Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: ELBA Onlinebanking - da ist was faul

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.03.2016, 12:55   #1
pyjamahai
 
ELBA Onlinebanking - da ist was faul - Unglücklich

ELBA Onlinebanking - da ist was faul



Grüß Euch!

Habe zum ersten mal überhaupt ein Problem und bin maßlos überfordert damit.. Mein Problem ist, dass ich mich nicht mehr in mein Online Banking Konto einloggen kann.
Wenn ich früher auf die Seite zugreifen wollte, kam ein normales Feld, in das ich meine Kennummer und mein Kennwort eingeben sollte.
Jetzt werde ich auf der Seite aufgefordert allerlei Daten inein Popup einzugeben und eine App auf mein Handy zu laden.. mach ich natürlich nicht.

( https://banking.raiffeisen.at/logincenter/login.wf;jsessionid=F801DB96205436EEC67BB5DEFD12D86C.rlogincenter-2_b1p01?execution=e1s3 )

Hab jetzt per ADW Cleaner und Norton Power Earser versucht das Problem zu lösen. Es wurden zwar schadhafte Dateien entfernt, aber das oben genannte Problem besteht dennoch...
Hoffe ihr könnt mir helfen. Bin eine Niete was das alles angeht.

Danke und sonnige Grüße!

Alt 03.03.2016, 20:26   #2
Deathkid535
/// Malwareteam
 
ELBA Onlinebanking - da ist was faul - Standard

ELBA Onlinebanking - da ist was faul





Mein Name ist Dennis und ich werde dir bei der Bereinigung helfen.

Bitte beachte, dass es ein paar Regeln gibt:
  • Bitte lies meine Posts komplett durch bevor du sie abarbeitest
  • Wenn ein Problem auftauchen sollte, unterbreche deine Arbeit, poste die entstandenen Logs und schildere dieses so genau wie möglich.
  • Bitte kein Crossposting
  • Installiere oder Deinstalliere keine Software ohne Aufforderung
  • Bitte verwende nur die Tools welche hier im Thread erwähnt werden
  • Antworte innerhalb von 24h um eine sinnvolle Bereinigung zu ermöglichen
  • Poste die Logs immer in CODE-Tags (#-Button), zur Not die Logs einfach aufteilen

Sollte ich nicht innerhalb von 48h antworten, schreibe mir eine PM!

Posten in CODE-Tags

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.


Hast du deine Online-Banking Daten dort eingegeben? Lass dir am besten eine neue PIN geben.

Und poste mir bitte das Log noch vom AdwCleaner

Schritt # 1: FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Schritt # 2: Bitte Posten
  • Die FRST.txt
  • Die Addition.txt
__________________

__________________

Alt 04.03.2016, 08:37   #3
pyjamahai
 
ELBA Onlinebanking - da ist was faul - Standard

ELBA Onlinebanking - da ist was faul



Hallo!
Erstmal vielen Dank für deine schnelle Reaktion!
Trend Micro Maximum Security hat die Datei aus sicherheitsgründen während des Runs entfernt.. wollte es mich erst auch garnicht installieren lassen.
Und das Log vom Adw Cleaner hab ich nicht mehr... und nun?

OTL Log kann ich dir anbieten:

Code:
ATTFilter
OTL logfile created on: 04.03.2016 08:43:17 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Garage\Desktop\Downloads
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18205)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 43,07% Memory free
6,87 Gb Paging File | 4,53 Gb Available in Paging File | 65,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 191,98 Gb Total Space | 133,48 Gb Free Space | 69,53% Space Free | Partition Type: NTFS
Drive E: | 273,44 Gb Total Space | 266,47 Gb Free Space | 97,45% Space Free | Partition Type: NTFS
Drive G: | 28,63 Gb Total Space | 28,62 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
 
