Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 7/Xort-Verschlüsselung/ Decrypter ?

Windows 7/Xort-Verschlüsselung/ Decrypter ?


Log-Analyse und Auswertung: Windows 7/Xort-Verschlüsselung/ Decrypter ?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 17.05.2016, 11:01   #1
xort_ebra
 
Windows 7/Xort-Verschlüsselung/ Decrypter ? - Standard

Windows 7/Xort-Verschlüsselung/ Decrypter ?


Hallo,

seit heute hat ein Virus alle meine Office und Bild Dateien verschlüsselt und mit der Endung .xort versehen (beisoiel.docx > beispiel.docx.xort).

ein notedatei habe ich ebenfalls:
"All Important files and information on this computer (documrnts, databases etc,) will be decrypted using a RSA cryptographic algorithm
Without special software decoding a single file with the help of the most powerful computers will take about a 20 years.
contakt an expert on email: xorthelp@yandex.ru"

Was kann ich tun? Ich habe keine Sicherungen, eig. doch aber da der Externe Festplatte auch angeschlossen war, wurde dort auch die datein mit .xort endungen verschlüsselt.

Bitte um Hilfe!

Alt 17.05.2016, 13:34   #2
M-K-D-B
/// TB-Ausbilder
 
Windows 7/Xort-Verschlüsselung/ Decrypter ? - Standard

Windows 7/Xort-Verschlüsselung/ Decrypter ?





Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!



Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!




Zuerst brauche ich einen Überblick über dein System.





Schritt 1
  • Besuche diese Seite.
  • Unter "Sample Encrypted File" klicke auf Durchsuchen.
  • Wähle eine verschlüsselte Datei aus und lade diese hoch.
  • Nach der Analyse sollte dort stehen, um welchen Verschlüsselungstrojaner es sich handelt und ob es ein Verschlüsselungsprogramm gibt oder nicht... aber ich vermute nicht.




Schritt 2
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)






Schritt 3
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.







Bitte poste mit deiner nächsten Antwort
  • eine Rückmeldung, um welche Ransomware es sich bei dir handelt und ob es einen Decrypter gibt,
  • die Logdatei von TDSS-Killer,
  • die beiden neuen Logdateien von FRST.
__________________

Geändert von M-K-D-B (17.05.2016 um 13:51 Uhr)

Alt 17.05.2016, 13:58   #3
xort_ebra
 
Windows 7/Xort-Verschlüsselung/ Decrypter ? - Standard

Windows 7/Xort-Verschlüsselung/ Decrypter ?


eine frage bevor wir damit anfangen..

soll der externe festplatte angeschlossen sein? oder muss ich es trennen?
__________________
Alt 17.05.2016, 14:09   #4
M-K-D-B
/// TB-Ausbilder
 
Windows 7/Xort-Verschlüsselung/ Decrypter ? - Standard

Windows 7/Xort-Verschlüsselung/ Decrypter ?


Zitat:
Zitat von xort_ebra Beitrag anzeigen
soll der externe festplatte angeschlossen sein? oder muss ich es trennen?
erst die externe festplatte trennen, evtl. schließen wir sie später an.

Nimm für Schritt 1 eine verschlüsselte Datei von deinem Rechner, dann sehen wir weiter.

Alt 17.05.2016, 20:39   #5
xort_ebra
 
Windows 7/Xort-Verschlüsselung/ Decrypter ? - Standard

Windows 7/Xort-Verschlüsselung/ Decrypter ?


Schritt 1
Code:
ATTFilter
	This ransomware has no known way of decrypting data at this time.

It is recommended to backup your encrypted files, and hope for a solution in the future.

