD-88E7-BBFA35B42364}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~2\IE\dtuser.exe
FirewallRules: [{546A2067-FE26-4499-AF7D-83A4B373BB58}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~3\IE\dtuser.exe
FirewallRules: [{36390584-1637-4278-866A-B6BDD5377765}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~3\IE\dtuser.exe
FirewallRules: [{389E39AD-FDDF-4C0A-B4E9-A6CD5BF9E753}] => (Allow) C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppFrozenPrivacy.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\AppFrozenPrivacy.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppFrozenPrivacy.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DebugLogTooltip.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\AddonCommandOffice.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\DebugLogTooltip.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DebugLogTooltip.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOSImportStart.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\DOSImportStart.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\FrozenImportRepository.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOSImportStart.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MotionScriptSprite.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\CursorPathPrivacy.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\MotionScriptSprite.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MotionScriptSprite.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.AAC\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.aifc\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ape\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.au\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cda\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.flv\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.m1v\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.m4e\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.midi\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mkv\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mp2\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mp3\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mpa\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mpeg\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mpv2\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ram\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.rmi\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.snd\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vob\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wm\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.WMD\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wmx\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C41C967C-1BD4-404c-8393-A34F94156193}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioCD\shell\PlayWithiMesh
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{02AFA80F-4BEE-41FD-8572-214B58A9EF90}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{525F116F-04AD-40A2-AE2F-A0C4E1AFEF98}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{90A9B7D2-3794-45EA-9E23-140E3938D2D9}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9852A670-F845-491B-9BE6-EBD841B8A613}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ACE4747B-35BD-4E97-9DD7-1D4245B0695C}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CE77C59C-CFD2-429F-868C-8B04D23F94CA}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F544E0F5-CA3C-47EA-A64D-35FCF1602396}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{C41C967C-1BD4-404c-8393-A34F94156193}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMMediaPlayerOnArrival
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\RegisteredApplications
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BandooV8.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip Driver Updater
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6F788CCF-DCB3-5606-775B-E13C560D822F}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6F788CCF-DCB3-5606-775B-E13C560D822F}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6F788CCF-DCB3-5606-775B-E13C560D822F}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AF85DB83-06F2-4ECF-97CF-C46EDB06BE29}
RemoveProxy:
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Lade Dir bitte von hier

Emsisoft Emergency Kit herunter.

Bitte installiere das Programm in den vorgegebenen Pfad.
Starte das Programm durch Doppelklick der Desktopverknüpfung.
Das EEK ist nach dem Laden der Malwaresignaturen für den Scan bereit.
Folge nun bitte der bebilderten Bildanleitung zu Emergency Kit, entferne alle Funde und poste am Ende des Scans bzw. der Bereinigung das Log.

Schritt 3
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Schritt 4

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von EEK,
die Logdatei von HitmanPro,
die Logdatei von ESET.

M-K-D-B · 05.10.2015, 14:33

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

smayate · 06.10.2015, 15:41

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
durchgeführt von Mona (2015-10-03 10:44:19) Run:1
Gestartet von C:\Users\Mona\Desktop
Geladene Profile: Mona (Verfügbare Profile: Mona)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2335087299-416370035-993193814-1002\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2335087299-416370035-993193814-1002\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-2335087299-416370035-993193814-1002\...\Policies\Explorer: [NoLogoff] 0
SearchScopes: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = 
SearchScopes: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> {3035FD3C-5308-4863-91DF-75E8C9A9C5A7} URL = 
Toolbar: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Keine Datei
S2 AppFrozenPrivacy.exe; C:\Users\Mona\AppData\Local\AppFrozenPrivacy\AppFrozenPrivacy.exe [X]
C:\Users\Mona\AppData\Local\AppFrozenPrivacy
S2 DebugLogTooltip.exe; C:\Users\Mona\AppData\Local\DebugLogTooltip\DebugLogTooltip.exe [X]
C:\Users\Mona\AppData\Local\DebugLogTooltip
S2 DOSImportStart.exe; C:\Users\Mona\AppData\Local\DOSImportStart\DOSImportStart.exe [X]
C:\Users\Mona\AppData\Local\DOSImportStart
S2 MotionScriptSprite.exe; C:\Users\Mona\AppData\Local\MotionScriptSprite\MotionScriptSprite.exe [X]
C:\Users\Mona\AppData\Local\MotionScriptSprite
Task: {6365A7D8-C85B-47B7-AEB4-2D06851F9D0E} - System32\Tasks\{FBA76E06-2FDB-425B-94EB-11B3EDD13E33} => pcalua.exe -a "C:\Users\Mona\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FW5PX1C\WindowsPhone.exe" -d C:\Users\Mona\Desktop
AlternateDataStreams: C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_0OLFavIE91284348923
AlternateDataStreams: C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_1OCalFavIE91545382048
AlternateDataStreams: C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_2PeopleFav-510560096
AlternateDataStreams: C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_3SkyDriveFav-324886575
AlternateDataStreams: C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_4OLFavIE91410631431
FirewallRules: [TCP Query User{B3DF8C0A-BBF6-425A-9D61-9483FF8C35F4}C:\program files (x86)\imesh applications\imesh\imesh.exe] => (Block) C:\program files (x86)\imesh applications\imesh\imesh.exe
FirewallRules: [UDP Query User{B2E0D3A5-B9D2-491A-9E84-CD2C6825FA53}C:\program files (x86)\imesh applications\imesh\imesh.exe] => (Block) C:\program files (x86)\imesh applications\imesh\imesh.exe
FirewallRules: [{271C8BDF-2EFF-4825-8202-49BB0601D9E7}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe
FirewallRules: [{9A64DA4B-6357-489E-9D0B-8FB8498D8D36}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe
FirewallRules: [{57428D02-9522-45A0-BBEE-AFA63988D8E3}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~2\IE\dtuser.exe
FirewallRules: [{669E8D33-18DB-46AF-9B82-7065B2DAD0EF}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~2\IE\dtuser.exe
FirewallRules: [{34482316-6126-4CC7-B045-374C63F8E4F5}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~3\IE\dtuser.exe
FirewallRules: [{638F67E4-0E2A-4CE5-AEE6-16F1DFCEAC29}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~3\IE\dtuser.exe
FirewallRules: [{390FA873-A8A6-456A-AD3B-EDF34C3812C8}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~4\IE\dtuser.exe
FirewallRules: [{92C79CE7-689F-42D9-9841-96BC0A4AC35C}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~4\IE\dtuser.exe
FirewallRules: [{2D4BBE47-1E58-4CBC-AEB6-697B8B864F8A}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~1\IE\dtuser.exe
FirewallRules: [{225E13F4-5966-498C-85A6-B706A3428069}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~1\IE\dtuser.exe
FirewallRules: [{1ADA4650-0E09-419A-9125-7A0734E57EF8}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~2\IE\dtuser.exe
FirewallRules: [{4685489F-65FE-41BD-88E7-BBFA35B42364}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~2\IE\dtuser.exe
FirewallRules: [{546A2067-FE26-4499-AF7D-83A4B373BB58}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~3\IE\dtuser.exe
FirewallRules: [{36390584-1637-4278-866A-B6BDD5377765}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SR0DE8~3\IE\dtuser.exe
FirewallRules: [{389E39AD-FDDF-4C0A-B4E9-A6CD5BF9E753}] => (Allow) C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppFrozenPrivacy.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\AppFrozenPrivacy.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppFrozenPrivacy.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DebugLogTooltip.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\AddonCommandOffice.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\DebugLogTooltip.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DebugLogTooltip.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOSImportStart.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\DOSImportStart.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\FrozenImportRepository.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOSImportStart.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MotionScriptSprite.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\CursorPathPrivacy.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\MotionScriptSprite.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MotionScriptSprite.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.AAC\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.aifc\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ape\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.au\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cda\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.flv\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.m1v\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.m4e\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.midi\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mkv\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mp2\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mp3\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mpa\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mpeg\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mpv2\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ram\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.rmi\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.snd\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vob\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wm\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.WMD\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wmx\OpenWithList\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C41C967C-1BD4-404c-8393-A34F94156193}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioCD\shell\PlayWithiMesh
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{02AFA80F-4BEE-41FD-8572-214B58A9EF90}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{525F116F-04AD-40A2-AE2F-A0C4E1AFEF98}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{90A9B7D2-3794-45EA-9E23-140E3938D2D9}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9852A670-F845-491B-9BE6-EBD841B8A613}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ACE4747B-35BD-4E97-9DD7-1D4245B0695C}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CE77C59C-CFD2-429F-868C-8B04D23F94CA}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F544E0F5-CA3C-47EA-A64D-35FCF1602396}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{C41C967C-1BD4-404c-8393-A34F94156193}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\iMesh.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMMediaPlayerOnArrival
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\RegisteredApplications
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BandooV8.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip Driver Updater
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6F788CCF-DCB3-5606-775B-E13C560D822F}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6F788CCF-DCB3-5606-775B-E13C560D822F}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6F788CCF-DCB3-5606-775B-E13C560D822F}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AF85DB83-06F2-4ECF-97CF-C46EDB06BE29}
RemoveProxy:
EmptyTemp:
end
         