Computer Name: AUTOCENTER0001 | User Name: Garage | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2016.03.04 08:42:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Garage\Desktop\Downloads\OTL.exe
PRC - [2016.02.16 09:26:18 | 000,392,136 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2016.01.12 21:01:44 | 046,400,568 | ---- | M] () -- C:\Programme\Trend Micro\PasswordManager\tower\PwmTower.exe
PRC - [2015.12.13 23:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015.09.30 21:47:04 | 001,856,184 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
PRC - [2015.09.17 06:15:10 | 000,686,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\Temp\CreativeCloudSet-Up.exe
PRC - [2015.09.17 05:59:30 | 002,258,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
PRC - [2015.09.17 05:59:22 | 002,292,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
PRC - [2015.09.15 08:09:46 | 000,174,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
PRC - [2015.09.15 08:09:16 | 000,669,872 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
PRC - [2015.09.04 16:54:06 | 001,843,368 | ---- | M] (Adobe Systems, Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
PRC - [2015.08.04 11:47:08 | 000,923,696 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2015.07.15 19:57:58 | 001,011,872 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
PRC - [2015.05.11 08:12:56 | 000,248,736 | ---- | M] () -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2016.01.12 21:01:44 | 046,400,568 | ---- | M] () -- C:\Programme\Trend Micro\PasswordManager\tower\PwmTower.exe
MOD - [2015.09.15 08:08:50 | 040,523,440 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
MOD - [2015.09.15 08:08:48 | 001,365,680 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libglesv2.dll
MOD - [2015.09.15 08:08:46 | 000,219,312 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libegl.dll
MOD - [2015.07.16 19:31:11 | 000,092,792 | ---- | M] () -- C:\Programme\Trend Micro\Titanium\UIFramework\boost_thread-vc110-mt-1_57.dll
MOD - [2015.07.16 19:31:11 | 000,049,544 | ---- | M] () -- C:\Programme\Trend Micro\Titanium\UIFramework\boost_date_time-vc110-mt-1_57.dll
MOD - [2015.07.16 19:31:11 | 000,032,552 | ---- | M] () -- C:\Programme\Trend Micro\Titanium\UIFramework\boost_chrono-vc110-mt-1_57.dll
MOD - [2015.07.16 19:31:11 | 000,024,312 | ---- | M] () -- C:\Programme\Trend Micro\Titanium\UIFramework\boost_system-vc110-mt-1_57.dll
MOD - [2015.03.17 01:34:22 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\de_de\acrotray.deu
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2015.07.22 14:52:08 | 001,633,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2015.07.16 19:58:34 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2015.05.30 20:36:24 | 000,230,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2015.05.12 14:19:37 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2015.05.07 16:21:51 | 000,522,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2015.02.21 00:49:18 | 000,780,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014.10.31 05:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014.10.29 05:09:06 | 000,092,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter)
SRV:64bit: - [2014.10.29 04:59:51 | 003,460,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014.10.29 04:50:11 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014.10.29 03:42:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2014.10.29 03:42:03 | 000,041,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2014.10.29 03:34:51 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2014.10.29 03:33:55 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2014.10.29 03:30:35 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2014.10.29 03:29:22 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2014.10.29 02:57:05 | 000,324,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2014.10.29 02:48:20 | 000,166,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2014.10.29 02:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2014.10.29 02:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2014.10.29 02:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2014.10.29 02:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2014.10.29 02:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2014.10.29 02:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2014.10.29 02:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2014.10.29 02:27:21 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2014.10.29 02:26:21 | 000,838,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014.10.29 02:24:37 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2014.10.29 02:22:40 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2014.10.29 02:20:03 | 000,262,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2014.10.29 02:19:20 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2014.10.29 02:16:17 | 000,154,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2014.10.29 02:13:24 | 000,374,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014.10.29 02:13:02 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2014.10.29 02:12:36 | 000,407,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014.10.29 02:12:22 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014.10.29 02:11:10 | 001,639,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014.10.29 02:05:09 | 000,206,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2014.10.29 01:48:52 | 000,562,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014.10.29 01:46:48 | 001,348,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014.10.29 01:35:51 | 001,668,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV - [2016.02.16 09:26:18 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016.02.09 18:56:24 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016.01.12 21:02:06 | 001,564,216 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Programme\Trend Micro\PasswordManager\PwmSvc.exe -- (PwmSvc)
SRV - [2015.12.13 23:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015.09.15 08:09:16 | 000,669,872 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe -- (AdobeUpdateService)
SRV - [2015.09.04 16:54:06 | 001,843,368 | ---- | M] (Adobe Systems, Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe -- (AGSService)
SRV - [2015.05.11 08:12:56 | 000,248,736 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe -- (UsbClientService)
SRV - [2015.05.07 16:05:40 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014.10.29 04:50:11 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014.10.29 02:51:55 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2014.10.29 02:04:45 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2011.01.28 20:34:52 | 000,032,336 | ---- | M] (Sanford, L.P.) [Auto | Running] -- C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe -- (DymoPnpService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015.11.23 09:47:25 | 000,324,912 | ---- | M] (Trend Micro Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2015.11.23 09:47:25 | 000,099,632 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2015.11.23 09:47:23 | 000,133,424 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2015.10.11 07:34:30 | 000,468,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2015.09.29 13:24:42 | 000,155,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2015.07.07 10:40:12 | 000,044,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2015.07.07 10:40:05 | 000,270,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2015.07.07 10:40:05 | 000,114,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2015.06.29 03:38:56 | 000,091,536 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TMUMH.sys -- (tmumh)
DRV:64bit: - [2015.06.26 11:20:04 | 000,116,528 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmusa.sys -- (tmusa)
DRV:64bit: - [2015.06.23 03:49:48 | 000,039,056 | ---- | M] (Trend Micro Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\tmel.sys -- (tmel)
DRV:64bit: - [2015.06.11 09:54:00 | 000,059,712 | ---- | M] (Trend Micro Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TMEBC64.sys -- (TMEBC)
DRV:64bit: - [2015.06.08 06:54:40 | 000,116,576 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tmeevw.sys -- (tmeevw)
DRV:64bit: - [2015.05.28 11:26:40 | 000,416,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tmnciesc.sys -- (tmnciesc)
DRV:64bit: - [2015.04.16 07:17:07 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2015.03.20 02:56:10 | 000,080,384 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2015.03.13 05:03:31 | 000,239,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2015.03.09 03:02:51 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2015.03.09 03:02:45 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2015.03.04 11:25:11 | 000,377,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2015.01.29 08:14:20 | 000,095,088 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2015.01.29 08:14:20 | 000,094,008 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (tosrfusb)
DRV:64bit: - [2015.01.29 08:14:18 | 000,306,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2014.11.10 19:06:59 | 000,136,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014.10.29 04:59:47 | 000,415,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014.10.29 04:57:42 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014.10.29 04:56:04 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014.10.29 03:46:43 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2014.10.29 03:46:09 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2014.10.29 03:45:54 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014.10.29 03:45:39 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2014.10.29 03:45:16 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2014.10.29 02:50:37 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2014.10.15 09:32:36 | 000,921,920 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014.10.13 03:43:17 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014.10.13 03:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014.10.07 07:54:45 | 000,189,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014.10.07 07:44:39 | 000,069,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2014.08.15 01:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014.06.10 20:50:24 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014.03.13 13:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014.02.22 16:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014.02.22 13:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014.01.22 08:52:12 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudserd.sys -- (ssudserd)
DRV:64bit: - [2014.01.22 07:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014.01.22 07:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013.11.17 18:05:52 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013.10.26 02:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013.09.30 05:13:28 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013.09.30 04:59:31 | 000,022,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr)
DRV:64bit: - [2013.09.30 04:59:20 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013.09.30 04:59:19 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:64bit: - [2013.09.30 04:59:19 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2013.09.30 04:59:19 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2013.08.22 14:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013.08.22 14:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013.08.22 13:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013.08.22 13:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013.08.22 13:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013.08.22 13:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013.08.22 13:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013.08.22 13:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013.08.22 13:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013.08.22 13:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013.08.22 13:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013.08.22 13:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013.08.22 13:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013.08.22 13:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013.08.22 13:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013.08.22 13:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013.08.22 13:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013.08.22 13:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013.08.22 13:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013.08.22 13:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013.08.22 13:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013.08.22 13:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013.08.22 13:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013.08.22 13:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013.08.22 13:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013.08.22 13:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013.08.22 13:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013.08.22 12:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2013.08.22 12:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013.08.22 12:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013.08.22 12:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013.08.22 12:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013.08.22 12:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013.08.22 12:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013.08.22 12:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013.08.22 12:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013.08.22 12:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013.08.22 12:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013.08.22 12:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013.08.22 12:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013.08.22 12:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013.08.22 12:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013.08.22 12:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013.08.22 09:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013.08.13 00:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013.08.10 01:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013.07.31 19:25:45 | 001,975,000 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTWlanU.sys -- (RtlWlanu)
DRV:64bit: - [2013.07.30 19:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013.07.25 20:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013.06.18 15:46:17 | 000,591,360 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013.03.26 06:47:18 | 000,012,288 | ---- | M] (TPMX Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pvendrlf.SYS -- (pvendrlf)
DRV:64bit: - [2013.03.26 06:46:52 | 000,034,816 | ---- | M] (TPMX Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\phidmice.sys -- (phidmice)
DRV:64bit: - [2013.03.26 06:40:18 | 000,023,040 | ---- | M] (TPMX Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pmouself.SYS -- (pmouself)
DRV:64bit: - [2012.08.03 10:42:24 | 000,057,824 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\busenum.sys -- (busenum)
DRV:64bit: - [2012.06.19 06:09:14 | 000,360,448 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.06.19 06:05:46 | 011,926,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2009.12.18 09:55:18 | 000,039,936 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdmako.sys -- (bdmako)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [String data over 1000 bytes]
IE:64bit: - HKLM\..\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC B8 3F 10 E0 C7 CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [String data over 1000 bytes]
IE - HKCU\..\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "AT"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.region: "AT"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.at"
FF - prefs.js..extensions.enabledAddons: tmbepff%40trendmicro.com:9.1.0.1035
FF - prefs.js..extensions.enabledAddons: %7B22181a4d-af90-4ca3-a569-faed9118d6bc%7D:9.0.0.1235
FF - prefs.js..extensions.enabledAddons: %7BBBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C%7D:2.0.0.1083
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:44.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\synology.com/SurveillancePlugin_x86_64: C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.774\npSurveillancePlugin_x86_64.dll (Synology)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll ()
FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.60.2: C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.60.2: C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\synology.com/SurveillancePlugin: C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.774\npSurveillancePlugin.dll (Synology)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\tmbepff@trendmicro.com: C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20002\9.1.1035\9.1.1035\FIREFOXEXTENSION [2016.02.04 09:54:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\tmbepff@trendmicro.com: C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension [2016.02.04 09:54:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2016.02.04 09:56:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}: C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\ [2016.02.04 09:55:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 44.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 44.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{93FA0821-33FB-2342-77FC-2B08D61DDD9E}: C:\Program Files (x86)\video-saver\161.xpi
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 44.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 44.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.11.30 17:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Garage\AppData\Roaming\mozilla\Extensions
[2016.03.04 07:49:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Garage\AppData\Roaming\mozilla\Firefox\Profiles\5mmkpxr7.default\extensions
[2016.01.14 16:56:04 | 000,000,000 | ---D | M] (Password Manager) -- C:\Users\Garage\AppData\Roaming\mozilla\Firefox\Profiles\5mmkpxr7.default\extensions\dp35@passwordmanager
[2016.02.24 09:23:00 | 001,013,992 | ---- | M] () (No name found) -- C:\Users\Garage\AppData\Roaming\mozilla\firefox\profiles\5mmkpxr7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016.02.16 09:26:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2016.02.16 09:26:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2016.02.04 09:54:55 | 000,000,000 | ---D | M] (Trend Micro BEP Firefox Extension) -- C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20002\9.1.1035\9.1.1035\FIREFOXEXTENSION
[2016.02.04 09:55:44 | 000,000,000 | ---D | M] (Trend Micro Osprey Firefox Extension) -- C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20013\FXEXT\FIREFOXEXTENSION
[2016.02.04 09:56:14 | 000,000,000 | ---D | M] (Trend Micro Toolbar) -- C:\PROGRAM FILES\TREND MICRO\TITANIUM\UIFRAMEWORK\TOOLBAR\FIREFOXEXTENSION
 