Identified by

    sample_extension: .xort

Not enough information is public about Xort. Please check back later.
Schritt 2

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:16-05-2016
durchgeführt von EBRA-BAU_2 (Administrator) auf EBRA-BAU_2-PC (17-05-2016 21:26:10)
Gestartet von C:\Users\EBRA-BAU_2\Desktop
Geladene Profile: EBRA-BAU_2 (Verfügbare Profile: EBRA-BAU_2 & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
() C:\Windows\SysWOW64\spdsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 7\ouservice\StarMoneyOnlineUpdate.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 5.0\offlagent7\offlagent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8098848 2009-09-02] (Realtek Semiconductor)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-13] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-11-10] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-11-02] (Acer Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [807392 2016-03-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SMB50StarMoneyRunEntry] => C:\Program Files (x86)\StarMoney Business 5.0\app\oflagent.exe [56976 2014-02-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [SMB7StarMoneyRunEntry] => C:\Program Files (x86)\StarMoney Business 7\app\oflagent.exe [29504 2016-03-17] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\EpmNews.exe
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-04-25] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3261976053-936494240-30525120-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3261976053-936494240-30525120-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-26] (Google Inc.)
HKU\S-1-5-21-3261976053-936494240-30525120-1000\...\Run: [e1a04a3c] => C:\Users\EBRA-B~1\AppData\Local\Temp\xort.txt [439 2016-05-17] () <===== ACHTUNG
HKU\S-1-5-21-3261976053-936494240-30525120-1000\...\Run: [ed3f074a] => C:\Users\EBRA-BAU_2\Desktop\xort.txt [439 2016-05-17] ()
HKU\S-1-5-21-3261976053-936494240-30525120-1000\...\Run: [58f139df] => wscript //B //Nologo C:\Users\EBRA-B~1\AppData\Local\Temp\fbcfgrmh.js <===== ACHTUNG
HKU\S-1-5-21-3261976053-936494240-30525120-1000\...\MountPoints2: K - K:\setup.exe -a
HKU\S-1-5-21-3261976053-936494240-30525120-1000\...\MountPoints2: {54ac6923-7f4d-11e1-85db-90fba62f2c52} - F:\Startme.exe
HKU\S-1-5-21-3261976053-936494240-30525120-1000\...\MountPoints2: {91ece599-7fe5-11e2-963f-90fba62f2c52} - K:\setup.exe -a
HKU\S-1-5-21-3261976053-936494240-30525120-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Acer.scr [425984 2009-08-05] ()
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll [2009-09-10] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll [2009-09-10] (Egis Technology Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-04-04]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2015-06-09]
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{16D9B687-2E87-4861-8EE3-326CE8EA31FE}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{54FF2DFA-776E-4F86-A080-A66CDEE038A0}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{789FF292-99A5-4178-A1A0-3A04AF19AC49}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{E3E5B273-EB73-4A0E-8D8E-9BBBB4225542}: [DhcpNameServer] 192.168.2.1 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-3261976053-936494240-30525120-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP
HKU\S-1-5-21-3261976053-936494240-30525120-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x3900&r=17360310ln07974480fl53h4m1y334
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-3261976053-936494240-30525120-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3261976053-936494240-30525120-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE373DE373
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
BHO-x32: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-04-05] (Sun Microsystems, Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-04-05] (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
Toolbar: HKU\S-1-5-21-3261976053-936494240-30525120-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\EBRA-BAU_2\AppData\Roaming\Mozilla\Firefox\Profiles\qtrolvlr.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-04-05] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012-04-05] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2008-10-25] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\EBRA-BAU_2\AppData\Roaming\Mozilla\Firefox\Profiles\qtrolvlr.default\Extensions\abs@avira.com [2016-05-13]
FF Extension: Video DownloadHelper - C:\Users\EBRA-BAU_2\AppData\Roaming\Mozilla\Firefox\Profiles\qtrolvlr.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-09]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [955736 2016-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466504 2016-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466504 2016-03-11] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1212048 2015-08-27] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [280008 2016-04-25] (Avira Operations GmbH & Co. KG)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [293128 2016-03-11] (McAfee, Inc.)
S3 Microsoft Office Groove Audit Service; D:\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [202048 2010-09-07] ()
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [801472 2015-03-10] (Samsung Electronics Co., Ltd.)
R2 Samsung Printer Dianostics Service; C:\Windows\SysWOW64\\spdsvc.exe [491328 2015-11-05] ()
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [Datei ist nicht signiert]
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney Business 5.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney Business 7 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 7\ouservice\StarMoneyOnlineUpdate.exe [701760 2016-01-26] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2015-06-25] (TuneUp Software)
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154816 2016-03-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [133168 2016-03-11] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69888 2016-03-11] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [31144 2015-06-04] (TuneUp Software)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [Datei ist nicht signiert]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-17 21:26 - 2016-05-17 21:26 - 00020681 _____ C:\Users\EBRA-BAU_2\Desktop\FRST.txt
2016-05-17 21:25 - 2016-05-17 21:26 - 00000000 ____D C:\FRST
2016-05-17 21:25 - 2016-05-17 21:25 - 02382336 _____ (Farbar) C:\Users\EBRA-BAU_2\Desktop\FRST64.exe
2016-05-17 15:39 - 2016-05-17 15:41 - 00000132 _____ C:\Users\EBRA-BAU_2\Desktop\recuva.ini
2016-05-17 15:39 - 2016-05-17 15:39 - 00000000 ____D C:\Users\EBRA-BAU_2\Desktop\lang
2016-05-17 15:39 - 2015-03-27 17:50 - 04938520 _____ (Piriform Ltd) C:\Users\EBRA-BAU_2\Desktop\recuva64.exe
2016-05-17 15:39 - 2015-03-27 17:50 - 03888920 _____ (Piriform Ltd) C:\Users\EBRA-BAU_2\Desktop\recuva.exe
2016-05-17 15:39 - 2015-02-25 13:53 - 00005536 _____ C:\Users\EBRA-BAU_2\Desktop\License.txt
2016-05-17 15:39 - 2015-02-25 13:53 - 00000010 _____ C:\Users\EBRA-BAU_2\Desktop\portable.dat
2016-05-17 10:36 - 2016-05-17 10:36 - 02534406 _____ C:\Users\EBRA-BAU_2\Documents\SCAN_20160517_103610036.pdf
2016-05-17 10:18 - 2016-05-17 10:18 - 00000010 _____ C:\Users\EBRA-BAU_2\Desktop\xort.KEY
2016-05-17 09:55 - 2016-05-17 09:55 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\EBRA-BAU_2\Downloads\SpyHunter-Installer.exe
2016-05-17 08:28 - 2016-05-17 08:28 - 38566429 _____ C:\Users\EBRA-BAU_2\Downloads\Ausschreibung_18-15_VerlegenBetonstahl.zip.xort
2016-05-17 08:28 - 2016-05-17 08:28 - 37064257 _____ C:\Users\EBRA-BAU_2\Downloads\LV-Stadtfenster-Rohbau.zip.xort
2016-05-17 08:28 - 2016-05-17 08:28 - 17552002 _____ C:\Users\EBRA-BAU_2\Documents\WeTransfer-o5LR19eF.zip.xort
2016-05-17 08:28 - 2016-05-17 08:28 - 10976719 _____ C:\Users\EBRA-BAU_2\Documents\WeTransfer-9IzvFJQT.zip.xort
2016-05-17 08:28 - 2016-05-17 08:28 - 03397285 _____ C:\Users\EBRA-BAU_2\Documents\Ferenc, Bogdan Pass.JPG.xort
2016-05-17 08:28 - 2016-05-17 08:28 - 02941141 _____ C:\Users\EBRA-BAU_2\Documents\Bogdan Fernec Pass Vorderseite.JPG.xort
2016-05-17 08:28 - 2016-05-17 08:28 - 01385322 _____ C:\Users\EBRA-BAU_2\Desktop\Scan_20160414_152412.jpg.xort
2016-05-17 08:28 - 2016-05-17 08:28 - 00698275 _____ C:\Users\EBRA-BAU_2\Documents\24-08-2010 102722.jpg3.xort
2016-05-17 08:28 - 2016-05-17 08:28 - 00580167 _____ C:\Users\EBRA-BAU_2\Documents\Pass Vasile Domonco 31.03.2014.jpg.xort
2016-05-17 08:28 - 2016-05-17 08:28 - 00576854 _____ C:\Users\EBRA-BAU_2\Desktop\Ersthelfer Salim Pala.jpg.xort
2016-05-17 08:28 - 2016-05-17 08:28 - 00250684 _____ C:\Users\EBRA-BAU_2\Documents\Stopic, MIroslav.jpg.xort
2016-05-17 08:28 - 2016-05-17 08:28 - 00226983 _____ C:\Users\EBRA-BAU_2\Documents\Lauterach 1.jpg.xort
2016-05-17 08:28 - 2016-05-17 08:28 - 00202312 _____ C:\Users\EBRA-BAU_2\Documents\Lauterach3.jpg.xort
2016-05-17 08:28 - 2016-05-17 08:28 - 00198127 _____ C:\Users\EBRA-BAU_2\Documents\Lauterach2.jpg.xort
2016-05-17 08:28 - 2016-05-17 08:28 - 00144429 _____ C:\Users\EBRA-BAU_2\Documents\Lauterach5.jpg.xort
2016-05-17 08:28 - 2016-05-17 08:28 - 00137029 _____ C:\Users\EBRA-BAU_2\Documents\Lauterach4.jpg.xort
2016-05-17 08:28 - 2016-05-17 08:28 - 00130540 _____ C:\Users\EBRA-BAU_2\Downloads\Foto.JPG.xort
2016-05-17 08:28 - 2016-05-17 08:28 - 00116752 _____ C:\Users\EBRA-BAU_2\Downloads\kehrwoche-600x450.jpg.xort
2016-05-17 08:28 - 2016-05-17 08:28 - 00114392 _____ C:\Users\EBRA-BAU_2\Downloads\Plakat BZS.jpg.xort
2016-05-17 08:28 - 2016-05-17 08:28 - 00035927 _____ C:\Users\EBRA-BAU_2\Downloads\DSHV 001.jpg.xort
2016-05-17 08:28 - 2016-05-17 08:28 - 00034807 _____ C:\Users\EBRA-BAU_2\Downloads\GEZ.jpg.xort
2016-05-17 08:28 - 2016-05-17 08:28 - 00025455 _____ C:\Users\EBRA-BAU_2\Downloads\DSHV 002.jpg.xort
2016-05-17 08:28 - 2016-05-17 08:28 - 00023096 _____ C:\Users\EBRA-BAU_2\Documents\Passbild Domonco 31.03.2014.jpg.xort
2016-05-17 08:28 - 2016-05-17 08:28 - 00011650 _____ C:\Users\EBRA-BAU_2\Documents\Passbild Vasile 31.03.2014.jpg.xort
2016-05-17 08:28 - 2016-05-17 08:28 - 00008664 _____ C:\Users\EBRA-BAU_2\Downloads\image001.jpg.xort
2016-05-17 08:28 - 2016-05-17 08:28 - 00003298 _____ C:\Users\EBRA-BAU_2\Downloads\wc.jpg.xort
2016-05-17 08:28 - 2016-05-17 08:28 - 00000231 _____ C:\Users\EBRA-BAU_2\Downloads\wetransfer-2bdcd2.zip.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 06726880 _____ C:\Users\EBRA-BAU_2\Downloads\Klausur M2 WS12.pdf
2016-05-17 08:21 - 2016-05-17 08:21 - 06000050 _____ C:\Users\EBRA-BAU_2\Documents\Meldungen Arbeitnehmer Arbeitserlaubnis Kroaten.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 04767647 _____ C:\Users\EBRA-BAU_2\Documents\Lohnabrechnungen ZEitarbeit 18.06.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 04039504 _____ C:\Users\EBRA-BAU_2\Documents\Krankmeldungen 2012 + 2013.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 03775868 _____ C:\Users\EBRA-BAU_2\Documents\Vertrag Reinigungsfirma 30.01.2015.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 03264403 _____ C:\Users\EBRA-BAU_2\Documents\Belege 15.10.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 03249054 _____ C:\Users\EBRA-BAU_2\Documents\Angebot Dekant Sporthalle Lauffen 15.10.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 03197601 _____ C:\Users\EBRA-BAU_2\Documents\Langer Sieg Arbeitsvertrag 30.04.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 03146558 _____ C:\Users\EBRA-BAU_2\Documents\Dannemann Unterschriften 30.10.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 02965904 _____ C:\Users\EBRA-BAU_2\Documents\Angebot GS KV Terminal Mannheim 14.10.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 02510005 _____ C:\Users\EBRA-BAU_2\Documents\Strabag Rail Lauda.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 02206666 _____ C:\Users\EBRA-BAU_2\Documents\porr.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01926506 _____ C:\Users\EBRA-BAU_2\Documents\Porr Angebot Prager Carre neu.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01791954 _____ C:\Users\EBRA-BAU_2\Documents\Lohnabrechnungen Schotten 04.06.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01763335 _____ C:\Users\EBRA-BAU_2\Documents\Angebot DA0311B Bam 25.04.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01639638 _____ C:\Users\EBRA-BAU_2\Documents\Arbeitsvertrag Csomor Ladislav 24.03.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01633807 _____ C:\Users\EBRA-BAU_2\Documents\ARbeitsvertrag Peter Breuer 14.05.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01623627 _____ C:\Users\EBRA-BAU_2\Documents\Arbeitsvertrag Wolfgang Rettig 14.03.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01617448 _____ C:\Users\EBRA-BAU_2\Documents\Arbeitsvertrag Nadasi 26.03.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01612337 _____ C:\Users\EBRA-BAU_2\Documents\Arbeitsvertrag Gyongyosi 26.03.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01608663 _____ C:\Users\EBRA-BAU_2\Documents\Arbeitsvertrag Weiss 17.04.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01595951 _____ C:\Users\EBRA-BAU_2\Documents\Arbeitsvertrag Henne, MArek 20.05.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01590842 _____ C:\Users\EBRA-BAU_2\Documents\Arbeitsvertrag Bernd Langer 17.04.2015.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01590390 _____ C:\Users\EBRA-BAU_2\Documents\Arbeitsvertrag 19.05.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01587368 _____ C:\Users\EBRA-BAU_2\Documents\ARebitsvertrag Chludek, Norbert 20.05.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01583062 _____ C:\Users\EBRA-BAU_2\Documents\Arbeitsvertrag Bernd Sieg 17.05.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01513402 _____ C:\Users\EBRA-BAU_2\Documents\Meldung ZKO 18.09.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01490985 _____ C:\Users\EBRA-BAU_2\Documents\Rentenbescheide Familie Angun.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01489457 _____ C:\Users\EBRA-BAU_2\Documents\Vertrag IuR GmbH 18.09.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01474395 _____ C:\Users\EBRA-BAU_2\Documents\Rechnung Flexjob 08.05.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01362421 _____ C:\Users\EBRA-BAU_2\Documents\RE958, 19. AZ.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01351182 _____ C:\Users\EBRA-BAU_2\Documents\Angebot Strabag HEAG 06.11.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01342201 _____ C:\Users\EBRA-BAU_2\Documents\RE965.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01235651 _____ C:\Users\EBRA-BAU_2\Documents\Porr Angebot Prager Carre.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01222373 _____ C:\Users\EBRA-BAU_2\Documents\WM Angebot HRB Stetten 29.01.2015.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01199467 _____ C:\Users\EBRA-BAU_2\Documents\A1 Mehmed, Murad 13.10.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01197453 _____ C:\Users\EBRA-BAU_2\Documents\A1 AK4.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01197422 _____ C:\Users\EBRA-BAU_2\Documents\A1 AK3.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01195937 _____ C:\Users\EBRA-BAU_2\Documents\Rechnungen Betz.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01192944 _____ C:\Users\EBRA-BAU_2\Documents\A1 AK2.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01190959 _____ C:\Users\EBRA-BAU_2\Documents\Angebot Porr Arena Boulevard Berlin 22.04.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01184946 _____ C:\Users\EBRA-BAU_2\Documents\A1 Rehan, Idriz 01.10.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01184112 _____ C:\Users\EBRA-BAU_2\Documents\DKV 31.05.2015 ER2205.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01179298 _____ C:\Users\EBRA-BAU_2\Documents\A1 AK1.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01172805 _____ C:\Users\EBRA-BAU_2\Documents\A1 Stopic, Miroslav 29.10.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01120271 _____ C:\Users\EBRA-BAU_2\Desktop\Scan_20160408_151236.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01083828 _____ C:\Users\EBRA-BAU_2\Documents\Postille.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01064123 _____ C:\Users\EBRA-BAU_2\Documents\Soka Erinnerung 06.10.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 01008474 _____ C:\Users\EBRA-BAU_2\Documents\RE989 TZA 23. AZ.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00974761 _____ C:\Users\EBRA-BAU_2\Documents\RE995 TZA 24. AZ.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00966021 _____ C:\Users\EBRA-BAU_2\Documents\Lohnabrechnung Kostrzewa undNartowicz.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00923713 _____ C:\Users\EBRA-BAU_2\Documents\RE1019 TZA Tagelohn.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00922959 _____ C:\Users\EBRA-BAU_2\Documents\RE1008 26. AZ TZA.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00904437 _____ C:\Users\EBRA-BAU_2\Documents\Schotten Mahnverfahren 22.10.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00893721 _____ C:\Users\EBRA-BAU_2\Documents\Belege Teil 2 15.10.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00888754 _____ C:\Users\EBRA-BAU_2\Documents\Gewerbezentralregister Adresse Neu.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00884021 _____ C:\Users\EBRA-BAU_2\Documents\Oakstead Shire Horse Show.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00862361 _____ C:\Users\EBRA-BAU_2\Documents\RE956.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00860655 _____ C:\Users\EBRA-BAU_2\Documents\RE1025 TZA 27. AZ.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00851551 _____ C:\Users\EBRA-BAU_2\Documents\Meldung Dyrc 01.07.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00839707 _____ C:\Users\EBRA-BAU_2\Documents\RE968 Straub.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00837988 _____ C:\Users\EBRA-BAU_2\Documents\Mobilfunkantrag.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00833420 _____ C:\Users\EBRA-BAU_2\Downloads\BW_Baugenehmigung_ausfuellen3367877.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00824243 _____ C:\Users\EBRA-BAU_2\Documents\BW_Baugenehmigung_nurAusdruck3367767.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00824120 _____ C:\Users\EBRA-BAU_2\Documents\RE953.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00823581 _____ C:\Users\EBRA-BAU_2\Documents\AXA Rentenversicherung 17.01.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00806746 _____ C:\Users\EBRA-BAU_2\Documents\Stunden KW15 Inselhalle.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00801701 _____ C:\Users\EBRA-BAU_2\Documents\RE955.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00788045 _____ C:\Users\EBRA-BAU_2\Downloads\Bescheinigung.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00786820 _____ C:\Users\EBRA-BAU_2\Documents\KFZ Brief MOS-QO 401 Renault Trafic 04.02.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00784168 _____ C:\Users\EBRA-BAU_2\Documents\Unterlagen.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00767817 _____ C:\Users\EBRA-BAU_2\Documents\RE1002.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00756701 _____ C:\Users\EBRA-BAU_2\Documents\MOS -QO 401.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00742381 _____ C:\Users\EBRA-BAU_2\Documents\MOS-HO 111.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00740029 _____ C:\Users\EBRA-BAU_2\Documents\KFZ Brief MOS-QT210.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00739191 _____ C:\Users\EBRA-BAU_2\Documents\RE969 Spiess.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00734945 _____ C:\Users\EBRA-BAU_2\Documents\Kfz Brief MOS-QO 517 BMW 29.10.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00730096 _____ C:\Users\EBRA-BAU_2\Documents\RE1007 MA Tautenhofen Tagelohn.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00724244 _____ C:\Users\EBRA-BAU_2\Documents\Miko Rechnung Nr. 909154 vom 13.02.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00703786 _____ C:\Users\EBRA-BAU_2\Documents\RE970 ES Dachbau (2).pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00684234 _____ C:\Users\EBRA-BAU_2\Documents\RE1021 Tagelohn TZA.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00681877 _____ C:\Users\EBRA-BAU_2\Documents\Spende.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00670583 _____ C:\Users\EBRA-BAU_2\Documents\Auszug Handelsregister.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00670042 _____ C:\Users\EBRA-BAU_2\Documents\Arbeitsgenehmigung EU Stopic 29.10.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00668444 _____ C:\Users\EBRA-BAU_2\Documents\Antrag Sonntagsarbeit 28.11.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00667604 _____ C:\Users\EBRA-BAU_2\Documents\AXA Versicherung 29.07.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00663035 _____ C:\Users\EBRA-BAU_2\Documents\Mieterselbstauskunft 16.04.2013.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00650279 _____ C:\Users\EBRA-BAU_2\Documents\A1 Miroslav, Stopic.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00645288 _____ C:\Users\EBRA-BAU_2\Documents\A1 genehmigt Murad Mehmed 13.10.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00645163 _____ C:\Users\EBRA-BAU_2\Documents\Storno Auftrag.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00629445 _____ C:\Users\EBRA-BAU_2\Documents\Antrag 25.11.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00625859 _____ C:\Users\EBRA-BAU_2\Documents\ENBW 12.06.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00624831 _____ C:\Users\EBRA-BAU_2\Documents\Meldung DSHV Leverkusen.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00618308 _____ C:\Users\EBRA-BAU_2\Documents\KFZ-Brief MOS-EH557.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00616904 _____ C:\Users\EBRA-BAU_2\Documents\UTA Neukundenantrag.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00613086 _____ C:\Users\EBRA-BAU_2\Documents\KFZ-Brief BCH - H 52.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00574251 _____ C:\Users\EBRA-BAU_2\Documents\OPOS Oka22.12.14.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00564606 _____ C:\Users\EBRA-BAU_2\Documents\Re-Nr. 1184 Milei Tagelohn.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00559921 _____ C:\Users\EBRA-BAU_2\Documents\Re-Nr. 983.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00557922 _____ C:\Users\EBRA-BAU_2\Documents\RE1003.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00547509 _____ C:\Users\EBRA-BAU_2\Documents\RE991.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00534509 _____ C:\Users\EBRA-BAU_2\Documents\RE1004.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00531936 _____ C:\Users\EBRA-BAU_2\Documents\RE986 TZA Tagelohn.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00529255 _____ C:\Users\EBRA-BAU_2\Documents\Einkommensbescheinigung Arslan Bayram 18.08.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00516217 _____ C:\Users\EBRA-BAU_2\Documents\RE984 Schlude.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00505277 _____ C:\Users\EBRA-BAU_2\Documents\RE1010 Zeppelin Tagelohn.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00495263 _____ C:\Users\EBRA-BAU_2\Documents\RE988 TZA Tagelohn.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00488242 _____ C:\Users\EBRA-BAU_2\Documents\RE1009 TZA Tagelohn.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00483970 _____ C:\Users\EBRA-BAU_2\Documents\RE967.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00478167 _____ C:\Users\EBRA-BAU_2\Documents\tur, Ali 0414.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00474371 _____ C:\Users\EBRA-BAU_2\Documents\RE1023 Zeppelin Uni Tagelohn.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00473864 _____ C:\Users\EBRA-BAU_2\Documents\RE971 Kutscher.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00473301 _____ C:\Users\EBRA-BAU_2\Documents\RE992.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00471836 _____ C:\Users\EBRA-BAU_2\Documents\UB BG Bau und soka 07.07.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00470076 _____ C:\Users\EBRA-BAU_2\Documents\RE1026 Zeppelin Uni Tagelohn.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00469574 _____ C:\Users\EBRA-BAU_2\Documents\RE1024 GWG Lindau Tagelohn.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00466880 _____ C:\Users\EBRA-BAU_2\Documents\RE994 TZA Tagelohn.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00458442 _____ C:\Users\EBRA-BAU_2\Documents\RE954.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00453317 _____ C:\Users\EBRA-BAU_2\Documents\RE993.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00447671 _____ C:\Users\EBRA-BAU_2\Documents\RE959.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00446305 _____ C:\Users\EBRA-BAU_2\Documents\RE966.