*****************

Prozess erfolgreich geschlossen.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Wert erfolgreich entfernt
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => Wert erfolgreich entfernt
HKU\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => Wert erfolgreich entfernt
HKU\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableChangePassword => Wert erfolgreich entfernt
HKU\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => Wert erfolgreich entfernt
HKU\S-1-5-21-2335087299-416370035-993193814-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt
"HKU\S-1-5-21-2335087299-416370035-993193814-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3035FD3C-5308-4863-91DF-75E8C9A9C5A7}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{3035FD3C-5308-4863-91DF-75E8C9A9C5A7} => Schlüssel nicht gefunden. 
HKU\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Wert erfolgreich entfernt
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Schlüssel nicht gefunden. 
AppFrozenPrivacy.exe => Dienst erfolgreich entfernt
"C:\Users\Mona\AppData\Local\AppFrozenPrivacy" => Datei/Ordner nicht gefunden.
DebugLogTooltip.exe => Dienst erfolgreich entfernt
"C:\Users\Mona\AppData\Local\DebugLogTooltip" => Datei/Ordner nicht gefunden.
DOSImportStart.exe => Dienst erfolgreich entfernt
"C:\Users\Mona\AppData\Local\DOSImportStart" => Datei/Ordner nicht gefunden.
MotionScriptSprite.exe => Dienst erfolgreich entfernt
"C:\Users\Mona\AppData\Local\MotionScriptSprite" => Datei/Ordner nicht gefunden.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6365A7D8-C85B-47B7-AEB4-2D06851F9D0E}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6365A7D8-C85B-47B7-AEB4-2D06851F9D0E}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{FBA76E06-2FDB-425B-94EB-11B3EDD13E33} => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FBA76E06-2FDB-425B-94EB-11B3EDD13E33}" => Schlüssel erfolgreich entfernt
C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website => ":TASKICON_0OLFavIE91284348923" ADS erfolgreich entfernt.
C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website => ":TASKICON_1OCalFavIE91545382048" ADS erfolgreich entfernt.
C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website => ":TASKICON_2PeopleFav-510560096" ADS erfolgreich entfernt.
C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website => ":TASKICON_3SkyDriveFav-324886575" ADS erfolgreich entfernt.
C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website => ":TASKICON_4OLFavIE91410631431" ADS erfolgreich entfernt.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B3DF8C0A-BBF6-425A-9D61-9483FF8C35F4}C:\program files (x86)\imesh applications\imesh\imesh.exe => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B2E0D3A5-B9D2-491A-9E84-CD2C6825FA53}C:\program files (x86)\imesh applications\imesh\imesh.exe => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{271C8BDF-2EFF-4825-8202-49BB0601D9E7} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9A64DA4B-6357-489E-9D0B-8FB8498D8D36} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{57428D02-9522-45A0-BBEE-AFA63988D8E3} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{669E8D33-18DB-46AF-9B82-7065B2DAD0EF} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{34482316-6126-4CC7-B045-374C63F8E4F5} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{638F67E4-0E2A-4CE5-AEE6-16F1DFCEAC29} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{390FA873-A8A6-456A-AD3B-EDF34C3812C8} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{92C79CE7-689F-42D9-9841-96BC0A4AC35C} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2D4BBE47-1E58-4CBC-AEB6-697B8B864F8A} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{225E13F4-5966-498C-85A6-B706A3428069} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1ADA4650-0E09-419A-9125-7A0734E57EF8} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4685489F-65FE-41BD-88E7-BBFA35B42364} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{546A2067-FE26-4499-AF7D-83A4B373BB58} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{36390584-1637-4278-866A-B6BDD5377765} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{389E39AD-FDDF-4C0A-B4E9-A6CD5BF9E753} => Wert erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppFrozenPrivacy.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\AppFrozenPrivacy.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppFrozenPrivacy.exe => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DebugLogTooltip.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\AddonCommandOffice.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\DebugLogTooltip.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DebugLogTooltip.exe => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOSImportStart.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\DOSImportStart.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\FrozenImportRepository.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOSImportStart.exe => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MotionScriptSprite.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\CursorPathPrivacy.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\MotionScriptSprite.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MotionScriptSprite.exe => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.AAC\OpenWithList\iMesh.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.aifc\OpenWithList\iMesh.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ape\OpenWithList\iMesh.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.au\OpenWithList\iMesh.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cda\OpenWithList\iMesh.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.flv\OpenWithList\iMesh.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.m1v\OpenWithList\iMesh.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.m4e\OpenWithList\iMesh.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.midi\OpenWithList\iMesh.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mkv\OpenWithList\iMesh.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mp2\OpenWithList\iMesh.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mp3\OpenWithList\iMesh.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mpa\OpenWithList\iMesh.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mpeg\OpenWithList\iMesh.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mpv2\OpenWithList\iMesh.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ram\OpenWithList\iMesh.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.rmi\OpenWithList\iMesh.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.snd\OpenWithList\iMesh.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vob\OpenWithList\iMesh.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wm\OpenWithList\iMesh.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.WMD\OpenWithList\iMesh.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wmx\OpenWithList\iMesh.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C41C967C-1BD4-404c-8393-A34F94156193} => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioCD\shell\PlayWithiMesh => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioCD\shell\PlayWithiMesh => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{02AFA80F-4BEE-41FD-8572-214B58A9EF90} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{02AFA80F-4BEE-41FD-8572-214B58A9EF90} => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376} => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B} => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{525F116F-04AD-40A2-AE2F-A0C4E1AFEF98} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{525F116F-04AD-40A2-AE2F-A0C4E1AFEF98} => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD} => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{90A9B7D2-3794-45EA-9E23-140E3938D2D9} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{90A9B7D2-3794-45EA-9E23-140E3938D2D9} => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9852A670-F845-491B-9BE6-EBD841B8A613} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9852A670-F845-491B-9BE6-EBD841B8A613} => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44} => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ACE4747B-35BD-4E97-9DD7-1D4245B0695C} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ACE4747B-35BD-4E97-9DD7-1D4245B0695C} => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CE77C59C-CFD2-429F-868C-8B04D23F94CA} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CE77C59C-CFD2-429F-868C-8B04D23F94CA} => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A} => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F544E0F5-CA3C-47EA-A64D-35FCF1602396} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F544E0F5-CA3C-47EA-A64D-35FCF1602396} => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{C41C967C-1BD4-404c-8393-A34F94156193} => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\iMesh.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMMediaPlayerOnArrival => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications => Schlüssel erfolgreich entfernt
RegLink Found. Source: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\RegisteredApplications" => Target: "0xEGISTRY\MACHINE\SOFTWARE\RegisteredApplications"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\RegisteredApplications => konnte nicht entfernt werden Registry symbolischer Link, Schlüssel könnte geschützt sein.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BandooV8.exe => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip Driver Updater => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip Driver Updater => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6F788CCF-DCB3-5606-775B-E13C560D822F} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6F788CCF-DCB3-5606-775B-E13C560D822F} => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6F788CCF-DCB3-5606-775B-E13C560D822F} => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6F788CCF-DCB3-5606-775B-E13C560D822F} => Schlüssel nicht gefunden. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AF85DB83-06F2-4ECF-97CF-C46EDB06BE29} => Schlüssel erfolgreich entfernt

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2335087299-416370035-993193814-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2335087299-416370035-993193814-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========

EmptyTemp: => 1.5 GB temporäre Dateien entfernt.


Das System musste neu gestartet werden.. 

==== Ende von Fixlog 10:45:27 ====

Code:

ATTFilter

Emsisoft Emergency Kit - Version 10.0
Letztes Update: 03.10.2015 22:30:02
Benutzerkonto: HP_Mona\Mona

Scan-Einstellungen:

Scan-Methode: Malware-Scan
Objekte: Rootkits, Speicher, Traces, Dateien

PUPs-Erkennung: An
Archiv-Scan: Aus
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan-Beginn:	03.10.2015 22:32:25
Value: HKEY_USERS\S-1-5-21-2335087299-416370035-993193814-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR 	Gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-2335087299-416370035-993193814-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS 	Gefunden: Setting.DisableRegistryTools (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CURL.HTTPDATAACCESSOR 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CURL.HTTPDATAACCESSOR.1 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CURL.HTTPDOWNLOADSTATUS 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CURL.HTTPDOWNLOADSTATUS.1 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CURL.HTTPFILEDOWNLOADSERVICE 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CURL.HTTPFILEDOWNLOADSERVICE.1 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CURL.HTTPPROXYINFO 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CURL.HTTPPROXYINFO.1 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CURL.HTTPSERVICE 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CURL.HTTPSERVICE.1 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CURL.HTTPSERVICEFACTORY 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CURL.HTTPSERVICEFACTORY.1 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{266294D5-5A0D-46E8-9294-BCB6EAFA478F} 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{518CA0FD-F755-4F98-A2A8-CD450FB203AB} 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5E9B4D72-C58D-48BF-AC09-68182D472160} 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{72434BC1-E46D-47A1-A597-8749DFBCC24A} 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{7DBA2B02-EA31-4B98-812B-C6E8AE5C2972} 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{929FCA79-44E2-4408-83E7-F93AAE0B0909} 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{94FBDF11-676E-42E5-A516-1FD39970386B} 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9932C738-5580-4408-A0E8-5EA03BE5FB18} 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A288B32D-1001-479F-8DA2-E259010B7A31} 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A5D99259-ADA3-48A5-B861-39813B713DCB} 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{AFFA986E-4B0F-4F15-9DDC-19FE8129602A} 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B348A16C-64A6-4EAE-A42A-722623572C7E} 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C29CF951-7F4F-4B8D-ACA8-C4EE934C27DC} 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D60A7941-4F69-4A79-BED7-72ADA784B8F7} 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{DFF35F25-E783-4E26-8DA6-EBB66B8B0E39} 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E57D3C8D-ADD0-4AE0-8A14-0D0F6A3487FB} 	Gefunden: Application.AdReg (A)