O1 HOSTS File: ([2013.08.22 14:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Trend Micro Security Toolbar Helper) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Programme\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Password Manager BHO) - {782829FB-43A5-4AE0-A14E-590A252E7946} - C:\Programme\Trend Micro\PasswordManager\bhoDirectPass64.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Trend Micro Netzwerkfilter-Plug-in) - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Programme\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll (Adobe Systems Incorporated)
O2:64bit: - BHO: (Trend Micro IE-Schutz) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Programme\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe64.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll (Adobe Systems Incorporated)
O2 - BHO: (Trend Micro Security Toolbar Helper) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Programme\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Password Manager BHO) - {782829FB-43A5-4AE0-A14E-590A252E7946} - C:\Programme\Trend Micro\PasswordManager\bhoDirectPass32.dll (Trend Micro Inc.)
O2 - BHO: (Trend Micro Netzwerkfilter-Plug-in) - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Programme\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (Adobe Systems Incorporated)
O2 - BHO: (Trend Micro IE-Schutz) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Programme\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Password Manager Symbolleiste) - {97EE74D2-C351-4ECE-B75A-8CD36FAE3661} - C:\Programme\Trend Micro\PasswordManager\bhoDirectPass64.dll (Trend Micro Inc.)
O3:64bit: - HKLM\..\Toolbar: (Trend Micro Security Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Programme\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Password Manager Symbolleiste) - {97EE74D2-C351-4ECE-B75A-8CD36FAE3661} - C:\Programme\Trend Micro\PasswordManager\bhoDirectPass32.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (Trend Micro Security Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Programme\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Platinum] C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ESI[tronic] WLAN Service] E:\Bosch\ESIStart\remoteservice\apache-tomcat-6.0.18\bin\launch.bat ()
O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Dropbox Update] C:\Users\Garage\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
O4 - HKCU..\Run: [DymoQuickPrint] C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.)
O4:64bit: - HKLM..\RunOnce: [DCERegBootClean64] C:\Windows\RegBootClean64.exe (Trend Micro Inc.)
O4 - Startup: C:\Users\Garage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Garage\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Garage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\SysWow64\GPhotos.scr (Google Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: trendmicro.com ([pwm] https in Trusted sites)
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} hxxp://webc.autocenter-egger.at/auth/controls/IlosoftImageUpload.dll (IlosoftImageUploadCtl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 213.33.99.70
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5522B068-22A4-4C41-B385-20C43A363A25}: DhcpNameServer = 192.168.0.254 213.33.99.70
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Programme\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmop {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Programme\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Programme\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Programme\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Programme\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmop {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Programme\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Programme\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Programme\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2016.03.04 08:35:01 | 000,399,360 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\RegBootClean64.exe
[2016.03.04 08:33:29 | 000,000,000 | ---D | C] -- C:\FRST
[2016.03.03 08:43:45 | 000,000,000 | ---D | C] -- C:\NPE
[2016.03.03 08:41:26 | 000,000,000 | ---D | C] -- C:\Users\Garage\Documents\2016-03-03 08-41-26
[2016.03.03 08:40:05 | 000,000,000 | ---D | C] -- C:\Users\Garage\AppData\Local\NPE
[2016.03.03 08:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2016.03.02 14:39:20 | 000,000,000 | ---D | C] -- C:\Users\Garage\Documents\A1_Gewinner.Quittung_N0000000416
[2016.02.29 18:04:57 | 000,000,000 | ---D | C] -- C:\Users\Garage\Documents\2016-02-29 18-04-57
[2016.02.20 03:16:41 | 000,000,000 | ---D | C] -- C:\Users\Garage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2016.02.16 09:26:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2016.02.15 16:21:44 | 000,000,000 | ---D | C] -- C:\Users\Garage\Documents\2016-02-15 16-21-44
[2016.02.04 09:47:16 | 000,000,000 | -H-D | C] -- C:\TMRescueDisk
[2016.02.04 09:43:20 | 000,000,000 | ---D | C] -- C:\Users\Garage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Maximum Security
[2016.02.04 09:42:36 | 000,416,608 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\SysNative\drivers\tmnciesc.sys
[2016.02.04 09:42:36 | 000,116,576 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\SysNative\drivers\tmeevw.sys
[2016.02.04 09:42:32 | 000,324,912 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\SysNative\drivers\tmcomm.sys
[2016.02.04 09:42:32 | 000,133,424 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\SysNative\drivers\tmactmon.sys
[2016.02.04 09:42:32 | 000,099,632 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\SysNative\drivers\tmevtmgr.sys
[2016.02.04 09:42:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\tmumh
[2016.02.04 09:42:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\tmumh
[2016.02.04 09:42:29 | 000,091,536 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\SysNative\drivers\TMUMH.sys
[2016.02.04 09:42:29 | 000,059,712 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\SysNative\drivers\TMEBC64.sys
[2016.02.04 09:42:28 | 000,116,528 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\SysNative\drivers\tmusa.sys
[2016.02.04 09:42:28 | 000,039,056 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\SysNative\drivers\tmel.sys
[2016.02.04 08:24:01 | 000,000,000 | ---D | C] -- C:\Users\Garage\Documents\2016-02-04 08-24-01
[2016.02.04 01:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro Installer
 