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00443227 _____ C:\Users\EBRA-BAU_2\Documents\RE998.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00440344 _____ C:\Users\EBRA-BAU_2\Documents\MOS-QO 517 Fahrzeugschein.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00434234 _____ C:\Users\EBRA-BAU_2\Documents\Jobcenter 25.06.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00434226 _____ C:\Users\EBRA-BAU_2\Documents\Rechnung Touareg.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00432322 _____ C:\Users\EBRA-BAU_2\Documents\RE1020 Zeppelin Uni Tagelohn.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00427209 _____ C:\Users\EBRA-BAU_2\Downloads\Report0c79370c-c8d6-4e75-9445-6c5d7371df2c.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00427127 _____ C:\Users\EBRA-BAU_2\Downloads\Report8dd85ebd-0fc8-40b3-9aea-950eb3551a83.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00427092 _____ C:\Users\EBRA-BAU_2\Downloads\SS14.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00420693 _____ C:\Users\EBRA-BAU_2\Documents\Sonntagsarbeit 07.und 21.12.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00411453 _____ C:\Users\EBRA-BAU_2\Documents\RE999.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00397750 _____ C:\Users\EBRA-BAU_2\Documents\RE1001.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00397480 _____ C:\Users\EBRA-BAU_2\Downloads\EBA RSE.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00388922 _____ C:\Users\EBRA-BAU_2\Documents\RE1000.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00384842 _____ C:\Users\EBRA-BAU_2\Documents\RE1017 Tautenhofen Tagelohn.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00364012 _____ C:\Users\EBRA-BAU_2\Desktop\Freistellungsbescheinigung 2014 - 2016.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00355400 _____ C:\Users\EBRA-BAU_2\Documents\SEPA Firmenlastschriftmandat UTA.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00354769 _____ C:\Users\EBRA-BAU_2\Documents\Anmeldung Hohebach 15.05.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00347200 _____ C:\Users\EBRA-BAU_2\Documents\Handelsregisterauszug vom 20.01.2015.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00346447 _____ C:\Users\EBRA-BAU_2\Documents\Re-Nr. 9053656 Bad 1a 05.02.2013.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00344498 _____ C:\Users\EBRA-BAU_2\Documents\UB BG Bau 17.03.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00341951 _____ C:\Users\EBRA-BAU_2\Documents\UB AOK 25.06.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00325517 _____ C:\Users\EBRA-BAU_2\Documents\Spende Yvette Riegel.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00325103 _____ C:\Users\EBRA-BAU_2\Downloads\Kundenauftrag 0000079189.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00319114 _____ C:\Users\EBRA-BAU_2\Documents\BG Bau UB 19.01.2015.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00315865 _____ C:\Users\EBRA-BAU_2\Documents\ARGE Liebherr Lindenberg Stunden.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00313661 _____ C:\Users\EBRA-BAU_2\Documents\Kutter Angebot 10.10.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00311175 _____ C:\Users\EBRA-BAU_2\Documents\Soka 16.09.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00298740 _____ C:\Users\EBRA-BAU_2\Documents\IKK Classic.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00288696 _____ C:\Users\EBRA-BAU_2\Documents\Bescheinigung Finanzamt Mosbach 21.11.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00286921 _____ C:\Users\EBRA-BAU_2\Documents\Paket Jeschonnek 18.02.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00285115 _____ C:\Users\EBRA-BAU_2\Documents\Sofortmeldung Dircz 05.05.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00280681 _____ C:\Users\EBRA-BAU_2\Documents\KFZ-Versicherung MOS-HB 520 23.12.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00279052 _____ C:\Users\EBRA-BAU_2\Documents\sonntagsarbeit 07.und21.12.2014 seite 02.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00258064 _____ C:\Users\EBRA-BAU_2\Documents\officediscount REchnung.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00248656 _____ C:\Users\EBRA-BAU_2\Documents\AR 857, 49. AZ.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00241947 _____ C:\Users\EBRA-BAU_2\Documents\Angebot Glass Weilheim Aldi 05.05.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00238762 _____ C:\Users\EBRA-BAU_2\Documents\AR 1110, Tagelohn.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00237913 _____ C:\Users\EBRA-BAU_2\Documents\AR 752, Tagelohn.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00237722 _____ C:\Users\EBRA-BAU_2\Documents\AR 745, Tagelohn.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00236758 _____ C:\Users\EBRA-BAU_2\Documents\AR 1121, Tagelohn.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00235757 _____ C:\Users\EBRA-BAU_2\Documents\AR 990, Schlussrechnung.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00229683 _____ C:\Users\EBRA-BAU_2\Documents\UB Soka 16.05.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00227207 _____ C:\Users\EBRA-BAU_2\Downloads\Sieltec-Preisliste+Januar-2012-1(1).pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00227202 _____ C:\Users\EBRA-BAU_2\Downloads\Sieltec-Preisliste+Januar-2012-1.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00218904 _____ C:\Users\EBRA-BAU_2\Documents\RE948.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00218084 _____ C:\Users\EBRA-BAU_2\Downloads\img010.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00214536 _____ C:\Users\EBRA-BAU_2\Documents\RE962.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00206111 _____ C:\Users\EBRA-BAU_2\Downloads\kuendigung-kabelfernsehen.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00203722 _____ C:\Users\EBRA-BAU_2\Documents\RE939a.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00197568 _____ C:\Users\EBRA-BAU_2\Downloads\MB7-Beschaeftigung-ausl-AN.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00195067 _____ C:\Users\EBRA-BAU_2\Documents\Schreiben Rettig 09.09.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00193856 _____ C:\Users\EBRA-BAU_2\Documents\Stundenzettel EBRA BAu GmbH.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00193698 _____ C:\Users\EBRA-BAU_2\Documents\Personalstammblatt Lajos, Kokowai 20.05.2015.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00189038 _____ C:\Users\EBRA-BAU_2\Documents\Personalstammblatt Zielienski, Zbigniew.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00188296 _____ C:\Users\EBRA-BAU_2\Documents\Beleg DSHV 17.09.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00186280 _____ C:\Users\EBRA-BAU_2\Documents\Personalstammblatt Fortuniak, Riszard.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00186068 _____ C:\Users\EBRA-BAU_2\Documents\Personalstammblatt Lajos, Takaro 20.05.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00180545 _____ C:\Users\EBRA-BAU_2\Documents\Personalstammblatt Laposi, Janos 22.05.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00179718 _____ C:\Users\EBRA-BAU_2\Documents\Kontoauszug Postbank 17.01.2013.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00179296 _____ C:\Users\EBRA-BAU_2\Documents\Suranyi, Balazs Personalstammblatt.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00169396 _____ C:\Users\EBRA-BAU_2\Downloads\Mobilfunkantrag_1067975.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00163819 _____ C:\Users\EBRA-BAU_2\Documents\DSHV HAusverbot 25.07.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00159018 _____ C:\Users\EBRA-BAU_2\Downloads\Anlage_3.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00129944 _____ C:\Users\EBRA-BAU_2\Documents\Pass Buciuta 07.05.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00116245 _____ C:\Users\EBRA-BAU_2\Documents\Zeitarbeit Rechnungsausgang 01.08.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00108508 _____ C:\Users\EBRA-BAU_2\Documents\Ausgangsrechnungen dezember.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00107866 _____ C:\Users\EBRA-BAU_2\Downloads\Auftragsbestaetigung_1117792.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00104839 _____ C:\Users\EBRA-BAU_2\Documents\Kehrwoche.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00095290 _____ C:\Users\EBRA-BAU_2\Documents\Ausgangsrechnungen.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00078744 _____ C:\Users\EBRA-BAU_2\Documents\Eckbank.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00075212 _____ C:\Users\EBRA-BAU_2\Documents\Ilkay Keskin Vollmacht.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00064481 _____ C:\Users\EBRA-BAU_2\Downloads\Visualisierungpdf.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00064067 _____ C:\Users\EBRA-BAU_2\Documents\ZKO Zusatz MEhmed, Murad 13.10.2014.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00048313 _____ C:\Users\EBRA-BAU_2\Downloads\Mitteilung_31341400_vom_01.11.2013_20140120091010.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00042434 _____ C:\Users\EBRA-BAU_2\Downloads\bpf-ellwangen-2014_vorlaeufige_zeiteinteilung_v21.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00038505 _____ C:\Users\EBRA-BAU_2\Downloads\Innenplastik_TMB_D.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00033266 _____ C:\Users\EBRA-BAU_2\Downloads\Formular zur Rufnummernmitnahme.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00032197 _____ C:\Users\EBRA-BAU_2\Documents\ArbZG_Bewillig_Sonnt_Antrag.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00030826 _____ C:\Users\EBRA-BAU_2\Downloads\Umsatz__20130509_125958.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00030809 _____ C:\Users\EBRA-BAU_2\Downloads\Umsatz__20131225_150706.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00020591 _____ C:\Users\EBRA-BAU_2\Downloads\PB_Umsatzauskunft_KtoNr0749955854_15-04-2013_0931.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00018299 _____ C:\Users\EBRA-BAU_2\Downloads\M003004.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00015251 _____ C:\Users\EBRA-BAU_2\Downloads\PB_KAZ_KtoNr_0749955854_03-01-2014_1055.pdf.xort
2016-05-17 08:21 - 2016-05-17 08:21 - 00004131 _____ C:\Users\EBRA-BAU_2\Downloads\0 Angebot Ecora GmbH.PDF.xort
2016-05-17 08:15 - 2016-05-17 10:18 - 00001494 _____ C:\Users\EBRA-BAU_2\AppData\Roaming\xort.KEY
2016-05-17 08:15 - 2016-05-17 08:15 - 00091984 _____ C:\Users\EBRA-BAU_2\AppData\Roaming\CONFIRMATION.KEY
2016-05-17 08:15 - 2016-05-17 08:15 - 00077710 _____ C:\Users\EBRA-BAU_2\Documents\Kopie von Leistungsstand 31 05 10.xls.xort
2016-05-17 08:15 - 2016-05-17 08:15 - 00036546 _____ C:\Users\EBRA-BAU_2\Documents\Kopie von Ministerium.xls.xort
2016-05-17 08:15 - 2016-05-17 08:15 - 00031783 _____ C:\Users\EBRA-BAU_2\Documents\15-08-02 Milei Leutkirch, Stundenlohn.docx.xort
2016-05-17 08:15 - 2016-05-17 08:15 - 00029991 _____ C:\Users\EBRA-BAU_2\Documents\Ausgangsrechnungen.xlsx.xort
2016-05-17 08:15 - 2016-05-17 08:15 - 00026080 _____ C:\Users\EBRA-BAU_2\Documents\Stundennachweise 2011.xlsx.xort
2016-05-17 08:15 - 2016-05-17 08:15 - 00022849 _____ C:\Users\EBRA-BAU_2\Documents\Ebra Ltd, Bewerbungsbrief.doc.xort
2016-05-17 08:15 - 2016-05-17 08:15 - 00022784 _____ C:\Users\EBRA-BAU_2\Documents\HAutpzollamt KArlsruhe Herr Grimm 07.04.2011.doc.xort
2016-05-17 08:15 - 2016-05-17 08:15 - 00010694 _____ C:\Users\EBRA-BAU_2\Documents\Kopie von 15 08 07 OB.xlsx.xort
2016-05-17 08:15 - 2016-05-17 08:15 - 00005851 _____ C:\Users\EBRA-BAU_2\Documents\Kopie von Mehmed Dzhengiz.xls.xort
2016-05-17 08:15 - 2016-05-17 08:15 - 00001341 _____ C:\Users\EBRA-BAU_2\Desktop\00088.KEY
2016-05-17 08:15 - 2016-05-17 08:15 - 00000439 _____ C:\Users\EBRA-BAU_2\Desktop\xort.txt
2016-05-17 08:14 - 2016-05-17 08:15 - 00000000 ____D C:\Users\EBRA-BAU_2\AppData\Roaming\gnupg
2016-05-11 09:02 - 2016-04-23 19:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 09:02 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-11 09:02 - 2016-04-23 07:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 09:02 - 2016-04-23 07:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-11 09:02 - 2016-04-23 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-11 09:02 - 2016-04-23 07:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-11 09:02 - 2016-04-23 07:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 09:02 - 2016-04-23 07:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 09:02 - 2016-04-23 07:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-11 09:02 - 2016-04-23 07:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-11 09:02 - 2016-04-23 07:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-11 09:02 - 2016-04-23 06:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-11 09:02 - 2016-04-23 06:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-11 09:02 - 2016-04-23 06:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-11 09:02 - 2016-04-23 06:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 09:02 - 2016-04-23 06:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-11 09:02 - 2016-04-23 06:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-11 09:02 - 2016-04-23 06:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-11 09:02 - 2016-04-23 06:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 09:02 - 2016-04-23 06:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-11 09:02 - 2016-04-23 06:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-11 09:02 - 2016-04-23 06:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-11 09:02 - 2016-04-23 06:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-11 09:02 - 2016-04-23 06:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-11 09:02 - 2016-04-23 06:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-11 09:02 - 2016-04-23 06:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-11 09:02 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-11 09:02 - 2016-04-23 06:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-11 09:02 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 09:02 - 2016-04-23 06:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 09:02 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 09:02 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-11 09:02 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-11 09:02 - 2016-04-23 06:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 09:02 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-11 09:02 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-11 09:02 - 2016-04-23 06:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-11 09:02 - 2016-04-23 06:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 09:02 - 2016-04-23 06:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 09:02 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 09:02 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-11 09:02 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-11 09:02 - 2016-04-23 06:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 09:02 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-11 09:02 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 09:02 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-11 09:02 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-11 09:02 - 2016-04-23 05:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 09:02 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-11 09:02 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-11 09:02 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-11 09:02 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-11 09:02 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-11 09:02 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-11 09:02 - 2016-04-23 05:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 09:02 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-11 09:02 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 09:02 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-11 09:02 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 09:02 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 09:02 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-11 09:02 - 2016-04-23 05:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 09:02 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 09:02 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 09:02 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 09:02 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-11 09:02 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 09:02 - 2016-04-14 15:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 09:02 - 2016-04-09 09:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 09:02 - 2016-04-09 09:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 09:02 - 2016-04-09 08:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 09:02 - 2016-04-09 08:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 09:02 - 2016-04-09 08:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 09:02 - 2016-04-09 08:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 09:02 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-11 09:02 - 2016-04-09 07:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 09:02 - 2016-04-06 17:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 09:02 - 2016-03-09 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-11 09:02 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-11 09:01 - 2016-04-09 09:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 09:01 - 2016-04-09 09:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 09:01 - 2016-04-09 09:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 09:01 - 2016-04-09 09:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 09:01 - 2016-04-09 09:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 09:01 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-11 09:01 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-11 09:01 - 2016-04-09 08:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 09:01 - 2016-04-09 08:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 09:01 - 2016-04-09 08:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 09:01 - 2016-04-09 08:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-11 09:01 - 2016-04-09 08:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 09:01 - 2016-04-09 08:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-11 09:01 - 2016-04-09 08:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-11 09:01 - 2016-04-09 08:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 09:01 - 2016-04-09 08:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 09:01 - 2016-04-09 08:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 09:01 - 2016-04-09 08:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 09:01 - 2016-04-09 08:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 09:01 - 2016-04-09 08:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 09:01 - 2016-04-09 08:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 09:01 - 2016-04-09 08:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 09:01 - 2016-04-09 08:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 07:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 09:01 - 2016-04-09 07:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 09:01 - 2016-04-09 07:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 09:01 - 2016-04-09 07:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 09:01 - 2016-04-09 07:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-11 09:01 - 2016-04-09 07:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 09:01 - 2016-04-09 07:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 09:01 - 2016-04-09 07:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 09:01 - 2016-04-09 07:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 09:01 - 2016-04-09 07:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 09:01 - 2016-04-09 07:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 09:01 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-11 09:01 - 2016-04-09 07:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-11 09:01 - 2016-04-09 07:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-11 09:01 - 2016-04-09 07:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-11 09:01 - 2016-04-09 07:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-11 09:01 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-11 09:01 - 2016-04-09 07:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 07:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 07:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 07:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-11 09:01 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 09:01 - 2016-04-09 05:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-09 09:36 - 2016-05-09 09:36 - 00020118 _____ C:\Users\EBRA-BAU_2\Documents\SEPA-22221-2016_04-908-Lohn_Gehalt.xml
2016-05-06 10:00 - 2016-05-06 11:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-17 21:22 - 2009-07-14 07:13 - 01629348 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-17 21:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-05-17 21:22 - 2007-10-10 22:58 - 00702942 _____ C:\Windows\system32\perfh007.dat
2016-05-17 21:22 - 2007-10-10 22:58 - 00150582 _____ C:\Windows\system32\perfc007.dat
2016-05-17 21:17 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-17 21:17 - 2007-10-10 13:13 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-17 21:10 - 2009-07-14 06:45 - 00018512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-17 21:10 - 2009-07-14 06:45 - 00018512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-17 16:22 - 2016-02-12 09:13 - 00002129 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-05-17 13:37 - 2012-04-19 07:50 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-17 13:08 - 2010-03-31 21:01 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-17 11:25 - 2015-04-07 17:02 - 00000000 ____D C:\Users\EBRA-BAU_2\Desktop\Haus Ansichten
2016-05-17 10:15 - 2010-03-31 21:01 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-17 10:08 - 2012-01-16 10:54 - 00000000 ____D C:\Program Files\svnet
2016-05-17 08:28 - 2015-04-07 17:07 - 00000000 ____D C:\Users\EBRA-BAU_2\Desktop\Unfall v.07.04.2015
2016-05-17 08:28 - 2015-02-03 10:15 - 00000000 ____D C:\Users\EBRA-BAU_2\Documents\Scan
2016-05-17 08:28 - 2012-10-14 17:55 - 00000000 ____D C:\Users\EBRA-BAU_2\Desktop\Privat
2016-05-17 08:28 - 2011-04-08 13:15 - 00000000 ____D C:\Users\EBRA-BAU_2\Documents\Eigene Scans
2016-05-17 08:21 - 2010-12-28 15:37 - 00000000 ____D C:\Users\EBRA-BAU_2\Desktop\mails
2016-05-17 08:21 - 2007-10-10 13:13 - 00000000 ____D C:\book
2016-05-17 08:07 - 2010-03-31 21:04 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CB54B3F4-C324-4606-8AB2-E3EEEDF79FF7}
2016-05-14 19:07 - 2015-09-03 12:05 - 00001142 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-05-14 19:07 - 2014-08-08 09:40 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-14 19:07 - 2013-08-10 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-05-13 09:37 - 2012-04-19 07:50 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-13 09:37 - 2012-04-19 07:50 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-13 09:37 - 2011-06-15 07:53 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-12 11:07 - 2014-12-11 09:03 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-12 09:14 - 2016-02-12 09:13 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-12 09:14 - 2014-12-29 15:19 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-12 08:20 - 2015-05-21 08:33 - 00000000 ____D C:\Program Files (x86)\StarMoney Business 7
2016-05-12 08:13 - 2009-07-14 06:45 - 00421776 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-12 08:11 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 14:32 - 2015-07-08 10:05 - 00000000 ____D C:\Windows\system32\MRT
2016-05-11 14:25 - 2010-04-10 14:07 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-11 09:03 - 2010-03-31 21:01 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 09:03 - 2010-03-31 21:01 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-08 19:58 - 2012-04-26 08:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-06 13:09 - 2015-04-06 15:59 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-06 13:09 - 2015-04-06 15:59 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-06 09:11 - 2010-03-31 20:50 - 00000000 ____D C:\Users\EBRA-BAU_2\AppData\Local\Google
2016-04-27 09:42 - 2011-10-04 08:31 - 01874432 ___SH C:\Users\EBRA-BAU_2\Documents\Thumbs.db
2016-04-26 12:58 - 2011-02-07 17:38 - 01602692 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-04-20 09:42 - 2015-06-15 10:20 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-04-17 18:40 - 2010-12-28 18:05 - 00000000 ____D C:\Users\EBRA-BAU_2\AppData\Local\ElevatedDiagnostics