Gescannt:	73556
Gefunden	30

Scan-Ende:	03.10.2015 22:40:16
Scan-Zeit:	0:07:51

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E57D3C8D-ADD0-4AE0-8A14-0D0F6A3487FB}	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{DFF35F25-E783-4E26-8DA6-EBB66B8B0E39}	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D60A7941-4F69-4A79-BED7-72ADA784B8F7}	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C29CF951-7F4F-4B8D-ACA8-C4EE934C27DC}	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B348A16C-64A6-4EAE-A42A-722623572C7E}	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{AFFA986E-4B0F-4F15-9DDC-19FE8129602A}	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A5D99259-ADA3-48A5-B861-39813B713DCB}	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A288B32D-1001-479F-8DA2-E259010B7A31}	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9932C738-5580-4408-A0E8-5EA03BE5FB18}	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{94FBDF11-676E-42E5-A516-1FD39970386B}	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{929FCA79-44E2-4408-83E7-F93AAE0B0909}	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{7DBA2B02-EA31-4B98-812B-C6E8AE5C2972}	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{72434BC1-E46D-47A1-A597-8749DFBCC24A}	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5E9B4D72-C58D-48BF-AC09-68182D472160}	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{518CA0FD-F755-4F98-A2A8-CD450FB203AB}	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{266294D5-5A0D-46E8-9294-BCB6EAFA478F}	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CURL.HTTPSERVICEFACTORY.1	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CURL.HTTPSERVICEFACTORY	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CURL.HTTPSERVICE.1	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CURL.HTTPSERVICE	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CURL.HTTPPROXYINFO.1	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CURL.HTTPPROXYINFO	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CURL.HTTPFILEDOWNLOADSERVICE.1	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CURL.HTTPFILEDOWNLOADSERVICE	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CURL.HTTPDOWNLOADSTATUS.1	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CURL.HTTPDOWNLOADSTATUS	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CURL.HTTPDATAACCESSOR.1	Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CURL.HTTPDATAACCESSOR	Quarantäne Application.AdReg (A)
Value: HKEY_USERS\S-1-5-21-2335087299-416370035-993193814-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS	Quarantäne Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-2335087299-416370035-993193814-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR	Quarantäne Setting.DisableTaskMgr (A)

Quarantäne	30

Code:

ATTFilter

HitmanPro 3.7.9.246
www.hitmanpro.com

   Computer name . . . . : HP_MONA
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : HP_Mona\Mona
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2015-10-03 22:52:19
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 22s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 142

   Objects scanned . . . : 1'365'617
   Files scanned . . . . : 32'435
   Remnants scanned  . . : 311'230 files / 1'021'952 keys

Suspicious files ____________________________________________________________

   C:\Users\Mona\Desktop\FRST64.exe
      Size . . . . . . . : 2'192'384 bytes
      Age  . . . . . . . : 4.3 days (2015-09-29 15:48:21)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 426003C52317CD4C46B8D5C8C6961964B9DDD1AA4659AB26D90AD37A485C9B5F
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.


Potential Unwanted Programs _________________________________________________

   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\ (Bandoo)
   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\chrome.manifest (Bandoo)
   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\components\ (Bandoo)
   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\components\FFPluginV10.dll (Bandoo)
      Size . . . . . . . : 2'378'752 bytes
      Age  . . . . . . . : 585.2 days (2014-02-25 18:14:19)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 80985712BBC2C597F47DF3A7A42FC25A64E18F7E17E6A936908FA3F11FDE2B68
      Product  . . . . . : Bandoo
      Publisher  . . . . : Bandoo Media Inc.
      Description  . . . : Bandoo Firefox Plugin
      Version  . . . . . : 8.0
      Copyright  . . . . : Copyright (c) 2013
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 0.0

   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\components\FFPluginV11.dll (Bandoo)
      Size . . . . . . . : 2'378'752 bytes
      Age  . . . . . . . : 585.2 days (2014-02-25 18:14:19)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : BFE73DD0CB426FB875288A78DDAC47D52456D20BB8CEFF32BA49F57EBDEF9DB9
      Product  . . . . . : Bandoo
      Publisher  . . . . : Bandoo Media Inc.
      Description  . . . : Bandoo Firefox Plugin
      Version  . . . . . : 8.0
      Copyright  . . . . : Copyright (c) 2013
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 0.0

   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\components\FFPluginV12.dll (Bandoo)
      Size . . . . . . . : 2'378'752 bytes
      Age  . . . . . . . : 585.2 days (2014-02-25 18:14:19)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 0934A347D36A4E32FB0F2C93B899AEBAE00E7FDB7B07FB6FE1AB03619BC67515
      Product  . . . . . : Bandoo
      Publisher  . . . . : Bandoo Media Inc.
      Description  . . . : Bandoo Firefox Plugin
      Version  . . . . . : 8.0
      Copyright  . . . . : Copyright (c) 2013
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 0.0

   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\components\FFPluginV13.dll (Bandoo)
      Size . . . . . . . : 2'378'752 bytes
      Age  . . . . . . . : 585.2 days (2014-02-25 18:14:20)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 79D6F295B96180396898F315BCD67F318D603F1FE267444E6537ABF12BF6ACDB
      Product  . . . . . : Bandoo
      Publisher  . . . . : Bandoo Media Inc.
      Description  . . . : Bandoo Firefox Plugin
      Version  . . . . . : 8.0
      Copyright  . . . . : Copyright (c) 2013
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 0.0

   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\components\FFPluginV14.dll (Bandoo)
      Size . . . . . . . : 2'378'752 bytes
      Age  . . . . . . . : 585.2 days (2014-02-25 18:14:20)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : CDF6B402588DE0770293993C9DB91B2652621481FEE4E69952771CD8CE506982
      Product  . . . . . : Bandoo
      Publisher  . . . . : Bandoo Media Inc.
      Description  . . . : Bandoo Firefox Plugin
      Version  . . . . . : 8.0
      Copyright  . . . . : Copyright (c) 2013
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 0.0

   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\components\FFPluginV15.dll (Bandoo)
      Size . . . . . . . : 2'378'752 bytes
      Age  . . . . . . . : 585.2 days (2014-02-25 18:14:20)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 93624DE0E24D1649FC41688D5F68C14113BB22E87FEF6E6855DD9447812AB360
      Product  . . . . . : Bandoo
      Publisher  . . . . : Bandoo Media Inc.
      Description  . . . : Bandoo Firefox Plugin
      Version  . . . . . : 8.0
      Copyright  . . . . : Copyright (c) 2013
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 0.0

   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\components\FFPluginV16.dll (Bandoo)
      Size . . . . . . . : 2'377'728 bytes
      Age  . . . . . . . : 585.2 days (2014-02-25 18:14:20)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : AB25302746B0143DE3130528546F0C29D18AC36B543CEE3AD2FDD8D27C87DD23
      Product  . . . . . : Bandoo
      Publisher  . . . . : Bandoo Media Inc.
      Description  . . . : Bandoo Firefox Plugin
      Version  . . . . . : 8.0
      Copyright  . . . . : Copyright (c) 2013
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 0.0

   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\components\FFPluginV17.dll (Bandoo)
      Size . . . . . . . : 2'377'728 bytes
      Age  . . . . . . . : 585.2 days (2014-02-25 18:14:21)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 642E7C4F5E409852E1EF70C1E8FA55987B0E58A650D13BE1D285A125DC0D1FA8
      Product  . . . . . : Bandoo
      Publisher  . . . . : Bandoo Media Inc.
      Description  . . . : Bandoo Firefox Plugin
      Version  . . . . . : 8.0
      Copyright  . . . . : Copyright (c) 2013
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 0.0

   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\components\FFPluginV5.dll (Bandoo)
      Size . . . . . . . : 2'425'344 bytes
      Age  . . . . . . . : 585.2 days (2014-02-25 18:14:21)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : C48512D68B5451E45A3A6791CFCC03FE065F66EB44053123A20813C4DA5745AD
      Product  . . . . . : Bandoo
      Publisher  . . . . : Bandoo Media Inc.
      Description  . . . : Bandoo Firefox Plugin
      Version  . . . . . : 8.0
      Copyright  . . . . : Copyright (c) 2013
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 0.0

   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\components\FFPluginV6.dll (Bandoo)
      Size . . . . . . . : 2'378'752 bytes
      Age  . . . . . . . : 585.2 days (2014-02-25 18:14:21)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : CA39A4C9F1023030240738750DF8307724BF60709802F3122629F793BBB89F82
      Product  . . . . . : Bandoo
      Publisher  . . . . : Bandoo Media Inc.
      Description  . . . : Bandoo Firefox Plugin
      Version  . . . . . : 8.0
      Copyright  . . . . : Copyright (c) 2013
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 0.0

   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\components\FFPluginV7.dll (Bandoo)
      Size . . . . . . . : 2'378'752 bytes
      Age  . . . . . . . : 585.2 days (2014-02-25 18:14:21)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 9E1F77E4D85EB4A0622C9BA8EA049AC0AD7DFE12DBC5413525E58909818758D7
      Product  . . . . . : Bandoo
      Publisher  . . . . : Bandoo Media Inc.
      Description  . . . : Bandoo Firefox Plugin
      Version  . . . . . : 8.0
      Copyright  . . . . : Copyright (c) 2013
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 0.0

   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\components\FFPluginV8.dll (Bandoo)
      Size . . . . . . . : 2'378'752 bytes
      Age  . . . . . . . : 585.2 days (2014-02-25 18:14:21)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 4AE3ABB85C71BE60B5BAEC92B391B1F4B8C515CB019AD9A8315AB2F6F06BC9E9
      Product  . . . . . : Bandoo
      Publisher  . . . . : Bandoo Media Inc.
      Description  . . . : Bandoo Firefox Plugin
      Version  . . . . . : 8.0
      Copyright  . . . . : Copyright (c) 2013
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 0.0