========== Files - Modified Within 30 Days ==========
 
[2016.03.04 08:35:18 | 000,399,360 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\RegBootClean64.exe
[2016.03.04 08:35:18 | 000,006,164 | ---- | M] () -- C:\WINDOWS\RegBootClean64.CFG
[2016.03.04 08:27:23 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2016.03.04 08:25:19 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2016.03.04 08:25:17 | 3220,533,248 | -HS- | M] () -- C:\hiberfil.sys
[2016.03.04 08:14:20 | 000,001,258 | ---- | M] () -- C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-2095745683-4145096745-1348099192-1001UA.job
[2016.03.04 07:56:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2016.03.03 13:14:01 | 000,001,206 | ---- | M] () -- C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-2095745683-4145096745-1348099192-1001Core.job
[2016.03.03 10:49:18 | 001,776,918 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2016.03.03 10:49:18 | 000,764,340 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat
[2016.03.03 10:49:18 | 000,722,278 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2016.03.03 10:49:18 | 000,159,160 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat
[2016.03.03 10:49:18 | 000,135,394 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2016.03.03 08:56:59 | 000,001,147 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2016.03.02 14:40:39 | 000,045,724 | ---- | M] () -- C:\ProgramData\JGDKSHYR.com
[2016.03.01 07:41:46 | 000,001,621 | ---- | M] () -- C:\Users\Garage\Desktop\EAngels - Verknüpfung.lnk
[2016.02.29 10:12:22 | 000,002,071 | ---- | M] () -- C:\Users\Garage\Desktop\03 2016 - Verknüpfung.lnk
[2016.02.24 11:54:08 | 000,002,632 | ---- | M] () -- C:\Users\Garage\Desktop\Kunden Scans - Verknüpfung.lnk
[2016.02.24 11:54:08 | 000,001,645 | ---- | M] () -- C:\Users\Garage\Desktop\Yvonne privat - V.lnk
[2016.02.24 11:54:08 | 000,001,617 | ---- | M] () -- C:\Users\Garage\Desktop\Vordrucke - Verknüpfung.lnk
[2016.02.24 11:54:08 | 000,001,617 | ---- | M] () -- C:\Users\Garage\Desktop\MENS SEIN - Verknüpfung.lnk
[2016.02.17 15:09:54 | 000,151,414 | ---- | M] () -- C:\WINDOWS\unins000.dat
[2016.02.17 15:09:46 | 001,174,979 | ---- | M] () -- C:\WINDOWS\unins000.exe
[2016.02.16 08:54:31 | 000,377,584 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2016.02.04 09:40:09 | 000,000,059 | ---- | M] () -- C:\WINDOWS\SysNative\SupportTool.exe.bat
 