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-10-16 14:03 - 2015-12-08 11:23 - 34119680 _____ () C:\Program Files (x86)\RechnungsprofiHandwerker.mde
2008-03-18 14:04 - 2008-03-18 14:04 - 0106496 _____ () C:\Program Files (x86)\System.mdw
2009-11-26 19:31 - 2009-02-10 22:23 - 0192484 _____ () C:\Program Files (x86)\Common Files\Acer GameZone online.ico
2016-05-17 08:15 - 2016-05-17 08:15 - 0091984 _____ () C:\Users\EBRA-BAU_2\AppData\Roaming\CONFIRMATION.KEY
2015-07-14 11:17 - 2015-07-14 11:17 - 0000600 _____ () C:\Users\EBRA-BAU_2\AppData\Roaming\winscp.rnd
2013-06-02 14:58 - 2014-05-14 12:36 - 0000150 _____ () C:\Users\EBRA-BAU_2\AppData\Roaming\wklnhst.dat
2016-05-17 08:15 - 2016-05-17 10:18 - 0001494 _____ () C:\Users\EBRA-BAU_2\AppData\Roaming\xort.KEY
2011-03-08 10:39 - 2011-03-08 10:39 - 0004096 ____H () C:\Users\EBRA-BAU_2\AppData\Local\keyfile3.drm
2012-07-18 11:22 - 2012-07-18 11:22 - 0000057 _____ () C:\ProgramData\Ament.ini
2007-10-10 13:14 - 2007-10-10 13:16 - 0008444 _____ () C:\ProgramData\ArcadeDeluxe3.log
2009-11-26 19:31 - 2009-07-18 04:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe
2011-02-02 10:17 - 2014-06-02 17:28 - 0006145 _____ () C:\ProgramData\hpzinstall.log