   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\components\FFPluginV9.dll (Bandoo)
      Size . . . . . . . : 2'378'752 bytes
      Age  . . . . . . . : 585.2 days (2014-02-25 18:14:21)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 3C1CC50D3F5C77DE85B76D59A1D6E40D51568B9FE9763C0F4805AEBBBDF13FB4
      Product  . . . . . : Bandoo
      Publisher  . . . . : Bandoo Media Inc.
      Description  . . . : Bandoo Firefox Plugin
      Version  . . . . . : 8.0
      Copyright  . . . . : Copyright (c) 2013
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 0.0

   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\components\FFUtilities.js (Bandoo)
   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\components\IFFPlugin.xpt (Bandoo)
   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\components\IFFPlugin17.xpt (Bandoo)
   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\components\IFFUtilities.xpt (Bandoo)
   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\components\IFFUtilities17.xpt (Bandoo)
   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\content\ (Bandoo)
   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\content\bandoo.js (Bandoo)
   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\content\BandooComponent.js (Bandoo)
   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\content\ComponentContener.js (Bandoo)
   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\content\Events.js (Bandoo)
   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\content\logo.png (Bandoo)
   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\content\overlay.xul (Bandoo)
   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\content\tools.js (Bandoo)
   C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com\install.rdf (Bandoo)
   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerTrust\Bandoo.cfg (Bandoo)
   HKLM\SOFTWARE\Classes\.aif\OpenWithList\iMesh.exe\ (iMesh)
   HKLM\SOFTWARE\Classes\.aiff\OpenWithList\iMesh.exe\ (iMesh)
   HKLM\SOFTWARE\Classes\.asf\OpenWithList\iMesh.exe\ (iMesh)
   HKLM\SOFTWARE\Classes\.avi\OpenWithList\iMesh.exe\ (iMesh)
   HKLM\SOFTWARE\Classes\.divx\OpenWithList\iMesh.exe\ (iMesh)
   HKLM\SOFTWARE\Classes\.IVF\OpenWithList\iMesh.exe\ (iMesh)
   HKLM\SOFTWARE\Classes\.m4a\OpenWithList\iMesh.exe\ (iMesh)
   HKLM\SOFTWARE\Classes\.mid\OpenWithList\iMesh.exe\ (iMesh)
   HKLM\SOFTWARE\Classes\.mka\OpenWithList\iMesh.exe\ (iMesh)
   HKLM\SOFTWARE\Classes\.MOD\OpenWithList\iMesh.exe\ (iMesh)
   HKLM\SOFTWARE\Classes\.mp2v\OpenWithList\iMesh.exe\ (iMesh)
   HKLM\SOFTWARE\Classes\.mp4\OpenWithList\iMesh.exe\ (iMesh)
   HKLM\SOFTWARE\Classes\.mpe\OpenWithList\iMesh.exe\ (iMesh)
   HKLM\SOFTWARE\Classes\.mpg\OpenWithList\iMesh.exe\ (iMesh)
   HKLM\SOFTWARE\Classes\.qt\OpenWithList\iMesh.exe\ (iMesh)
   HKLM\SOFTWARE\Classes\.rm\OpenWithList\iMesh.exe\ (iMesh)
   HKLM\SOFTWARE\Classes\.rmvb\OpenWithList\iMesh.exe\ (iMesh)
   HKLM\SOFTWARE\Classes\.torrent\OpenWithList\iMesh.exe\ (iMesh)
   HKLM\SOFTWARE\Classes\.wav\OpenWithList\iMesh.exe\ (iMesh)
   HKLM\SOFTWARE\Classes\.wma\OpenWithList\iMesh.exe\ (iMesh)
   HKLM\SOFTWARE\Classes\.wmv\OpenWithList\iMesh.exe\ (iMesh)
   HKLM\SOFTWARE\Classes\.wv\OpenWithList\iMesh.exe\ (iMesh)
   HKLM\SOFTWARE\Classes\IGIFAnimator.IGIFAnimatorCtrl.1\ (iMesh)
   HKLM\SOFTWARE\Classes\IGIFAnimator.IGIFAnimatorCtrl\ (iMesh)
   HKLM\SOFTWARE\Classes\IMTrProgress.IMTrProgressCtrl.1\ (iMesh)
   HKLM\SOFTWARE\Classes\IMTrProgress.IMTrProgressCtrl\ (iMesh)
   HKLM\SOFTWARE\Classes\IMWeb.IMWebControl.1\ (iMesh)
   HKLM\SOFTWARE\Classes\Interface\{266294D5-5A0D-46E8-9294-BCB6EAFA478F}\ (Bandoo)
   HKLM\SOFTWARE\Classes\Interface\{2FDB59A0-4024-4CED-94CF-B01E217DE4E5}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{30AE6757-B1D4-4CD5-8FEC-A9B6A545EF64}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{367DFE4B-7078-41FE-B1DD-6A6318C7DFF9}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{37B204F8-CD97-409B-BDBF-41C0EC0DFF24}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{38C1B7DA-9876-4DEA-B740-19C4F57CE8E8}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{3C8E293A-99C8-45E1-93A3-77DAB6BB7928}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{4BC4F393-2C30-43DE-A988-7DE5068012A6}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{516434A0-985D-4312-843C-C92B3E19FC2D}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{518CA0FD-F755-4F98-A2A8-CD450FB203AB}\ (Bandoo)
   HKLM\SOFTWARE\Classes\Interface\{5442736B-E379-4668-AC30-7F39B3581875}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{5E9B4D72-C58D-48BF-AC09-68182D472160}\ (Bandoo)
   HKLM\SOFTWARE\Classes\Interface\{65267FD2-5B4E-48F7-A918-8E2697AEBB39}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{667C8B81-0B61-48F6-B7B9-60AA8242E6DF}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{6D32BB6F-7969-48BF-836A-C14CDFC72D72}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{6E1CC883-54EB-47D3-96BC-B586CB8C2BD9}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{72434BC1-E46D-47A1-A597-8749DFBCC24A}\ (Bandoo)
   HKLM\SOFTWARE\Classes\Interface\{7AFA5495-6C01-4BB8-AE21-C3BD6AB2F17C}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{7DBA2B02-EA31-4B98-812B-C6E8AE5C2972}\ (Bandoo)
   HKLM\SOFTWARE\Classes\Interface\{7F4213DE-5338-46E9-A61B-D9A63A8513E3}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{8E505161-C877-49F5-82CA-D2FF0B72862C}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{929FCA79-44E2-4408-83E7-F93AAE0B0909}\ (Bandoo)
   HKLM\SOFTWARE\Classes\Interface\{94FBDF11-676E-42E5-A516-1FD39970386B}\ (Bandoo)
   HKLM\SOFTWARE\Classes\Interface\{9932C738-5580-4408-A0E8-5EA03BE5FB18}\ (Bandoo)
   HKLM\SOFTWARE\Classes\Interface\{A126B97A-C84F-40EE-B9D0-1276892A879E}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{A1448C6E-0452-4550-B852-A1CE666D4907}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{A288B32D-1001-479F-8DA2-E259010B7A31}\ (Bandoo)
   HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{A5D99259-ADA3-48A5-B861-39813B713DCB}\ (Bandoo)
   HKLM\SOFTWARE\Classes\Interface\{A63B48E9-1EC7-413E-9C48-3404BBF87BF3}\ (iMesh)
   HKLM\SOFTWARE\Classes\Interface\{A93A372A-0AD5-4939-A228-7F4152124EA6}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{AC73709C-65EF-462E-A665-D893C2655BA3}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{AFFA986E-4B0F-4F15-9DDC-19FE8129602A}\ (Bandoo)
   HKLM\SOFTWARE\Classes\Interface\{B348A16C-64A6-4EAE-A42A-722623572C7E}\ (Bandoo)
   HKLM\SOFTWARE\Classes\Interface\{B47151A4-CF8B-4481-A41A-BCF127431C01}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{B6395E0E-3DB2-40F8-94D8-DA605C52BCA5}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{B693EEE5-7B41-43A0-B579-C246CA7BAA0F}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{C29CF951-7F4F-4B8D-ACA8-C4EE934C27DC}\ (Bandoo)
   HKLM\SOFTWARE\Classes\Interface\{D15809AA-50CF-4EE0-BCC9-E91A681BEFD3}\ (MusicToolbar)
   HKLM\SOFTWARE\Classes\Interface\{D4C6D911-00C3-4B4C-A13B-F1DC381CB8E9}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{D60A7941-4F69-4A79-BED7-72ADA784B8F7}\ (Bandoo)
   HKLM\SOFTWARE\Classes\Interface\{DFF35F25-E783-4E26-8DA6-EBB66B8B0E39}\ (Bandoo)
   HKLM\SOFTWARE\Classes\Interface\{E57D3C8D-ADD0-4AE0-8A14-0D0F6A3487FB}\ (Bandoo)
   HKLM\SOFTWARE\Classes\Interface\{EE54BA06-C150-4BF3-B3F3-D156767FBA12}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{EFDE11A9-FE0B-4548-B876-5EAC0A6CE86E}\ (iMesh)
   HKLM\SOFTWARE\Classes\Interface\{F13A0006-F3A9-4778-B8F1-6BD167475531}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{F2B8FCF4-73EA-4D12-AAFE-72909AFBA0A4}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{FA7B5E21-57B6-4527-8863-6221854EDAA6}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{4BC4F393-2C30-43DE-A988-7DE5068012A6}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{7F4213DE-5338-46E9-A61B-D9A63A8513E3}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A63B48E9-1EC7-413E-9C48-3404BBF87BF3}\ (iMesh)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B693EEE5-7B41-43A0-B579-C246CA7BAA0F}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{D15809AA-50CF-4EE0-BCC9-E91A681BEFD3}\ (MusicToolbar)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{EFDE11A9-FE0B-4548-B876-5EAC0A6CE86E}\ (iMesh)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayCDAudioOnArrival\IMPlayCDAudioOnArrival (iMesh)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayCDAudioOnArrival\IMRipCDAudioOnArrival (iMesh)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayMusicFilesOnArrival\IMShowVolumeOnArrival (iMesh)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayVideoFilesOnArrival\IMShowVolumeOnArrival (iMesh)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{074E4EFE-81BB-4EA4-866E-082CB0E01070}\ (Bandoo)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0CE5B352-9D9C-41E1-9551-FCCD92820217}\ (Bandoo)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{167B2B5F-2757-434A-BBDA-2FDB2003F14F}\ (Bandoo)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ (Bandoo)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{2E9A60EA-5554-49C3-BC9D-D0404DBACC62}\ (Bandoo)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{3E63C9BC-DD51-4E83-ABA6-B350EAD28531}\ (Bandoo)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{44CFFEF4-E7E1-44BD-B1F5-29F828ADA1B8}\ (Bandoo)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ (Bandoo)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ (Bandoo)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ (Bandoo)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{EF2B6317-C367-401B-83B8-80302D6588A7}\ (Bandoo)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F5379B4B-24D8-432A-9A96-BE75EE5117DB}\ (Bandoo)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F7FB2BC4-6C27-4EAC-B5E2-037B71FDE101}\ (Bandoo)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{FD53FE35-4368-4B71-89D6-F29F3DB29DF1}\ (Bandoo)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\EventHandlers\PlayCDAudioOnArrival\IMPlayCDAudioOnArrival (iMesh)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\EventHandlers\PlayCDAudioOnArrival\IMRipCDAudioOnArrival (iMesh)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\EventHandlers\PlayMusicFilesOnArrival\IMShowVolumeOnArrival (iMesh)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\EventHandlers\PlayVideoFilesOnArrival\IMShowVolumeOnArrival (iMesh)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C29CF951-7F4F-4b8d-ACA8-C4EE934C27DC}\ (Bandoo)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{eafe8ae2-593d-4535-8919-0f4e7a4eebe3}\ (RadioRage)
   HKU\S-1-5-21-2335087299-416370035-993193814-1002\Software\AppDataLow\Software\imeshmusicboxtoolbar181\ (iMesh)
   HKU\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Internet Explorer\Approved Extensions\{474597C5-AB09-49D6-A4D5-2E8D7341384E} (iMesh)
   HKU\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB}\ (RadioRage)
   HKU\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EAFE8AE2-593D-4535-8919-0F4E7A4EEBE3}\ (RadioRage)