========== Files Created - No Company Name ==========
 
[2016.03.04 08:35:01 | 000,006,164 | ---- | C] () -- C:\WINDOWS\RegBootClean64.CFG
[2016.03.02 14:40:39 | 000,045,724 | ---- | C] () -- C:\ProgramData\JGDKSHYR.com
[2016.03.01 07:42:06 | 000,001,621 | ---- | C] () -- C:\Users\Garage\Desktop\EAngels - Verknüpfung.lnk
[2016.02.29 10:12:30 | 000,002,071 | ---- | C] () -- C:\Users\Garage\Desktop\03 2016 - Verknüpfung.lnk
[2016.02.17 15:09:54 | 001,174,979 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2016.02.17 13:58:31 | 000,151,414 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2016.02.04 09:40:09 | 000,000,059 | ---- | C] () -- C:\WINDOWS\SysNative\SupportTool.exe.bat
[2015.11.05 13:44:01 | 000,002,409 | ---- | C] () -- C:\Users\Garage\AppData\Local\recently-used.xbel
[2015.03.12 10:54:13 | 000,107,008 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2015.03.12 10:52:09 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2014.11.05 10:46:33 | 000,000,036 | ---- | C] () -- C:\Users\Garage\AppData\Local\housecall.guid.cache
[2014.10.03 19:12:59 | 000,000,773 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2014.10.03 19:12:59 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2014.10.03 19:11:20 | 000,001,147 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2014.10.03 19:11:20 | 000,000,034 | ---- | C] () -- C:\WINDOWS\SysWow64\bd9450cd.dat
[2014.10.03 19:11:20 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2014.10.03 19:11:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\SysWow64\BrMuSNMP.dll
[2014.10.03 19:11:00 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2014.10.03 19:10:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2014.10.03 19:10:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SysWow64\BRTCPCON.DLL
[2014.10.03 19:10:49 | 000,000,114 | ---- | C] () -- C:\WINDOWS\SysWow64\BRLMW03A.INI
[2014.05.21 11:54:25 | 000,000,305 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2014.04.29 15:43:21 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014.04.28 07:26:46 | 000,000,650 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013.07.01 12:48:28 | 000,047,883 | ---- | C] () -- C:\Users\Garage\Stundenbericht 6.2013.pdf
[2012.11.21 18:20:11 | 000,007,602 | ---- | C] () -- C:\Users\Garage\AppData\Local\Resmon.ResmonCfg
[2009.07.09 13:46:14 | 000,105,056 | ---- | C] () -- C:\Program Files (x86)\HGS_SetupBanner.bmp
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2016.01.22 09:01:44 | 022,365,992 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016.01.22 08:11:11 | 019,794,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014.10.29 02:19:43 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014.10.29 01:59:23 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014.10.29 02:16:01 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014.02.03 09:47:03 | 000,000,000 | ---D | M] -- C:\Users\Garage\AppData\Roaming\ASCOMP Software
[2014.05.21 12:49:37 | 000,000,000 | ---D | M] -- C:\Users\Garage\AppData\Roaming\Canon
[2016.02.20 03:16:54 | 000,000,000 | ---D | M] -- C:\Users\Garage\AppData\Roaming\Dropbox
[2013.06.06 09:54:49 | 000,000,000 | ---D | M] -- C:\Users\Garage\AppData\Roaming\Foxit Software
[2014.02.03 09:48:29 | 000,000,000 | ---D | M] -- C:\Users\Garage\AppData\Roaming\Hexonic Software
[2015.10.30 14:07:44 | 000,000,000 | ---D | M] -- C:\Users\Garage\AppData\Roaming\inkscape
[2012.12.23 19:48:56 | 000,000,000 | ---D | M] -- C:\Users\Garage\AppData\Roaming\JDownloaderPackages
[2014.05.21 12:02:11 | 000,000,000 | ---D | M] -- C:\Users\Garage\AppData\Roaming\Lexware
[2013.01.04 10:52:02 | 000,000,000 | ---D | M] -- C:\Users\Garage\AppData\Roaming\OpenOffice.org
[2014.10.06 09:29:59 | 000,000,000 | ---D | M] -- C:\Users\Garage\AppData\Roaming\PC-FAX TX
[2015.01.07 13:55:42 | 000,000,000 | ---D | M] -- C:\Users\Garage\AppData\Roaming\PearlMountain
[2014.12.19 09:06:33 | 000,000,000 | ---D | M] -- C:\Users\Garage\AppData\Roaming\PhotoFiltre 7
[2014.11.27 09:11:25 | 000,000,000 | ---D | M] -- C:\Users\Garage\AppData\Roaming\ProSaldo
[2013.03.05 18:34:01 | 000,000,000 | ---D | M] -- C:\Users\Garage\AppData\Roaming\Scan2PDF
[2015.12.30 21:54:38 | 000,000,000 | ---D | M] -- C:\Users\Garage\AppData\Roaming\Synology
[2015.07.10 08:11:13 | 000,000,000 | ---D | M] -- C:\Users\Garage\AppData\Roaming\TeamViewer
[2012.11.30 17:16:33 | 000,000,000 | ---D | M] -- C:\Users\Garage\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\Garage\SkyDrive:ms-properties
@Alternate Data Stream - 200 bytes -> C:\Users\Garage\SkyDrive.old:ms-properties

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 04.03.2016 08:43:17 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Garage\Desktop\Downloads
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18205)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 43,07% Memory free
6,87 Gb Paging File | 4,53 Gb Available in Paging File | 65,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 191,98 Gb Total Space | 133,48 Gb Free Space | 69,53% Space Free | Partition Type: NTFS
Drive E: | 273,44 Gb Total Space | 266,47 Gb Free Space | 97,45% Space Free | Partition Type: NTFS
Drive G: | 28,63 Gb Total Space | 28,62 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
 