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\EBRA-B~1\AppData\Local\Temp\xort.txt


Einige Dateien in TEMP:
====================
C:\Users\EBRA-BAU_2\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-06 09:42

==================== Ende von FRST.txt ============================
=========[/CODE]


Alt 17.05.2016, 20:40   #6
xort_ebra
 
Windows 7/Xort-Verschlüsselung/ Decrypter ? - Standard

Windows 7/Xort-Verschlüsselung/ Decrypter ?


Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:16-05-2016
durchgeführt von EBRA-BAU_2 (2016-05-17 21:26:39)
Gestartet von C:\Users\EBRA-BAU_2\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-03-31 18:46:25)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3261976053-936494240-30525120-500 - Administrator - Disabled)
EBRA-BAU_2 (S-1-5-21-3261976053-936494240-30525120-1000 - Administrator - Enabled) => C:\Users\EBRA-BAU_2
Gast (S-1-5-21-3261976053-936494240-30525120-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3261976053-936494240-30525120-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-3261976053-936494240-30525120-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.2.7110 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.2.7110 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.2.19 - NewTech Infosystems)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.2.0812 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20039 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Connect 9 Add-in (HKU\S-1-5-21-3261976053-936494240-30525120-1000\...\Adobe Connect 9 Add-in) (Version: 11,9,972,8 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{bfb60b68-92b8-481b-b416-7e05b4ea01c9}) (Version: 1.1.61.18979 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.61.18979 - Avira Operations GmbH & Co. KG) Hidden
Backup Manager Advance (x32 Version: 2.0.2.19 - NewTech Infosystems) Hidden
Benutzerhandbuch anzeigen (HKLM-x32\...\View User Guide) (Version: 3.60.45.0 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 1.00.3004 - Acer Incorporated)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPOJP8600FWUpdateAlert (x32 Version: 1.00.0000 - HP) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.309.1 - McAfee, Inc.)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office Access Runtime (German) 2007 (HKLM-x32\...\{90120000-001C-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MotoHelper 2.0.24 Driver 4.7.1 (HKLM-x32\...\MotoHelper) (Version: 2.0.24 - Motorola)
MotoHelper MergeModules (x32 Version: 1.0.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 4.7.1 (Version: 4.7.1 - Motorola Inc.) Hidden
Mozilla Firefox 46.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
Nero 9 Essentials (HKLM-x32\...\{9d5299f9-f94e-43ed-9632-a5e045b51f7d}) (Version:  - Nero AG)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5930 - Realtek Semiconductor Corp.)
Rechnungsprofi Handwerker_4.2_1610 (HKLM-x32\...\{179F22D6-1E0A-4C43-8CE4-B27F10914CE8}) (Version: 4.2 - rechnungsprofi)
Samsung C1860 Series (HKLM-x32\...\Samsung C1860 Series) (Version: 1.08 (20.03.2015) - Samsung Electronics Co., Ltd.)
Samsung Drucker-Diagnose (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.4.2 - Samsung Electronics Co., Ltd.)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.06.60 (17.03.2015) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.79.00(26.03.2015) - Samsung Electronics Co., Ltd.)
Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.11.28 (10.03.2015) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (x32 Version: 1.03.05.25 - Samsung Electronics Co., Ltd.) Hidden
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Sony PC Companion 2.10.030 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.030 - Sony)
StarMoney (x32 Version: 2.0 - StarFinanz) Hidden
StarMoney (x32 Version: 3.0.0.124 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.3.24 - StarFinanz) Hidden
StarMoney (x32 Version: 5.0.0.226 - StarFinanz) Hidden
StarMoney 8.0  (HKLM-x32\...\{892B816F-35FB-4555-893E-667F90184899}) (Version: 8.0 - Star Finanz GmbH)
StarMoney Business 5.0  (HKLM-x32\...\{6E562DCF-4011-4283-8676-D983D9D362ED}) (Version: 5.0 - Star Finanz GmbH)
StarMoney Business 7  (HKLM-x32\...\{B2F65538-E52C-42F5-B1B7-3F612414E1FC}) (Version: 7 - Star Finanz GmbH)
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{B9824225-2055-4700-BCD4-64B25EC88264}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
sv.net (HKLM-x32\...\sv.net) (Version: 16.0 - ITSG GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
Tri-Towers 2.1.4.1  (HKLM-x32\...\Tri-Towers) (Version: 2.1.4.1 - Bernd Karle Hard- und Softwareentwicklung)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.353 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