Code:

ATTFilter

ESET bleibt bei 11% stecken und läuft einfach nicht weiter.

M-K-D-B · 06.10.2015, 18:28

Servus,

dannn jetzt bitte nochmal FRST, bevor wir weitermachen können:

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

smayate · 06.10.2015, 20:43

Hallo und herzlichen Dank, dass wir weitermachen :-) lg, Pat

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
durchgeführt von Mona (Administrator) auf HP_MONA (06-10-2015 21:26:42)
Gestartet von C:\Users\Mona\Desktop
Geladene Profile: Mona (Verfügbare Profile: Mona)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2899216 2013-05-28] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [DLCJCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\DLCJtime.dll,RunDLLEntry
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-09-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-13] (Avira Operations GmbH & Co. KG)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellExecuteHooks:  - {E54729E8-643D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook64.dll [773192 2014-03-01] ()
ShellExecuteHooks-x32:  - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook32.dll [484936 2014-03-01] ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Mona\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-09-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Mona\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-09-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Mona\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-09-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Mona\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Mona\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Mona\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-23] (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{095DDCF9-864E-4705-A2C1-76BF9EC9365F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E53ACA17-DD30-4196-B389-B09ADC657204}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/12
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {3035FD3C-5308-4863-91DF-75E8C9A9C5A7} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=hxxp://www.ebay.ch/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=hxxp://www.ebay.ch/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=hxxp://www.ebay.ch/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2335087299-416370035-993193814-1002 -> {FACD5959-88BD-4238-B571-8156DF972316} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-08] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-08] (Advanced Micro Devices)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\Profiles\f92w0j6a.default
FF Homepage: www.google.ch
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-06-07] ( HP)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2011-09-28] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2015-10-01]