Computer Name: AUTOCENTER0001 | User Name: Garage | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18D2AAF4-A270-47CE-A315-30F2E92BDA3C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1CC5D03D-1105-4204-984D-BA407E7892ED}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2FA80EAD-DD47-4928-9068-CE40AB3EF032}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3A9C857D-737B-4EEB-848A-6EDDA6F8FBA2}" = lport=139 | protocol=6 | dir=in | app=system | 
"{518C83A2-75EE-4642-9457-12AE9625FCA8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5506441A-24BA-4DAC-B2D2-4C0B8C91D653}" = rport=137 | protocol=17 | dir=out | app=system | 
"{67B0C0A6-38EC-488F-9219-46A735F6CCCF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{91A934E6-DCF9-48DD-8318-6599F5B53E36}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9FB8774D-AFB1-43E2-8DB8-F0D452E9482E}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{B459F93E-1E85-46D4-A095-1896314A29F4}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C78FC930-EF90-4279-9051-EBB086BDF26D}" = lport=8752 | protocol=6 | dir=in | name=esi[tronic] wlan service | 
"{DA3792AA-B33D-4016-944B-31E67ED99491}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E820B9CE-7F45-4A96-8E0D-13BA32175AB2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F6F40FC3-2D15-436A-AA1C-54245F88D6C9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BC239E-8A08-4BA2-A102-8E002D64702D}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20947_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{05BAFFCA-276A-4800-A705-964ECEA89120}" = dir=out | name=@{microsoft.zunemusic_2.6.672.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{0B6DE5D7-FCC1-4471-A057-E71A5700E47E}" = dir=out | name=@{microsoft.bingsports_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | 
"{1A576A57-7DCD-4FD6-8E53-FA0EC23D2334}" = dir=out | name=componentone spreadsheet viewer | 
"{1B762667-084D-4EAA-9609-F7EC75B0673E}" = protocol=17 | dir=in | app=c:\program files (x86)\upc austria\install master\upc_install_master.exe | 
"{1D11427A-9ACD-4910-ACDF-86886530D87D}" = dir=out | name=windows_ie_ac_001 | 
"{1D6532B1-09D2-40B3-9D3A-18FEC1A3215C}" = dir=out | name=skype | 
"{246392C2-E8CA-4DB0-B024-3682E1B8BA08}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{2EDF9BB5-CFE0-49C8-A7F9-B03F3E99B170}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{31A811D9-3E17-4F43-84CF-FE56470B4A3D}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{33DFE99A-229D-4E49-8214-CBEBED62B9FB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{368C60CE-C2D1-414E-940B-70EB9E7B493D}" = dir=out | name=@{microsoft.bingweather_3.0.4.337_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} | 
"{39AE0042-14C8-4174-918D-8DD4F5DEA34F}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{3EF584DC-CFD3-49A6-AD70-870A641E6E9B}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | 
"{4009657F-461F-4326-AD13-F701573280DB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{40CE0694-20FB-4E03-BF79-B094FE1953C5}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl06d\faxrx.exe | 
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | 
"{4764B15F-003B-4674-8387-C9FAC2600432}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20947_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{4B0DE099-003F-437E-80F4-0DA2C7EA521D}" = dir=in | name=sonicwall mobile connect | 
"{4CAE74C1-7DF6-4DA3-A8E6-429774192B02}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{4D4DD170-5279-4A51-85D7-B52AB2ED7E25}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl06d\faxrx.exe | 
"{4FF6A927-DFF5-4BD1-8577-BA03C0420016}" = dir=out | name=hp all-in-one printer remote | 
"{51275F83-D0AF-4E05-AC0A-D690092E559A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5156CC81-E164-4C1D-84C2-B1089C518474}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{5346D61E-F523-415C-8D47-DC75EE8AFABA}" = protocol=6 | dir=in | app=c:\users\garage\appdata\roaming\dropbox\bin\dropbox.exe | 
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | 
"{57C6B110-7BCA-4758-BF0E-39F3D7146AE1}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{58AE815F-DA71-40C0-90E1-1A627558BBC8}" = protocol=17 | dir=in | app=c:\program files (x86)\upc austria\install master\upc_install_master.exe | 
"{5B2552D2-EA6D-4D07-9DD9-C9B1F3BA1D8D}" = protocol=6 | dir=in | app=e:\bosch\esistart\jre\bin\javaw.exe | 
"{5CB78F7B-5A70-4F6B-A375-670930DA0D92}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{5ED994A3-6CDB-4DC6-A839-D807F64E6701}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | 
"{61B7EE56-8A1B-477B-AF40-6C2D523ACBBD}" = protocol=6 | dir=in | app=c:\program files (x86)\upc austria\install master\upc_install_master.exe | 
"{67B9E224-B258-4E4A-A326-C43B8FB886C0}" = dir=out | name=sonicwall mobile connect | 
"{6B92476C-3BDD-40FC-8705-3C12F45B501A}" = dir=out | name=@{microsoft.zunevideo_2.6.446.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{7380E122-182F-4A3D-9EB6-CA60CFCF9B24}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{8259875F-11D2-407C-BE88-94D1854DEC0A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8A8CEB16-2912-454E-BD04-67926353E3E0}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | 
"{9004D65C-47B1-4670-88B9-791B5AB1839E}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{908601F1-CF44-49B3-82C1-C2BD623E3560}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{961AA095-F622-4572-B98D-E919C06F284A}" = dir=out | name=f5 vpn | 
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{A070E724-6AD9-42DE-8474-63E35CA4388D}" = dir=out | name=@{microsoft.bingnews_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | 
"{A0AFB33A-61E9-45C0-857A-538D19AE3C9D}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{A1C7A335-D30C-4E62-88B8-A81DDF9958F8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A486E554-41F7-474C-ADB5-27D6E91D22FB}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{A4A191B3-1442-40F0-96BF-EC96463B6F7B}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{A72AA9F0-85E2-4E14-802A-19E201D0EA2E}" = dir=out | name=check point vpn | 
"{AA247CC7-CB45-47A0-8246-A979D54BC6B7}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{B25D40FD-BC9F-4D56-9300-84CA7DD52011}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{B5388642-7621-4609-BD54-68A64C3542B1}" = dir=in | name=hp all-in-one printer remote | 
"{B5806C16-BE9E-4D39-BCD1-DD1BE9595FFE}" = protocol=17 | dir=in | app=e:\bosch\esistart\jre\bin\javaw.exe | 
"{B724D150-BD95-4FF9-9F89-FADAFABC1E4E}" = dir=in | name=skype | 
"{B9CC1789-09FF-4272-9603-7B3636D3E938}" = dir=out | name=@{microsoft.bingtravel_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | 
"{BA3A3E5B-5E5C-4128-911F-4BF5A3C08265}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{BAE8B2E5-A4C6-4223-A330-35ADC792B350}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{C276417B-CED2-4C94-AF95-6261EA85D5A7}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{C282F5CB-588D-42BF-8842-1AAA35E80FF4}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{CC24FA6E-CAEC-478D-8353-EC4AFF80856B}" = protocol=17 | dir=in | app=c:\users\garage\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D0ECAEF2-0238-4A5D-8525-48D5321F9E9C}" = dir=out | name=windows_ie_ac_001 | 
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | 
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | 
"{DD5A8742-BC64-4D97-A29A-00CDBAD9DA38}" = dir=in | name=juniper networks junos pulse | 
"{E005BA17-557A-4724-A272-9C48A4BF0518}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{E0164916-AB05-4FC2-988A-840C78A1B1C0}" = protocol=6 | dir=in | app=c:\program files (x86)\upc austria\install master\upc_install_master.exe | 
"{E36E3FE0-754A-4BBF-BB18-2BE9B5547948}" = dir=out | name=@{microsoft.bingfinance_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | 
"{E41A6571-4EF9-4C49-9BDF-A9BD22AE00E7}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{EB2B836E-9EF2-40B3-AA03-F2DD20FAFE59}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | 
"{F0536307-EFB1-4A7C-8CAC-DAD4B43182B2}" = dir=out | name=code writer | 
"{F2B9B918-0A83-4B33-AB7E-4E45611C1C01}" = dir=out | name=juniper networks junos pulse | 