"{044A6734-E90E-4F8F-B357-B2DC8AB3B5EC}" task wurde entsperrt. <===== ACHTUNG
Task: {06C9E068-F55F-401D-AA8E-102EB3BFFA09} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
"{088482FA-65B8-4E17-9ABF-1DCD48E8D373}" task wurde entsperrt. <===== ACHTUNG
Task: {09475F3F-B27D-4F26-9166-49D46FF2AA8B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
"{09F06BFE-A3C8-40E3-846A-6E6F4000C238}" task wurde entsperrt. <===== ACHTUNG
Task: {10EEACB9-F9E5-4CAE-BAEE-FE514520D821} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07] ()
"{1F7B7221-AE8F-44F3-BA82-F7D260F51964}" task wurde entsperrt. <===== ACHTUNG
Task: {22768F2D-F6F7-42A4-9BEB-F462DE414BBB} - System32\Tasks\McQcModifier-5c47-a7b0 => 
"{2470470F-2634-478E-B181-571E98A789BB}" task wurde entsperrt. <===== ACHTUNG
Task: {24F0A95E-EC04-4B44-BFBB-E552D6EA87F9} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07] ()
"{28011108-68DF-4C73-B91B-57427D501BBA}" task wurde entsperrt. <===== ACHTUNG
"{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" task wurde entsperrt. <===== ACHTUNG
"{47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4}" task wurde entsperrt. <===== ACHTUNG
"{486D715E-6AA2-44CF-BC48-B6990CBB53C6}" task wurde entsperrt. <===== ACHTUNG
"{4C8B01A2-11FF-4C41-848F-508EF4F00CF7}" task wurde entsperrt. <===== ACHTUNG
Task: {4D222E89-42C8-4F03-94CC-5DF79A5F9D33} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {4DF1A4DB-1C22-4D4F-9EF4-F05A650E95C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
"{5A40E926-9E86-4B89-9CFD-B12311724371}" task wurde entsperrt. <===== ACHTUNG
"{5B42DD9C-5A26-4F27-BB95-34603F0997E5}" task wurde entsperrt. <===== ACHTUNG
"{5C0AEEEA-C154-45BE-8499-BEA5F11BAFF6}" task wurde entsperrt. <===== ACHTUNG
"{5F5A18EB-DC73-4E45-A11C-B59043598412}" task wurde entsperrt. <===== ACHTUNG
"{613612BA-897D-44CE-8DC1-8FC283F9FD51}" task wurde entsperrt. <===== ACHTUNG
Task: {63B8624B-A8AF-4050-8316-6BAE42B95734} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {649D1052-466F-4237-9B05-E7E1D4597A5E} - System32\Tasks\hpUrlLauncher.exe_{AED75F07-6D29-40A6-88A3-5DE4AE5D0925} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUrlLauncher.exe [2012-10-17] (Hewlett-Packard Co.)
"{6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF}" task wurde entsperrt. <===== ACHTUNG
"{72DB7465-BC54-491B-A92A-4637A28C9BBF}" task wurde entsperrt. <===== ACHTUNG
"{753C47AE-EC5E-44B3-95A9-2C8E553F0E39}" task wurde entsperrt. <===== ACHTUNG
"{7AFCC0CA-7121-422A-AB45-B0E8D599FF08}" task wurde entsperrt. <===== ACHTUNG
"{81540B9F-B5BF-47EB-9C95-BE195BF2C664}" task wurde entsperrt. <===== ACHTUNG
"{9435F817-FED2-454E-88CD-7F78FDA62C48}" task wurde entsperrt. <===== ACHTUNG
"{994C86AD-A929-4B2C-88A0-4E25A107A029}" task wurde entsperrt. <===== ACHTUNG
"{9979CB83-103A-4105-9E5D-C74B0AF6D198}" task wurde entsperrt. <===== ACHTUNG
Task: {9C81E010-B408-4998-8CAC-6F8BF265A2AF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
"{A35BB7A6-5F0C-4C9F-8450-2B3BED532D51}" task wurde entsperrt. <===== ACHTUNG
"{A48CABBF-24C8-4B87-B00F-9261807C3B43}" task wurde entsperrt. <===== ACHTUNG
"{A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D}" task wurde entsperrt. <===== ACHTUNG
"{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" task wurde entsperrt. <===== ACHTUNG
"{AC668097-4D6B-4093-AC14-014C09DBF820}" task wurde entsperrt. <===== ACHTUNG
"{B0CBAB43-44FC-469B-A4CE-87426761FDCE}" task wurde entsperrt. <===== ACHTUNG
"{BE669C13-8165-4536-96D0-6D6C39292AAE}" task wurde entsperrt. <===== ACHTUNG
"{C016366B-7126-46CA-B36B-592A3D95A60B}" task wurde entsperrt. <===== ACHTUNG
"{CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E}" task wurde entsperrt. <===== ACHTUNG
"{CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186}" task wurde entsperrt. <===== ACHTUNG
"{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" task wurde entsperrt. <===== ACHTUNG
"{D0250F3F-6480-484F-B719-42F659AC64D5}" task wurde entsperrt. <===== ACHTUNG
"{D7B6E81D-3CF4-432C-84D2-24213F4316E6}" task wurde entsperrt. <===== ACHTUNG
"{DA41DE71-8431-42FB-9DB0-EB64A961DEAD}" task wurde entsperrt. <===== ACHTUNG
"{DD9F510C-95F4-499A-90C8-BAC5BC372FF4}" task wurde entsperrt. <===== ACHTUNG
"{E22A8667-F75B-4BA9-BA46-067ED4429DE8}" task wurde entsperrt. <===== ACHTUNG
"{E3163C33-301D-4730-A266-5518C5ED3967}" task wurde entsperrt. <===== ACHTUNG
Task: {E859E2A6-C8FF-4A6E-8DC4-CECBDA055425} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07] ()
"{EACA24FF-236C-401D-A1E7-B3D5267B8A50}" task wurde entsperrt. <===== ACHTUNG
"{EB02381F-D652-4B1C-894A-712498C62C51}" task wurde entsperrt. <===== ACHTUNG
Task: {EF2B4AAB-60C0-4BE4-861B-BA8DE8A5A079} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
"{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" task wurde entsperrt. <===== ACHTUNG
"{FB3C354D-297A-4EB2-9B58-090F6361906B}" task wurde entsperrt. <===== ACHTUNG
Task: {FC1FC7B2-044D-4BD5-9DF7-981913579FDF} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2015-06-25] (TuneUp Software)
"{FDD56C73-F0D5-41B6-B767-6EFFD7966428}" task wurde entsperrt. <===== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\Public\Desktop\Acer Zubehör Shop.lnk -> C:\Program Files\Acer Accessory Store\StartURL.exe () -> hxxp://store.acer-euro.com/de?utm_source=Icon&utm_medium=Icon&utm_campaign=Acer%2BInternal