Chrome: 
=======
CHR Profile: C:\Users\Mona\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mona\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-06]
CHR Extension: (Avira Browserschutz) - C:\Users\Mona\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-06]
CHR Extension: (Google Wallet) - C:\Users\Mona\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-03-21] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-09-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-09-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-09-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-09-22] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [228104 2015-08-13] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 dlcj_device; C:\Windows\system32\dlcjcoms.exe [452608 2005-07-12] ()
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [Datei ist nicht signiert]
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [31872 2012-02-02] (Advanced Micro Devices, Inc.)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [189760 2012-02-05] (AppEx Networks Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162528 2015-09-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-09-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-02] (Broadcom Corporation.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-02] (Broadcom Corporation.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-03-02] (Synaptics Incorporated)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-06 21:26 - 2015-10-06 21:26 - 00000000 ____D C:\Users\Mona\Desktop\FRST-OlderVersion
2015-10-03 23:13 - 2015-10-03 23:13 - 00000000 ____D C:\Program Files (x86)\ESET
2015-10-03 23:11 - 2015-10-03 23:11 - 02870984 _____ (ESET) C:\Users\Mona\Desktop\esetsmartinstaller_deu.exe
2015-10-03 23:01 - 2015-10-03 23:01 - 00044094 _____ C:\Users\Mona\Desktop\HitmanPro_20151003_2301.log
2015-10-03 22:50 - 2015-10-03 23:01 - 00000000 ____D C:\ProgramData\HitmanPro
2015-10-03 22:50 - 2015-10-03 22:50 - 11350472 _____ (SurfRight B.V.) C:\Users\Mona\Desktop\HitmanPro_x64.exe
2015-10-03 22:48 - 2015-10-03 22:48 - 00015870 _____ C:\Users\Mona\Desktop\scan_151003-223225.txt
2015-10-03 11:12 - 2015-10-03 11:12 - 00000743 _____ C:\Users\Mona\Desktop\Start Emsisoft Emergency Kit.lnk
2015-10-03 11:11 - 2015-10-03 11:13 - 00000000 ____D C:\EEK
2015-10-03 11:07 - 2015-10-03 11:08 - 167775960 _____ C:\Users\Mona\Downloads\EmsisoftEmergencyKit.exe
2015-10-01 21:00 - 2015-10-01 21:00 - 00039790 _____ C:\Users\Mona\Desktop\Search.txt
2015-10-01 20:31 - 2015-10-03 10:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-30 14:16 - 2015-09-30 14:16 - 00002251 _____ C:\Users\Mona\Desktop\JRT.txt
2015-09-30 14:10 - 2015-09-30 14:10 - 01798976 _____ (Malwarebytes) C:\Users\Mona\Desktop\JRT.exe
2015-09-30 14:03 - 2015-09-30 14:03 - 00010206 _____ C:\Users\Mona\Desktop\mbam.txt
2015-09-30 13:22 - 2015-09-30 14:04 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-30 13:21 - 2015-09-30 13:21 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-09-30 13:21 - 2015-09-30 13:21 - 00000000 ____D C:\Users\Mona\Desktop\ Malwarebytes Anti-Malware 
2015-09-30 13:21 - 2015-09-30 13:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-30 13:21 - 2015-09-30 13:21 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-09-30 13:21 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-30 13:21 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-30 13:21 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-30 13:03 - 2015-09-30 13:03 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Mona\Desktop\mbam-setup-2.1.8.1057.exe
2015-09-30 12:34 - 2015-09-30 12:41 - 00000000 ____D C:\AdwCleaner
2015-09-30 12:29 - 2015-09-30 12:29 - 01670656 _____ C:\Users\Mona\Desktop\AdwCleaner_5.009.exe
2015-09-29 15:57 - 2015-09-29 15:57 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Mona\Desktop\tdsskiller.exe
2015-09-29 15:52 - 2015-09-30 14:30 - 00028692 _____ C:\Users\Mona\Desktop\Addition.txt
2015-09-29 15:50 - 2015-10-06 21:26 - 00019075 _____ C:\Users\Mona\Desktop\FRST.txt
2015-09-29 15:50 - 2015-10-06 21:26 - 00000000 ____D C:\FRST
2015-09-29 15:48 - 2015-10-06 21:26 - 02193920 _____ (Farbar) C:\Users\Mona\Desktop\FRST64.exe
2015-09-23 19:52 - 2015-08-18 03:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-23 19:52 - 2015-08-18 03:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-23 19:52 - 2015-08-15 08:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-23 19:52 - 2015-08-15 08:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-23 19:52 - 2015-08-15 08:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-23 19:52 - 2015-08-15 08:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-23 19:52 - 2015-08-15 08:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-23 19:52 - 2015-08-15 08:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-23 19:52 - 2015-08-15 08:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-23 19:52 - 2015-08-15 08:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-23 19:52 - 2015-08-15 08:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-23 19:52 - 2015-08-15 08:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-23 19:52 - 2015-08-15 08:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-23 19:52 - 2015-08-15 08:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-23 19:52 - 2015-08-15 08:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-23 19:52 - 2015-08-15 08:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-23 19:52 - 2015-08-15 08:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-23 19:52 - 2015-08-15 08:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-23 19:52 - 2015-08-15 08:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-23 19:52 - 2015-08-15 08:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-23 19:52 - 2015-08-15 07:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-23 19:52 - 2015-08-15 07:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-23 19:52 - 2015-08-15 07:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-23 19:52 - 2015-08-15 07:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-23 19:52 - 2015-08-15 07:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-23 19:52 - 2015-08-15 07:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-23 19:52 - 2015-08-15 07:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-23 19:52 - 2015-08-15 07:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-09-23 19:52 - 2015-08-15 07:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-23 19:52 - 2015-08-15 07:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-23 19:52 - 2015-08-15 07:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-09-23 19:52 - 2015-08-15 07:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-09-23 19:52 - 2015-08-15 07:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-23 19:52 - 2015-08-15 07:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-23 19:52 - 2015-08-15 07:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-09-23 19:52 - 2015-08-15 07:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-23 19:52 - 2015-08-15 07:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-23 19:52 - 2015-08-15 07:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-09-23 19:52 - 2015-08-15 07:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-23 19:52 - 2015-08-15 07:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-23 19:52 - 2015-08-15 07:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-23 19:52 - 2015-08-15 07:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-23 19:52 - 2015-08-15 07:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-23 19:52 - 2015-08-15 07:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-23 19:52 - 2015-08-15 07:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-23 19:52 - 2015-08-15 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-23 19:52 - 2015-08-15 07:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-09-23 19:52 - 2015-08-15 07:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-23 19:52 - 2015-08-15 07:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-23 19:52 - 2015-08-15 07:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-23 19:52 - 2015-08-15 07:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-23 19:52 - 2015-08-15 07:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-23 19:52 - 2015-08-15 07:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-23 19:52 - 2015-08-15 07:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-23 19:52 - 2015-08-15 07:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-09-23 19:52 - 2015-08-15 06:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-23 19:52 - 2015-08-15 06:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-23 19:52 - 2015-08-15 06:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-23 19:52 - 2015-08-15 06:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-23 19:52 - 2015-08-15 06:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-23 19:52 - 2015-08-05 19:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-23 19:52 - 2015-08-05 19:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-23 19:52 - 2015-08-05 19:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-23 19:52 - 2015-08-04 20:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-23 19:52 - 2015-08-04 20:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-23 19:52 - 2015-08-04 19:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-23 19:52 - 2015-08-04 19:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-23 19:52 - 2015-08-04 19:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-23 19:52 - 2015-08-04 19:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-23 19:52 - 2015-07-15 05:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-23 19:52 - 2015-07-15 04:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-23 19:51 - 2015-09-02 05:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-23 19:51 - 2015-09-02 05:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-23 19:51 - 2015-09-02 05:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-23 19:51 - 2015-09-02 05:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-23 19:51 - 2015-09-02 04:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-23 19:51 - 2015-09-02 04:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-23 19:51 - 2015-09-02 04:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-23 19:51 - 2015-09-02 04:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-23 19:51 - 2015-09-02 03:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-23 19:51 - 2015-09-02 03:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-23 19:51 - 2015-09-02 03:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-23 19:51 - 2015-08-26 20:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-23 19:51 - 2015-08-26 20:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-23 19:51 - 2015-08-26 20:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-23 19:51 - 2015-08-26 20:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-23 19:51 - 2015-08-26 20:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-23 19:51 - 2015-08-26 20:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-23 19:51 - 2015-08-26 20:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-23 19:51 - 2015-08-26 20:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-23 19:51 - 2015-08-26 20:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-23 19:51 - 2015-08-26 20:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-23 19:51 - 2015-08-26 20:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-23 19:51 - 2015-08-26 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-23 19:51 - 2015-08-26 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-23 19:51 - 2015-08-26 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-23 19:51 - 2015-08-26 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-23 19:51 - 2015-08-26 19:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-23 19:51 - 2015-08-04 19:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-23 19:51 - 2015-08-04 19:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-23 19:51 - 2015-08-04 18:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-23 19:44 - 2015-10-06 16:43 - 00000000 ____D C:\Users\Mona\Documents\compi
2015-09-23 19:24 - 2015-10-03 10:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-23 19:24 - 2015-09-23 19:24 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-23 19:24 - 2015-09-23 19:24 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-23 19:23 - 2015-09-23 19:23 - 00243936 _____ C:\Users\Mona\Downloads\Firefox Setup Stub 41.0.exe
2015-09-22 19:06 - 2015-07-30 15:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-09-22 19:06 - 2015-07-30 15:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-09-22 17:01 - 2015-07-10 19:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-09-22 17:01 - 2015-07-10 19:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-09-22 17:01 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-09-22 17:01 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-09-22 17:01 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-09-22 17:00 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-09-22 17:00 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-09-22 16:56 - 2015-07-16 21:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-09-22 16:56 - 2015-07-16 21:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-09-22 16:56 - 2015-07-16 21:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-09-22 16:56 - 2015-07-16 21:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-09-22 16:56 - 2015-07-16 21:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-09-22 16:56 - 2015-07-16 21:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-09-22 16:56 - 2015-07-11 15:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-09-22 16:55 - 2015-07-15 20:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-22 16:55 - 2015-07-15 20:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-22 16:55 - 2015-07-15 20:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-22 16:55 - 2015-07-15 20:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-09-22 16:55 - 2015-07-15 20:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-22 16:55 - 2015-07-15 20:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-09-22 16:55 - 2015-07-15 20:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-09-22 16:55 - 2015-07-15 20:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-09-22 16:55 - 2015-07-15 20:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-22 16:55 - 2015-07-15 20:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-22 16:55 - 2015-07-15 20:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-22 16:55 - 2015-07-15 20:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-22 16:55 - 2015-07-15 20:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-09-22 16:55 - 2015-07-15 20:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-09-22 16:55 - 2015-07-15 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-09-22 16:55 - 2015-07-15 20:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-22 16:55 - 2015-07-15 20:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-22 16:55 - 2015-07-15 20:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-09-22 16:55 - 2015-07-15 19:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-09-22 16:55 - 2015-07-15 19:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-22 16:55 - 2015-07-15 19:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-09-22 16:55 - 2015-07-15 19:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-09-22 16:55 - 2015-07-15 19:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-09-22 16:55 - 2015-07-15 19:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-09-22 16:55 - 2015-07-15 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-09-22 16:55 - 2015-07-15 19:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-09-22 16:55 - 2015-07-15 19:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-09-22 16:55 - 2015-07-15 19:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-09-22 16:55 - 2015-07-15 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-09-22 16:55 - 2015-07-15 19:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-09-22 16:55 - 2015-07-15 19:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-09-22 16:55 - 2015-07-15 19:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-09-22 16:55 - 2015-07-15 19:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-09-22 16:55 - 2015-07-15 19:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-09-22 16:55 - 2015-07-15 19:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-22 16:55 - 2015-07-15 19:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-09-22 16:55 - 2015-07-15 19:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-09-22 16:55 - 2015-07-15 19:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-09-22 16:55 - 2015-07-15 19:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-09-22 16:55 - 2015-07-15 19:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 18:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-22 16:55 - 2015-07-15 18:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-22 16:55 - 2015-07-15 18:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-22 16:55 - 2015-07-15 18:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-09-22 16:55 - 2015-07-15 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-09-22 16:55 - 2015-07-15 18:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 18:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 18:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-22 16:55 - 2015-07-15 18:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-22 16:53 - 2015-06-09 20:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-09-22 16:53 - 2015-06-09 20:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-09-22 16:52 - 2015-07-15 05:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-09-22 16:48 - 2015-07-15 05:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-22 16:48 - 2015-07-15 05:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-22 16:48 - 2015-07-15 05:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-22 16:48 - 2015-07-15 05:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-22 16:48 - 2015-07-15 04:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-22 16:48 - 2015-07-15 04:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-22 16:48 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-09-22 16:48 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-09-22 16:48 - 2015-07-01 22:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-09-22 16:48 - 2015-07-01 22:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-09-22 16:48 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-09-22 16:48 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-09-22 16:45 - 2015-07-30 20:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-09-22 16:45 - 2015-07-30 20:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-09-22 16:45 - 2015-07-30 20:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-09-22 16:45 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-09-22 16:45 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-09-22 16:45 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-09-22 16:45 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-09-22 16:45 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-09-22 16:45 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-09-22 16:43 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-22 16:43 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-09-22 16:43 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-22 16:43 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-09-22 16:43 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-22 16:43 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-09-22 16:43 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-09-22 16:43 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-22 16:43 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-09-22 16:43 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-09-22 16:43 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-09-22 16:43 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-09-22 16:08 - 2015-09-22 16:08 - 00001138 _____ C:\Users\Public\Desktop\Avira Launcher.lnk