"{F337E00F-957A-4DCB-B1B6-EC7529427280}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{F4432B34-DBFD-4873-AB85-EBA01A7AA88D}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | 
"{F6E85796-3638-4DDA-913F-359B484E7C72}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{F75731BD-A2B9-4441-A30E-A082A44BD1FD}" = dir=in | name=f5 vpn | 
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | 
"{F87925FD-2543-4610-AD82-8A5D0EAB674C}" = dir=in | name=check point vpn | 
"{F8964565-1C87-421F-8FCA-6C33148CDE10}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{1D101B5B-FDFC-4700-A881-3B85024F5A5F}C:\users\garage\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\garage\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{54B45811-6465-4187-93BC-6B7E4DC6EB83}C:\users\garage\desktop\downloads\iputility.exe" = protocol=6 | dir=in | app=c:\users\garage\desktop\downloads\iputility.exe | 
"TCP Query User{5A73FA24-00C9-41A8-9DCB-A4ECBE0541AD}C:\program files (x86)\hella gutmann solutions\portal\remoteclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hella gutmann solutions\portal\remoteclient.exe | 
"TCP Query User{6E9113BD-A87A-49A7-AAEB-605C8759A22C}C:\program files (x86)\synology\assistant\dsassistant.exe" = protocol=6 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe | 
"TCP Query User{8B25D6EF-673A-4B9F-A773-DB6C5C1D3F01}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"TCP Query User{C8494C6B-8409-4417-8106-58DAF0AF688A}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"TCP Query User{ED71D79F-47F5-416A-9E57-7BACA4162442}C:\program files (x86)\axis communications\axis camera companion\cameracompanion.exe" = protocol=6 | dir=in | app=c:\program files (x86)\axis communications\axis camera companion\cameracompanion.exe | 
"UDP Query User{3B55EF35-9B7A-45CD-8FC3-4B744099C0B7}C:\program files (x86)\axis communications\axis camera companion\cameracompanion.exe" = protocol=17 | dir=in | app=c:\program files (x86)\axis communications\axis camera companion\cameracompanion.exe | 
"UDP Query User{69DCBB02-2E0C-47F5-8B0E-AD5B35E44168}C:\program files (x86)\hella gutmann solutions\portal\remoteclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hella gutmann solutions\portal\remoteclient.exe | 
"UDP Query User{717710C1-A349-45F2-8928-C1F0992E3016}C:\program files (x86)\synology\assistant\dsassistant.exe" = protocol=17 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe | 
"UDP Query User{AC1E4ED2-322A-431B-9241-B0CB0EE40A5E}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"UDP Query User{B5246EA9-006C-4AED-B83A-F5385F893346}C:\users\garage\desktop\downloads\iputility.exe" = protocol=17 | dir=in | app=c:\users\garage\desktop\downloads\iputility.exe | 
"UDP Query User{D2680FF2-0878-437D-8E55-AF419200D169}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"UDP Query User{D8B989EE-D06D-4D9D-A927-457AC7BF3A7C}C:\users\garage\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\garage\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1A3B22D6-4932-4920-B7D3-7D17D36E9BA4}" = Microsoft SQL Server 2005-Abwärtskompatibilität
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7B96E1A3-7347-4513-B105-4D3595DBA32D}" = Update for Microsoft en-us Dictionary
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}" = Microsoft SQL Server 2012 Native Client 
"{92124FFB-5113-4D64-A6BA-7D6D362A6265}" = VCRT for DirectPass x64
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Maximum Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{E9EC941D-16E5-46FD-AB44-928ED7839CCC}" = VCRT for DirectPass x64
"3A0FB4E3-2C0D-4572-A24D-67F1CAABDDP35_is1" = Trend Micro Password Manager
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{26A24AE4-039D-4CA4-87B4-2F83218060F0}" = Java 8 Update 60
"{32608567-3C24-413D-8F5F-9FB8EDA7D3C3}_is1" = Robert Bosch GmbH AA/DGP USB Driver Package
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{44334193-827E-47B4-AB2A-E49F2A102E21}" = VCRT for DirectPass x86
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}" = Microsoft-System-CLR-Typen für SQL Server 2012
"{5B643BF5-11A2-4A75-86D4-8F522DE92AA2}_is1" = POS58 Series Printer Driver version 1.5
"{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}" = Microsoft SQL Server 2012 Management Objects
"{6D308A90-6C14-4A02-9B04-CB0EF17894A9}_is1" = Picture Collage Maker Pro 4.1.3
"{77A0C903-77D0-404D-B963-DF0D93EC4449}" = SurveillancePlugin
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6FE3FFD-BD70-4FD6-A436-62417F0A81EB}_is1" = AXIS Camera Companion 2.11
"{AC76BA86-0804-1033-1959-001824166751}" = Adobe Refresh Manager
"{AC76BA86-1033-FFFF-7760-0C0F074E4100}" = Adobe Acrobat DC
"{AC76BA86-7AD7-1031-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC - Deutsch
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B1C3F49A-DE7D-1AC1-0913-039C1A8B9B82}" = Grewe Scanner-Interface 7
"{BAF65595-558B-46A0-8AF2-4D2AA4E97411}" = Hella Gutmann TecDoc Interface 1.2
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}" = Brother MFL-Pro Suite MFC-9450CDN
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{D578BA50-9449-417E-912D-1735FD311FA7}" = Hella Gutmann Portal 1.91
"{DA77842F-3206-4B65-A140-887D62C4F58E}_is1" = Bosch-Unprogrammed Cypress USB 3.0 Driver Package Version 2.1.0.0
"{EC78E48C-555F-11E1-A994-5FF64724019B}_is1" = Hexonic ScanToPDF Version 1.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FD45B178-B1C1-4D2A-B8C8-CD7B4F687F1C}" = VCRT for DirectPass x86
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Creative Cloud" = Adobe Creative Cloud
"Adobe Flash Player NPAPI" = Adobe Flash Player 20 NPAPI
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"DYMO Label v.8" = DYMO Label v.8
"ESI[tronic] Startcenter" = ESI[tronic] Startcenter
"FaBu Icon_is1" = FaBu Icon
"Foxit Reader_is1" = Foxit Reader
"Inkscape" = Inkscape 0.91
"MonKey Faktura 2012_is1" = MonKey Faktura 2012, Version 9.1.0
"MonKey Office 2014_is1" = MonKey Office 2014, Version 11.3.2
"Mozilla Firefox 44.0.2 (x86 de)" = Mozilla Firefox 44.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"ProSaldo Studio_is1" = ProSaldo Studio
"Scan2PDF_is1" = Scan2PDF 1.6
"Synology Assistant" = Synology Assistant (remove only)
"VLC media player" = VLC media player 2.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"JDownloader Packages" = JDownloader Packages
"PhotoFiltre 7" = PhotoFiltre 7
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.03.2016 03:28:05 | Computer Name = Autocenter0001 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“
 ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 04.03.2016 03:28:05 | Computer Name = Autocenter0001 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“
 ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 04.03.2016 03:28:05 | Computer Name = Autocenter0001 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“
 ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 04.03.2016 03:40:31 | Computer Name = Autocenter0001 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“
 ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 04.03.2016 03:40:31 | Computer Name = Autocenter0001 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“
 ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 04.03.2016 03:40:31 | Computer Name = Autocenter0001 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“
 ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 04.03.2016 03:55:40 | Computer Name = Autocenter0001 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“
 ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 04.03.2016 03:55:40 | Computer Name = Autocenter0001 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“
 ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 04.03.2016 03:55:40 | Computer Name = Autocenter0001 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“
 ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 04.03.2016 03:55:40 | Computer Name = Autocenter0001 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“
 ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
[ System Events ]
Error - 09.08.2015 12:18:18 | Computer Name = Autocenter0001 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
 