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2012-11-18 18:28 - 2013-01-18 17:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-06-19 07:15 - 2015-06-19 07:15 - 00022528 _____ () C:\Windows\System32\ssy5clm.dll
2014-09-08 13:39 - 2014-09-08 13:39 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-09-08 13:38 - 2014-09-08 13:38 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2010-09-07 18:47 - 2010-09-07 18:47 - 00202048 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2009-08-18 09:27 - 2009-08-18 09:27 - 00629280 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2016-03-22 15:26 - 2015-11-05 22:02 - 00491328 ____N () C:\Windows\SysWOW64\spdsvc.exe
2015-06-25 07:53 - 2015-06-25 07:53 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2009-12-14 04:19 - 2009-12-09 11:24 - 00076320 _____ () C:\OEM\USBDECTION\USBS3S4Detection.exe
2010-09-07 18:47 - 2010-09-07 18:47 - 00664896 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
2009-02-03 03:33 - 2009-02-03 03:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-29 03:55 - 2008-09-29 03:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2009-08-18 09:31 - 2009-08-18 09:31 - 00163840 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2013-09-20 12:25 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 8.0\ouservice\PATCHW32.dll
2013-09-26 14:11 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney Business 5.0\ouservice\PATCHW32.dll
2016-02-25 09:13 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney Business 7\ouservice\PATCHW32.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0 [244]
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54 [238]
AlternateDataStreams: C:\ProgramData\Temp:93DE1838 [268]
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA [146]
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D [124]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3261976053-936494240-30525120-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\EBRA-BAU_2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: EgisTecLiveUpdate => "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
MSCONFIG\startupreg: GrooveMonitor => "D:\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{4032A6B9-4AA1-4461-864D-4A5772DA1182}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe
FirewallRules: [{FEC8F0AD-1217-47AE-B112-3A803545D1D0}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe
FirewallRules: [{06981FF9-D744-4999-B074-6B219878CE04}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
FirewallRules: [{0B0E9800-DD37-4A75-9A1B-4EFACFCF24EB}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe
FirewallRules: [{BF0D1009-94D7-448D-95EE-F0D48E5F06E4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{1A6A2E50-B677-4A10-AA23-E8CFB52320C9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{FB17B391-E41D-4E32-BA01-D40F559EF9C8}] => (Allow) svchost.exe
FirewallRules: [{249A026B-9E14-438D-87AE-0D2DF771EC9A}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{797B3241-C9D1-4D4E-AB4C-F9FC984678F5}] => (Allow) D:\Microsoft Office\Office12\outlook.exe
FirewallRules: [{710606E7-AD12-4512-B0E1-FC2B5EF8600A}] => (Allow) D:\Microsoft Office\Office12\GROOVE.EXE
FirewallRules: [{6F478C1F-1D38-46FF-B08C-E73D139CB3D4}] => (Allow) D:\Microsoft Office\Office12\GROOVE.EXE
FirewallRules: [{61C1D8A7-6E0B-46B3-8950-8C6CFEA8C537}] => (Allow) D:\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{CA594CC1-E727-488C-A42D-50384EAF5857}] => (Allow) D:\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{C143D9B8-4215-4FD5-97AC-5F3A4B411BA4}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [TCP Query User{17F268EE-A142-4284-AB27-ED622C838E57}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{635C2868-659C-4646-A826-0C7BC82275F1}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [{4FD4B6D7-7C09-48FD-8842-B98E21B046EB}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{53A5E676-3BCA-4BE8-B5F2-17FA1E70701C}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{2B0FFA17-E9BF-46E4-962C-E9E588BA6026}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{843630F0-0027-4323-848E-2F00BB73AA6B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F413D97F-7969-4A35-867B-5252D62CC2A5}] => (Allow) C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{1E49A2B0-3580-4FB9-8CA0-71B162AC157E}] => (Allow) C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{A496728E-D6AB-4880-8086-4522E680A0CC}] => (Allow) C:\Program Files (x86)\StarMoney 8.0\app\StarMoney.exe
FirewallRules: [{0176A5AD-2E58-4CAE-8F2A-94CF18120AD1}] => (Allow) C:\Program Files (x86)\StarMoney 8.0\app\StarMoney.exe
FirewallRules: [{0A6CAC9D-7277-4904-A4BC-0ADD40D262B7}] => (Allow) C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{50E3D03E-CFF2-4DDA-B662-176069D8D151}] => (Allow) C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{DF1C0569-4BCD-4753-8061-D02C41215C4F}] => (Allow) C:\Program Files (x86)\StarMoney Business 5.0\app\StarMoney.exe
FirewallRules: [{44541018-F12A-41F0-8224-FC0B8B02241A}] => (Allow) C:\Program Files (x86)\StarMoney Business 5.0\app\StarMoney.exe
FirewallRules: [{18A7DA66-3DA3-4A59-9FCA-2BB4394E51BC}] => (Allow) D:\Microsoft Office\Office12\GROOVE.EXE
FirewallRules: [{BA8EE89D-268E-4C61-AE21-4A43E6CA5956}] => (Allow) D:\Microsoft Office\Office12\GROOVE.EXE
FirewallRules: [{24AEC15C-379B-45B5-A7E4-C61F459CBC87}] => (Allow) D:\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{F22B414C-2D71-4A1F-ACCE-B5064F31E7AA}] => (Allow) D:\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{61C6980A-A668-4BA5-9DA3-02D89D06B9F3}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{79394469-0586-4A11-A18C-780BC3C69538}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{7EAA10E4-054A-41D7-88EC-46206BA14EE3}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{406CFB35-50DD-4EE4-AF5B-BB1A65830F4A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{AF514C3D-6A9F-4FF8-937C-528C8C4A0AB1}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{2EC6B62E-BED1-4DCF-87C4-271011F4A218}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{E8CDDA4E-F8C8-4831-A59B-D533500D6C37}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BCBB881E-1BC9-4E24-A345-E659D334D8CD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B431C9F9-202A-4A75-804D-8F1823428748}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7AAFA214-6F21-449F-8362-6698E239E977}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9551B65F-AF9C-41F7-97A6-EC019062EC95}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AE3DE0B3-9370-473A-B853-AA8188C21AD6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{841F947D-CC86-46F4-AB2C-B7DA5952F6C3}] => (Allow) C:\Windows\twain_32\Samsung\SLC1860\ScanCDLM\ScanCDLM.exe
FirewallRules: [{5D66757B-6BF6-4D23-8A48-32A21E554291}] => (Allow) C:\Windows\twain_32\Samsung\SLC1860\ScanCDLM\ScanCDLM.exe
FirewallRules: [{A32E12AB-B93B-42F5-97A9-219CBC4E131C}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{106CBDA8-B873-4B75-A77C-D4150C304BCE}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{52717344-29D0-4900-B9CD-E859BD037FDE}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{2B342D88-5F52-4236-962E-953D89F9EDDE}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [TCP Query User{EBC7FBCC-98C4-4390-8033-68C9C7F22320}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{26848DD3-7F09-42DC-8DD9-F105F35C7E07}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{515E1C61-45DA-4CA8-BE64-93524232BB10}] => (Allow) C:\Program Files (x86)\StarMoney Business 7\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{9ADFEAC4-D9F5-48C6-B9E6-288624A37511}] => (Allow) C:\Program Files (x86)\StarMoney Business 7\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{67ED3E20-CBB1-4178-9F4E-B9F6F20D5A0B}] => (Allow) C:\Program Files (x86)\StarMoney Business 7\app\StarMoney.exe
FirewallRules: [{1E161FD8-A103-4595-968A-2FA2AB81AFC4}] => (Allow) C:\Program Files (x86)\StarMoney Business 7\app\StarMoney.exe
FirewallRules: [{BEC7A39E-F126-4A9B-B731-D3373276ED36}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{42EF602F-491F-4470-B27E-C6273AC9E238}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{848431C4-4894-4903-BFD3-08F376C4B609}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{4B305319-DDD0-4A0F-B584-F9CCBA88FB15}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{B5B0BFD2-B147-40AE-B106-5A3CB33E6F15}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{FB5004E2-C81D-48A9-9C5A-2AAA189700A7}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{8BCB4765-AE26-4642-8BA1-4D2EEBBB9F35}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{DD182D00-4D8B-4DE5-8A23-13D74F088055}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{026255C2-F983-4DC7-9D12-918FD0137CDF}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{6CE1220E-6A47-47EB-8ECA-458A8DD90855}] => (Allow) C:\Program Files (x86)\Samsung\Network PC Fax\drv\NetFaxMon64.exe
FirewallRules: [{B6782D00-3F63-4D72-ABFC-2A1E64C2FF29}] => (Allow) C:\Program Files (x86)\Samsung\Network PC Fax\drv\NetFaxMon.exe
FirewallRules: [{45D491F5-93CA-4A10-8B4D-97DF5510C0AC}] => (Allow) C:\Windows\system32\spool\drivers\x64\3\NetFaxMon64.exe
FirewallRules: [{CAEB8D53-FAB6-47FF-A430-64D2D4219B1A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7D27856C-6403-47AB-B649-A310FB456A70}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{771E2EFC-EB37-48E4-B21D-01746AF7FFA1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6BCF68C4-B085-4B55-A124-3D13970334B3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{74A79385-BB1F-4FD7-8C05-68FA89229559}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F19E16E3-DBBF-49B7-B219-C2FB118BEDB4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (05/17/2016 03:05:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm NeroExpress.exe, Version 9.4.10.505 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: ed4

Startzeit: 01d1b03ca4d199f9

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\Nero\Nero 9\Nero Express\NeroExpress.exe

Berichts-ID:

Error: (05/14/2016 07:24:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 46.0.1.5966, Zeitstempel: 0x572818c9
Name des fehlerhaften Moduls: mozglue.dll, Version: 46.0.1.5966, Zeitstempel: 0x572808c3
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000efdc
ID des fehlerhaften Prozesses: 0x1984
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (04/27/2016 01:04:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/27/2016 01:04:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/27/2016 01:04:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/18/2016 09:54:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname EBRA-BAU-2-PC.local already in use; will try EBRA-BAU-2-PC-2.local instead

Error: (02/18/2016 09:54:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister   16 EBRA-BAU-2-PC.local. AAAA FE80:0000:0000:0000:A4C8:4270:2C92:BC0E

Error: (02/18/2016 09:54:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.103:5353   16 EBRA-BAU-2-PC.local. AAAA 2003:0060:4D2A:5801:A4C8:4270:2C92:BC0E

Error: (02/18/2016 09:54:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing:    4 EBRA-BAU-2-PC.local. Addr 192.168.2.103

Error: (02/18/2016 09:54:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 0000000000D66630 Our Record 0 won:  8AE265EE   16 EBRA-BAU-2-PC.local. AAAA FE80:0000:0000:0000:A4C8:4270:2C92:BC0E


Systemfehler:
=============
Error: (05/17/2016 09:19:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (05/17/2016 09:19:45 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (05/17/2016 09:18:29 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/17/2016 09:17:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/17/2016 09:17:29 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147942405.

Error: (05/17/2016 09:17:29 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147942405.

Error: (05/17/2016 09:17:29 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT-AUTORITÄT)
Description: Die Aufgabenplanungdienst konnte durch den Computerstart ausgelöste Aufgaben nicht starten. Zusätzliche Daten: Fehlerwert: 2147942405.

Error: (05/17/2016 09:04:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (05/17/2016 09:04:21 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (05/17/2016 09:03:05 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz
Prozentuale Nutzung des RAM: 42%
Installierter physikalischer RAM: 3959.09 MB
Verfügbarer physikalischer RAM: 2272.56 MB
Summe virtueller Speicher: 4157.28 MB
Verfügbarer virtueller Speicher: 2104.99 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:390.05 GB) (Free:229.16 GB) NTFS
Drive d: (Data) (Fixed) (Total:61.94 GB) (Free:60.93 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F467897B)
Partition 1: (Not Active) - (Size=13.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=390 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=61.9 GB) - (Type=OF Extended)

==================== Ende von Addition.txt ===================

Alt 17.05.2016, 20:42   #7
xort_ebra
 
Windows 7/Xort-Verschlüsselung/ Decrypter ? - Standard

Windows 7/Xort-Verschlüsselung/ Decrypter ?