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-06 21:23 - 2012-09-30 13:27 - 01317314 _____ C:\Windows\WindowsUpdate.log
2015-10-06 21:23 - 2012-09-30 11:24 - 00000000 ____D C:\Users\Mona\AppData\LocalLow\AuthenTec
2015-10-06 19:19 - 2013-09-21 11:11 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3F9A1DB0-EBAA-43AC-9979-A5387D076F64}
2015-10-05 15:44 - 2012-10-09 16:29 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-10-03 23:11 - 2012-05-15 02:40 - 00700118 _____ C:\Windows\system32\perfh007.dat
2015-10-03 23:11 - 2012-05-15 02:40 - 00149968 _____ C:\Windows\system32\perfc007.dat
2015-10-03 23:11 - 2009-07-14 07:13 - 01622228 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-03 11:02 - 2009-07-14 06:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-03 11:02 - 2009-07-14 06:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-03 10:53 - 2014-03-22 16:55 - 00012895 _____ C:\Windows\setupact.log
2015-10-03 10:53 - 2010-11-21 05:47 - 00999140 _____ C:\Windows\PFRO.log
2015-10-03 10:53 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-30 13:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-09-30 13:51 - 2012-09-30 13:42 - 00000000 ____D C:\Users\Mona\AppData\Roaming\SoftGrid Client
2015-09-25 21:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-09-25 08:04 - 2009-07-14 06:45 - 00267816 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-25 08:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-24 01:14 - 2013-09-21 11:47 - 00000000 ____D C:\Windows\system32\MRT
2015-09-24 00:51 - 2012-09-30 15:45 - 00000000 ____D C:\Users\Mona\AppData\Roaming\Skype
2015-09-23 20:24 - 2013-03-18 23:12 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-23 19:43 - 2013-03-18 23:26 - 00000000 ____D C:\Users\Mona\AppData\Local\Mozilla
2015-09-23 19:18 - 2014-03-23 09:41 - 00002172 _____ C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-09-23 19:18 - 2014-03-23 09:41 - 00000000 ___RD C:\Users\Mona\OneDrive
2015-09-23 19:15 - 2013-03-16 16:27 - 00000000 ___RD C:\Users\Mona\Podcasts
2015-09-22 19:06 - 2013-03-14 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-22 19:05 - 2013-03-14 11:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-22 19:05 - 2013-03-14 11:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-22 17:08 - 2013-05-22 11:28 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-09-22 17:08 - 2013-05-22 11:28 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2015-09-22 17:04 - 2014-12-29 23:41 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-09-22 16:39 - 2014-11-28 16:36 - 00000000 ____D C:\Program Files\Dl_cats
2015-09-22 16:37 - 2014-12-06 16:11 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-22 16:16 - 2014-11-20 09:32 - 00000000 __SHD C:\Users\Mona\AppData\Local\EmieBrowserModeList
2015-09-22 16:16 - 2014-04-24 01:59 - 00000000 __SHD C:\Users\Mona\AppData\Local\EmieUserList
2015-09-22 16:16 - 2014-04-24 01:59 - 00000000 __SHD C:\Users\Mona\AppData\Local\EmieSiteList
2015-09-22 16:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-22 16:10 - 2014-11-14 15:09 - 00000000 __SHD C:\Users\Mona\AppData\LocalLow\EmieBrowserModeList
2015-09-22 16:10 - 2014-04-24 01:59 - 00000000 __SHD C:\Users\Mona\AppData\LocalLow\EmieUserList
2015-09-22 16:10 - 2014-04-24 01:59 - 00000000 __SHD C:\Users\Mona\AppData\LocalLow\EmieSiteList
2015-09-22 16:08 - 2014-12-06 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-09-22 16:06 - 2014-12-06 16:15 - 00162528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-09-22 16:06 - 2014-12-06 16:15 - 00141416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-09-22 16:01 - 2012-05-14 18:06 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-22 16:01 - 2012-05-14 18:06 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-02-28 07:49 - 2014-02-28 07:49 - 0700113 _____ () C:\Users\Mona\AppData\Roaming\UserTile.png
2013-03-19 23:04 - 2014-03-29 07:41 - 0007680 _____ () C:\Users\Mona\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Einige Dateien in TEMP:
====================
C:\Users\Mona\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-10-01 20:44

==================== Ende von FRST.txt ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:04-10-2015
durchgeführt von Mona (2015-10-06 21:28:22)
Gestartet von C:\Users\Mona\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-09-30 09:24:10)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2335087299-416370035-993193814-500 - Administrator - Disabled)
Gast (S-1-5-21-2335087299-416370035-993193814-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2335087299-416370035-993193814-1003 - Limited - Enabled)
Mona (S-1-5-21-2335087299-416370035-993193814-1002 - Administrator - Enabled) => C:\Users\Mona

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{DB8F3717-56A7-AA87-3324-4CEAB9C7964E}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.14.0 - AppEx Networks)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.12.420 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{315dd168-0794-4cf1-8355-f195cde642fc}) (Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.140 - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2300 - Broadcom Corporation)
Cake Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.3.5018 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Photo AIO Printer 964 (HKLM\...\Dell Photo AIO Printer 964) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{4F34A145-8CF3-400C-B5DB-2B1BF604304D}) (Version: 5.1.4 - Hewlett-Packard)
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom (TM) 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{AB5BCC55-18E2-46C7-9405-FF61CB888F05}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{0D83FCDE-8CAF-45E6-907D-6AF8E2A5EE01}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP SimplePass (HKLM-x32\...\{4BACA3B8-F63A-44ED-9A8D-48B4D02AD268}) (Version: 6.0.100.276 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6392.0 - IDT)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2335087299-416370035-993193814-1002\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 de)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.54.309.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.27016 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.5.1 - Synaptics Incorporated)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{D8360C56-B89D-47AA-91A5-8D27A20844FB}) (Version: 4.3.304.0 - Validity Sensors, Inc.)
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Phone app for desktop (HKLM-x32\...\{19773614-FC22-4ACC-AAA3-E6BDA81ACF92}) (Version: 1.1.2726.0 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

22-09-2015 17:12:50 Windows Update
22-09-2015 18:48:18 Windows Update
24-09-2015 01:01:48 Windows Update
29-09-2015 11:57:47 Windows Update
30-09-2015 14:11:15 JRT Pre-Junkware Removal
03-10-2015 10:49:25 Windows Update
06-10-2015 16:39:23 Windows Update

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0D30A251-4646-40ED-8A0E-B0C0127034A7} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {1F81FE25-96D9-487F-B5FD-7F3C7A437DDC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {94C1EDCE-546B-452D-8790-EDFCD2EFEE9D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPW10UpgradeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPW10UpgradeReminder.exe [2015-08-11] (Hewlett-Packard)
Task: {9FB25706-69FE-4CDB-B262-D1661B014AE6} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-02-21] (CyberLink)
Task: {A1A1AFA4-246D-47C0-A5A8-2A01F772FA72} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {C4BB5360-6CD7-4664-A7DA-078BC1D67A89} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {CE70E88F-7C25-4EF3-AACF-61FF3BD27E2B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {D94AC378-5D6E-41F6-B5C4-E493E4CB93EC} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)
Task: {F875A22F-1A8E-41B4-A78C-57D4F72659A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2005-07-12 23:58 - 2005-07-12 23:58 - 00365568 _____ () C:\Windows\System32\dlcjlmpm.dll
2012-03-21 04:30 - 2012-03-21 04:30 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-06-07 06:16 - 2013-06-07 06:16 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2010-02-28 02:33 - 2010-02-28 02:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2335087299-416370035-993193814-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{2AD5A21F-F97C-49E2-B21A-3F75300C7486}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E8AF0ECB-47C4-48C4-8771-688D789C88EB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{61F5C836-73E7-4F03-A837-2AE04E5CD657}] => (Allow) LPort=2869
FirewallRules: [{DBA3DF77-54B7-47EE-8896-8C582167E40C}] => (Allow) LPort=1900
FirewallRules: [{85887DEE-AACE-48A5-9BA2-2E99CFA12B54}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E87B6EEB-D76F-4A8B-A1F6-C008C0E63C8E}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{CD53AD27-9998-4C7C-8966-0480840D526E}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [{B17331D3-05A6-4252-9D0B-9367564D3835}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
FirewallRules: [{42F83011-ECEA-49C2-AC4E-9544DBE0B7D0}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{588D1C66-339A-49D0-B94D-FBC4D3D48FB7}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{4C91D21C-D962-485A-A667-92BDE386E619}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{6A6C38E4-C94C-4B35-8EF4-6D8A6FF4CBEA}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{EF24F5A3-CAC9-49DD-B0CE-7F0E025C68BA}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{56B7AFF5-B339-4A10-92EC-14409EAA7739}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{38F8F7A6-2259-4634-B780-86A4D2ACE25E}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{7CF8603B-63D9-4767-90EC-96E925352764}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{534AAC24-C121-46BF-B8C8-6254A526095B}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{E11FCAD3-3A75-4453-9BAD-C319386F9E5B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{86C3B2B8-B85D-4648-98CC-8ED0481B179D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{67EC46F5-1A52-4507-A5D8-91080DE3FB28}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{77DE10DF-0F0E-4DF9-8C6E-10B656590D73}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{24DEE0E0-BBB5-4A1F-BEDD-150BCF60DA1F}] => (Allow) C:\Users\Mona\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{E10FFDC0-D9EA-4A00-9AB2-DBBDD1BCA648}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CE83DE34-24CF-4F65-BC43-B5BDFE235E05}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (10/05/2015 03:54:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15818

Error: (10/05/2015 03:54:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15818

Error: (10/05/2015 03:54:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/05/2015 03:28:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/05/2015 03:28:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/05/2015 03:28:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/05/2015 03:23:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/05/2015 03:23:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/05/2015 03:23:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/05/2015 02:50:21 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


Systemfehler:
=============
Error: (10/05/2015 04:19:03 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (10/05/2015 04:18:58 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (10/05/2015 03:28:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (10/05/2015 03:28:38 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Mona\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (10/05/2015 03:28:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (10/05/2015 03:28:37 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Mona\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (10/05/2015 03:28:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (10/05/2015 03:28:37 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Mona\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (10/05/2015 03:28:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (10/05/2015 03:28:37 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Mona\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


==================== Speicherinformationen =========================== 

Prozessor: AMD A6-4400M APU with Radeon(tm) HD Graphics 
Prozentuale Nutzung des RAM: 50%
Installierter physikalischer RAM: 3554.36 MB
Verfügbarer physikalischer RAM: 1754.02 MB
Summe virtueller Speicher: 7106.93 MB
Verfügbarer virtueller Speicher: 4629.25 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:443 GB) (Free:363.34 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]
Drive d: (Recovery) (Fixed) (Total:22.47 GB) (Free:2.36 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
Drive g: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:928.18 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F15014C2)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=443 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7795FB82)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

M-K-D-B · 07.10.2015, 15:45

Servus,

berichte mir, wie der Rechner nach dem allen lauft:

Mehrere Anti-Virus-Programme

Code:

ATTFilter

Microsoft
Avira

Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast. Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Ausserdem bremst es auch das System aus. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung => Programme deinstallieren.
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\extensions\ffox@bandoo.com
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerTrust\Bandoo.cfg
DeleteKey: HKLM\SOFTWARE\Classes\.aif\OpenWithList\iMesh.exe
DeleteKey: HKLM\SOFTWARE\Classes\.aiff\OpenWithList\iMesh.exe
DeleteKey: HKLM\SOFTWARE\Classes\.asf\OpenWithList\iMesh.exe
DeleteKey: HKLM\SOFTWARE\Classes\.avi\OpenWithList\iMesh.exe
DeleteKey: HKLM\SOFTWARE\Classes\.divx\OpenWithList\iMesh.exe
DeleteKey: HKLM\SOFTWARE\Classes\.IVF\OpenWithList\iMesh.exe
DeleteKey: HKLM\SOFTWARE\Classes\.m4a\OpenWithList\iMesh.exe
DeleteKey: HKLM\SOFTWARE\Classes\.mid\OpenWithList\iMesh.exe
DeleteKey: HKLM\SOFTWARE\Classes\.mka\OpenWithList\iMesh.exe
DeleteKey: HKLM\SOFTWARE\Classes\.MOD\OpenWithList\iMesh.exe
DeleteKey: HKLM\SOFTWARE\Classes\.mp2v\OpenWithList\iMesh.exe
DeleteKey: HKLM\SOFTWARE\Classes\.mp4\OpenWithList\iMesh.exe
DeleteKey: HKLM\SOFTWARE\Classes\.mpe\OpenWithList\iMesh.exe
DeleteKey: HKLM\SOFTWARE\Classes\.mpg\OpenWithList\iMesh.exe
DeleteKey: HKLM\SOFTWARE\Classes\.qt\OpenWithList\iMesh.exe
DeleteKey: HKLM\SOFTWARE\Classes\.rm\OpenWithList\iMesh.exe
DeleteKey: HKLM\SOFTWARE\Classes\.rmvb\OpenWithList\iMesh.exe
DeleteKey: HKLM\SOFTWARE\Classes\.torrent\OpenWithList\iMesh.exe
DeleteKey: HKLM\SOFTWARE\Classes\.wav\OpenWithList\iMesh.exe
DeleteKey: HKLM\SOFTWARE\Classes\.wma\OpenWithList\iMesh.exe
DeleteKey: HKLM\SOFTWARE\Classes\.wmv\OpenWithList\iMesh.exe
DeleteKey: HKLM\SOFTWARE\Classes\.wv\OpenWithList\iMesh.exe
DeleteKey: HKLM\SOFTWARE\Classes\IGIFAnimator.IGIFAnimatorCtrl.1
DeleteKey: HKLM\SOFTWARE\Classes\IGIFAnimator.IGIFAnimatorCtrl
DeleteKey: HKLM\SOFTWARE\Classes\IMTrProgress.IMTrProgressCtrl.1
DeleteKey: HKLM\SOFTWARE\Classes\IMTrProgress.IMTrProgressCtrl
DeleteKey: HKLM\SOFTWARE\Classes\IMWeb.IMWebControl.1
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{266294D5-5A0D-46E8-9294-BCB6EAFA478F}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{2FDB59A0-4024-4CED-94CF-B01E217DE4E5}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{30AE6757-B1D4-4CD5-8FEC-A9B6A545EF64}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{367DFE4B-7078-41FE-B1DD-6A6318C7DFF9}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{37B204F8-CD97-409B-BDBF-41C0EC0DFF24}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{38C1B7DA-9876-4DEA-B740-19C4F57CE8E8}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{3C8E293A-99C8-45E1-93A3-77DAB6BB7928}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{4BC4F393-2C30-43DE-A988-7DE5068012A6}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{516434A0-985D-4312-843C-C92B3E19FC2D}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{518CA0FD-F755-4F98-A2A8-CD450FB203AB}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{5442736B-E379-4668-AC30-7F39B3581875}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{5E9B4D72-C58D-48BF-AC09-68182D472160}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{65267FD2-5B4E-48F7-A918-8E2697AEBB39}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{667C8B81-0B61-48F6-B7B9-60AA8242E6DF}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{6D32BB6F-7969-48BF-836A-C14CDFC72D72}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{6E1CC883-54EB-47D3-96BC-B586CB8C2BD9}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{72434BC1-E46D-47A1-A597-8749DFBCC24A}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{7AFA5495-6C01-4BB8-AE21-C3BD6AB2F17C}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{7DBA2B02-EA31-4B98-812B-C6E8AE5C2972}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{7F4213DE-5338-46E9-A61B-D9A63A8513E3}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{8E505161-C877-49F5-82CA-D2FF0B72862C}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{929FCA79-44E2-4408-83E7-F93AAE0B0909}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{94FBDF11-676E-42E5-A516-1FD39970386B}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{9932C738-5580-4408-A0E8-5EA03BE5FB18}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{A126B97A-C84F-40EE-B9D0-1276892A879E}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{A1448C6E-0452-4550-B852-A1CE666D4907}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{A288B32D-1001-479F-8DA2-E259010B7A31}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{A5D99259-ADA3-48A5-B861-39813B713DCB}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{A63B48E9-1EC7-413E-9C48-3404BBF87BF3}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{A93A372A-0AD5-4939-A228-7F4152124EA6}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{AC73709C-65EF-462E-A665-D893C2655BA3}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{AFFA986E-4B0F-4F15-9DDC-19FE8129602A}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{B348A16C-64A6-4EAE-A42A-722623572C7E}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{B47151A4-CF8B-4481-A41A-BCF127431C01}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{B6395E0E-3DB2-40F8-94D8-DA605C52BCA5}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{B693EEE5-7B41-43A0-B579-C246CA7BAA0F}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{C29CF951-7F4F-4B8D-ACA8-C4EE934C27DC}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D15809AA-50CF-4EE0-BCC9-E91A681BEFD3}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D4C6D911-00C3-4B4C-A13B-F1DC381CB8E9}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D60A7941-4F69-4A79-BED7-72ADA784B8F7}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{DFF35F25-E783-4E26-8DA6-EBB66B8B0E39}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{E57D3C8D-ADD0-4AE0-8A14-0D0F6A3487FB}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{EE54BA06-C150-4BF3-B3F3-D156767FBA12}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{EFDE11A9-FE0B-4548-B876-5EAC0A6CE86E}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{F13A0006-F3A9-4778-B8F1-6BD167475531}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{F2B8FCF4-73EA-4D12-AAFE-72909AFBA0A4}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{FA7B5E21-57B6-4527-8863-6221854EDAA6}
DeleteKey: HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{4BC4F393-2C30-43DE-A988-7DE5068012A6}
DeleteKey: HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{7F4213DE-5338-46E9-A61B-D9A63A8513E3}
DeleteKey: HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A63B48E9-1EC7-413E-9C48-3404BBF87BF3}
DeleteKey: HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B693EEE5-7B41-43A0-B579-C246CA7BAA0F}
DeleteKey: HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{D15809AA-50CF-4EE0-BCC9-E91A681BEFD3}
DeleteKey: HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{EFDE11A9-FE0B-4548-B876-5EAC0A6CE86E}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayCDAudioOnArrival\IMPlayCDAudioOnArrival
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayCDAudioOnArrival\IMRipCDAudioOnArrival
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayMusicFilesOnArrival\IMShowVolumeOnArrival
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayVideoFilesOnArrival\IMShowVolumeOnArrival
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{074E4EFE-81BB-4EA4-866E-082CB0E01070}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0CE5B352-9D9C-41E1-9551-FCCD92820217}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{167B2B5F-2757-434A-BBDA-2FDB2003F14F}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{2E9A60EA-5554-49C3-BC9D-D0404DBACC62}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{3E63C9BC-DD51-4E83-ABA6-B350EAD28531}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{44CFFEF4-E7E1-44BD-B1F5-29F828ADA1B8}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{B543EF05-9758-464E-9F37-4C28525B4A4C}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{EF2B6317-C367-401B-83B8-80302D6588A7}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F5379B4B-24D8-432A-9A96-BE75EE5117DB}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F7FB2BC4-6C27-4EAC-B5E2-037B71FDE101}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{FD53FE35-4368-4B71-89D6-F29F3DB29DF1}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\EventHandlers\PlayCDAudioOnArrival\IMPlayCDAudioOnArrival
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\EventHandlers\PlayCDAudioOnArrival\IMRipCDAudioOnArrival
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\EventHandlers\PlayMusicFilesOnArrival\IMShowVolumeOnArrival
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\EventHandlers\PlayVideoFilesOnArrival\IMShowVolumeOnArrival
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C29CF951-7F4F-4b8d-ACA8-C4EE934C27DC}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{eafe8ae2-593d-4535-8919-0f4e7a4eebe3}
DeleteKey: HKU\S-1-5-21-2335087299-416370035-993193814-1002\Software\AppDataLow\Software\imeshmusicboxtoolbar181
DeleteKey: HKU\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Internet Explorer\Approved Extensions\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
DeleteKey: HKU\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB}
DeleteKey: HKU\S-1-5-21-2335087299-416370035-993193814-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EAFE8AE2-593D-4535-8919-0F4E7A4EEBE3}
RemoveProxy:
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Schritt 3
Downloade dir bitte

Farbar Service Scanner

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei desSecurityCheck,
die Logdatei von FSS,
die beiden neuen Logdateien von FRST.

06.10.2015, 18:28	#13
M-K-D-B /// TB-Ausbilder	laptop läuft sehr langsam, Tastatureingabe oft zeitverzögert, windows 7, 64bit Servus, dannn jetzt bitte nochmal FRST, bevor wir weitermachen können: Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen. FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt). Poste mir beide Logdateien mit deiner nächsten Antwort.

laptop läuft sehr langsam, Tastatureingabe oft zeitverzögert, windows 7, 64bit

Plagegeister aller Art und deren Bekämpfung: laptop läuft sehr langsam, Tastatureingabe oft zeitverzögert, windows 7, 64bit