Error - 10.08.2015 08:40:59 | Computer Name = Autocenter0001 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
 
Error - 11.08.2015 05:13:39 | Computer Name = Autocenter0001 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
 
Error - 11.08.2015 05:23:21 | Computer Name = Autocenter0001 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
 
Error - 12.08.2015 01:59:36 | Computer Name = Autocenter0001 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
 
Error - 12.08.2015 21:41:15 | Computer Name = Autocenter0001 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
 
Error - 13.08.2015 18:30:01 | Computer Name = Autocenter0001 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
 
Error - 14.08.2015 14:11:54 | Computer Name = Autocenter0001 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
 
Error - 15.08.2015 05:44:29 | Computer Name = Autocenter0001 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Platinum Host Service erreicht.
 
Error - 15.08.2015 05:58:40 | Computer Name = Autocenter0001 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
 
 
< End of report >
         
__________________

Geändert von pyjamahai (04.03.2016 um 08:58 Uhr)

Alt 04.03.2016, 12:39   #4
Deathkid535
/// Malwareteam
 
ELBA Onlinebanking - da ist was faul - Standard

ELBA Onlinebanking - da ist was faul



Hi,

deaktivier TrendMicro bitte und mach meine Schritte nochmal, OTL ist veraltet.

Antwort

Themen zu ELBA Onlinebanking - da ist was faul
banking, cleaner, dateien, daten, ebanking, eingebe, einloggen, elba banking, entfernt, handy, https, kennwort, konto, natürlich, nicht mehr, norton, nummer, online, online banking, onlinebanking, popup, power, problem, raiffeisenbank, seite, versucht, überhaupt, zugreifen



Ähnliche Themen: ELBA Onlinebanking - da ist was faul


  1. Problem bei Telebanking Raiffeisen ELBA - Login wird auf andere Seite umgeleitet.
    Log-Analyse und Auswertung - 15.09.2015 (19)
  2. Onlinebanking-Trojaner Zeus2 / ZBot obwohl KEIN Onlinebanking genutzt wird
    Plagegeister aller Art und deren Bekämpfung - 21.05.2013 (4)
  3. Da ist was faul * Antivir 2009
    Mülltonne - 19.11.2008 (0)
  4. zu faul zum system aufsetzen..
    Mülltonne - 10.10.2008 (0)
  5. hijackthis log file, irgendetwas faul?
    Mülltonne - 30.06.2007 (0)
  6. könnt hier auch was faul sein ??
    Log-Analyse und Auswertung - 04.06.2007 (1)
  7. svchost.exe - irgendwas faul
    Plagegeister aller Art und deren Bekämpfung - 27.05.2007 (5)
  8. Ist hier was Faul??
    Log-Analyse und Auswertung - 14.02.2006 (3)
  9. Hier muss was faul sein!
    Log-Analyse und Auswertung - 08.02.2006 (2)
  10. Was ist faul auf meinem Rechner?
    Log-Analyse und Auswertung - 13.10.2005 (1)
  11. irgendwas ist faul,
    Log-Analyse und Auswertung - 12.09.2005 (15)
  12. Bei mir ist irgendwas Faul ich weis aber nicht was
    Plagegeister aller Art und deren Bekämpfung - 03.08.2005 (8)
  13. bei mir ist was faul, nur was?
    Log-Analyse und Auswertung - 22.05.2005 (1)
  14. Bitte nochmal um Hilfe, ist da schon wieder was faul???
    Log-Analyse und Auswertung - 22.02.2005 (5)
  15. DA is was FauL! ]log hijackthis[
    Log-Analyse und Auswertung - 31.01.2005 (3)
  16. Irgendwas ist Faul bei mir....
    Log-Analyse und Auswertung - 09.01.2005 (11)
  17. Ist hier was faul ???
    Log-Analyse und Auswertung - 04.12.2004 (1)

Zum Thema ELBA Onlinebanking - da ist was faul - Grüß Euch! Habe zum ersten mal überhaupt ein Problem und bin maßlos überfordert damit.. Mein Problem ist, dass ich mich nicht mehr in mein Online Banking Konto einloggen kann. Wenn - ELBA Onlinebanking - da ist was faul...
Archiv
Du betrachtest: ELBA Onlinebanking - da ist was faul auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.