Schritt 3

Code:
ATTFilter
21:30:22.0113 0x1728  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
21:30:30.0902 0x1728  ============================================================
21:30:30.0902 0x1728  Current date / time: 2016/05/17 21:30:30.0902
21:30:30.0902 0x1728  SystemInfo:
21:30:30.0902 0x1728  
21:30:30.0902 0x1728  OS Version: 6.1.7601 ServicePack: 1.0
21:30:30.0902 0x1728  Product type: Workstation
21:30:30.0903 0x1728  ComputerName: EBRA-BAU_2-PC
21:30:30.0903 0x1728  UserName: EBRA-BAU_2
21:30:30.0903 0x1728  Windows directory: C:\Windows
21:30:30.0903 0x1728  System windows directory: C:\Windows
21:30:30.0903 0x1728  Running under WOW64
21:30:30.0903 0x1728  Processor architecture: Intel x64
21:30:30.0903 0x1728  Number of processors: 4
21:30:30.0903 0x1728  Page size: 0x1000
21:30:30.0903 0x1728  Boot type: Normal boot
21:30:30.0903 0x1728  ============================================================
21:30:30.0977 0x1728  KLMD registered as C:\Windows\system32\drivers\38693721.sys
21:30:31.0059 0x1728  System UUID: {0984EFDE-BF5A-62E2-0F74-E46F47A72763}
21:30:31.0359 0x1728  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:30:31.0366 0x1728  ============================================================
21:30:31.0366 0x1728  \Device\Harddisk0\DR0:
21:30:31.0367 0x1728  MBR partitions:
21:30:31.0367 0x1728  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B58800, BlocksNum 0x32000
21:30:31.0367 0x1728  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B8A800, BlocksNum 0x30C1802B
21:30:31.0367 0x1728  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x327A2870, BlocksNum 0x7BE23D1
21:30:31.0367 0x1728  ============================================================
21:30:31.0368 0x1728  C: <-> \Device\Harddisk0\DR0\Partition2
21:30:31.0368 0x1728  D: <-> \Device\Harddisk0\DR0\Partition3
21:30:31.0368 0x1728  ============================================================
21:30:31.0368 0x1728  Initialize success
21:30:31.0368 0x1728  ============================================================
21:31:06.0067 0x15b4  ============================================================
21:31:06.0067 0x15b4  Scan started
21:31:06.0067 0x15b4  Mode: Manual; SigCheck; TDLFS; 
21:31:06.0067 0x15b4  ============================================================
21:31:06.0067 0x15b4  KSN ping started
21:31:08.0361 0x15b4  KSN ping finished: true
21:31:08.0531 0x15b4  ================ Scan system memory ========================
21:31:08.0531 0x15b4  System memory - ok
21:31:08.0531 0x15b4  ================ Scan services =============================
21:31:08.0560 0x15b4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:31:08.0615 0x15b4  1394ohci - ok
21:31:08.0630 0x15b4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:31:08.0646 0x15b4  ACPI - ok
21:31:08.0650 0x15b4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:31:08.0663 0x15b4  AcpiPmi - ok
21:31:08.0670 0x15b4  [ 36114214BF8D7C464D1E92E4EB6B2DD3, 8E7CB266D4ABCDF332A3D4D341753811D51B72985E36F24A7E757DCA11A65A2A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:31:08.0680 0x15b4  AdobeARMservice - ok
21:31:08.0699 0x15b4  [ 6A050671F2C76FB48131F12786802807, 71B37A9CEAE5AB1B069FB010BC547E14445461885B74FA879E63F9F2DAF644A5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:31:08.0712 0x15b4  AdobeFlashPlayerUpdateSvc - ok
21:31:08.0727 0x15b4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
21:31:08.0747 0x15b4  adp94xx - ok
21:31:08.0758 0x15b4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
21:31:08.0774 0x15b4  adpahci - ok
21:31:08.0781 0x15b4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
21:31:08.0794 0x15b4  adpu320 - ok
21:31:08.0800 0x15b4  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:31:08.0811 0x15b4  AeLookupSvc - ok
21:31:08.0827 0x15b4  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
21:31:08.0847 0x15b4  AFD - ok
21:31:08.0852 0x15b4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
21:31:08.0862 0x15b4  agp440 - ok
21:31:08.0866 0x15b4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
21:31:08.0878 0x15b4  ALG - ok
21:31:08.0883 0x15b4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:31:08.0893 0x15b4  aliide - ok
21:31:08.0897 0x15b4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:31:08.0906 0x15b4  amdide - ok
21:31:08.0910 0x15b4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:31:08.0921 0x15b4  AmdK8 - ok
21:31:08.0926 0x15b4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:31:08.0937 0x15b4  AmdPPM - ok
21:31:08.0942 0x15b4  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:31:08.0954 0x15b4  amdsata - ok
21:31:08.0962 0x15b4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:31:08.0975 0x15b4  amdsbs - ok
21:31:08.0978 0x15b4  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:31:08.0987 0x15b4  amdxata - ok
21:31:09.0015 0x15b4  [ 37CD9EB03B36D8329F96BA921470DB54, 0CD3BFBA51F84D83E3B208D2BED7CE8E91B447B2037014663EC7CB8E5A925201 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
21:31:09.0048 0x15b4  AntiVirMailService - ok
21:31:09.0063 0x15b4  [ 98C06275DB53A1E70AB8CB94013B20D4, 5DE48C829A66B0F4C8119E75D985D63C1020FA318696BD19E44E0A07CD6F1ED0 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:31:09.0081 0x15b4  AntiVirSchedulerService - ok
21:31:09.0095 0x15b4  [ 98C06275DB53A1E70AB8CB94013B20D4, 5DE48C829A66B0F4C8119E75D985D63C1020FA318696BD19E44E0A07CD6F1ED0 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:31:09.0113 0x15b4  AntiVirService - ok
21:31:09.0144 0x15b4  [ B667AB46FA82FC246F9069D81BB1065C, CC3ADE01E745B6A4F425E41C5C380BF0D06121B3823BDF0A8DF2973DA59F86EA ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
21:31:09.0180 0x15b4  AntiVirWebService - ok
21:31:09.0185 0x15b4  [ 6474F8823C7188D2DA579F01FB6CED6B, 81D4E9D026CA60FB8840D520D151B8C2F4745A75DF90A4D6C80641F1A23AB605 ] AppID           C:\Windows\system32\drivers\appid.sys
21:31:09.0196 0x15b4  AppID - ok
21:31:09.0200 0x15b4  [ 8F58BA1F7772D6D7CE45F03309608001, CDB109E0DD241042C058F7D81A1BDEBC34435CB2DC4A7A7A3692193DD5806097 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:31:09.0209 0x15b4  AppIDSvc - ok
21:31:09.0214 0x15b4  [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo         C:\Windows\System32\appinfo.dll
21:31:09.0225 0x15b4  Appinfo - ok
21:31:09.0230 0x15b4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
21:31:09.0241 0x15b4  arc - ok
21:31:09.0246 0x15b4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:31:09.0257 0x15b4  arcsas - ok
21:31:09.0266 0x15b4  [ 660D597B7A78256734D7F3230B21B355, CAA19E8EFAD63B8975A4CD8EFD5CE5F21E056856D36BC5A9E48517F1E574ABBA ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:31:09.0282 0x15b4  aspnet_state - ok
21:31:09.0285 0x15b4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:31:09.0317 0x15b4  AsyncMac - ok
21:31:09.0320 0x15b4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:31:09.0330 0x15b4  atapi - ok
21:31:09.0357 0x15b4  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:31:09.0382 0x15b4  AudioEndpointBuilder - ok
21:31:09.0409 0x15b4  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:31:09.0433 0x15b4  AudioSrv - ok
21:31:09.0440 0x15b4  [ 742D578C28F6F58B8B576F91A1D8EB4E, 6C49EC198E67CE40728F0C19CB2BDCB59310BA59324F58E4D456DA2C8CC28BA6 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:31:09.0451 0x15b4  avgntflt - ok
21:31:09.0457 0x15b4  [ FBC2483AD62FBC8BD76A4254C50874BA, 04398AB0221535DD5D0A1AF6CA107F815CD607E668E2E7887D061FCED7373728 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:31:09.0468 0x15b4  avipbb - ok
21:31:09.0477 0x15b4  [ 125DFFF37D51A45A72934C3BF89A64CD, 19208A6544DC822D5010C835A6FA5E8AC5406CBFB277C4C9E034EF6309B113EE ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
21:31:09.0491 0x15b4  Avira.ServiceHost - ok
21:31:09.0495 0x15b4  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:31:09.0504 0x15b4  avkmgr - ok
21:31:09.0509 0x15b4  [ 7FDC860B34BDFFDFCE98622F81F24FA9, 3EF774A7F2EB741633611400161B6D4F642F9357BF6E957E14E70D1645BE6466 ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
21:31:09.0517 0x15b4  avnetflt - ok
21:31:09.0523 0x15b4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:31:09.0539 0x15b4  AxInstSV - ok
21:31:09.0554 0x15b4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
21:31:09.0573 0x15b4  b06bdrv - ok
21:31:09.0584 0x15b4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:31:09.0599 0x15b4  b57nd60a - ok
21:31:09.0606 0x15b4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:31:09.0617 0x15b4  BDESVC - ok
21:31:09.0620 0x15b4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:31:09.0651 0x15b4  Beep - ok
21:31:09.0674 0x15b4  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
21:31:09.0699 0x15b4  BFE - ok
21:31:09.0723 0x15b4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
21:31:09.0772 0x15b4  BITS - ok
21:31:09.0780 0x15b4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:31:09.0790 0x15b4  blbdrive - ok
21:31:09.0806 0x15b4  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:31:09.0824 0x15b4  Bonjour Service - ok
21:31:09.0830 0x15b4  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:31:09.0841 0x15b4  bowser - ok
21:31:09.0844 0x15b4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:31:09.0856 0x15b4  BrFiltLo - ok
21:31:09.0860 0x15b4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:31:09.0872 0x15b4  BrFiltUp - ok
21:31:09.0879 0x15b4  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
21:31:09.0893 0x15b4  Browser - ok
21:31:09.0904 0x15b4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:31:09.0920 0x15b4  Brserid - ok
21:31:09.0927 0x15b4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:31:09.0944 0x15b4  BrSerWdm - ok
21:31:09.0947 0x15b4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:31:09.0959 0x15b4  BrUsbMdm - ok
21:31:09.0963 0x15b4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:31:09.0972 0x15b4  BrUsbSer - ok
21:31:09.0975 0x15b4  [ FF7C57973EEAD140062238C5A0B7D455, 71055CAA7A7072F88E9218F2DCBD3122FAB3DFEE042F8D4D0D90AAC922C736E2 ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
21:31:09.0988 0x15b4  BTCFilterService - ok
21:31:09.0993 0x15b4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:31:10.0006 0x15b4  BTHMODEM - ok
21:31:10.0014 0x15b4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
21:31:10.0046 0x15b4  bthserv - ok
21:31:10.0053 0x15b4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:31:10.0094 0x15b4  cdfs - ok
21:31:10.0101 0x15b4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
21:31:10.0114 0x15b4  cdrom - ok
21:31:10.0119 0x15b4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
21:31:10.0150 0x15b4  CertPropSvc - ok
21:31:10.0155 0x15b4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:31:10.0167 0x15b4  circlass - ok
21:31:10.0180 0x15b4  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
21:31:10.0198 0x15b4  CLFS - ok
21:31:10.0203 0x15b4  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:31:10.0214 0x15b4  clr_optimization_v2.0.50727_32 - ok
21:31:10.0220 0x15b4  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:31:10.0230 0x15b4  clr_optimization_v2.0.50727_64 - ok
21:31:10.0238 0x15b4  [ AB4CD527BEFCC43EE441E6C50CCE54C8, 13B776AE63049FFBA7E35EA0A4C26EBB57B10D973E05C4CF1214249754DC46E4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:31:10.0256 0x15b4  clr_optimization_v4.0.30319_32 - ok
21:31:10.0261 0x15b4  [ 1400C75FF021D6CFACE46AC41B60770E, 3FCB8D7714A79522F2738037D559F1FFFB2F05C5406D2A038EF5DDB4629CA1CE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:31:10.0278 0x15b4  clr_optimization_v4.0.30319_64 - ok
21:31:10.0281 0x15b4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:31:10.0291 0x15b4  CmBatt - ok
21:31:10.0293 0x15b4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:31:10.0302 0x15b4  cmdide - ok
21:31:10.0316 0x15b4  [ CA3FB5A6B626D8A00A89E049CF95954E, CD5E3E40972513195108BA46CEC1D0AEA6B09A67EEBDD17EB759BD1729B07C06 ] CNG             C:\Windows\system32\Drivers\cng.sys
21:31:10.0340 0x15b4  CNG - ok
21:31:10.0344 0x15b4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:31:10.0353 0x15b4  Compbatt - ok
21:31:10.0358 0x15b4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:31:10.0371 0x15b4  CompositeBus - ok
21:31:10.0374 0x15b4  COMSysApp - ok
21:31:10.0378 0x15b4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
21:31:10.0387 0x15b4  crcdisk - ok
21:31:10.0396 0x15b4  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:31:10.0410 0x15b4  CryptSvc - ok
21:31:10.0426 0x15b4  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:31:10.0447 0x15b4  DcomLaunch - ok
21:31:10.0458 0x15b4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:31:10.0495 0x15b4  defragsvc - ok
21:31:10.0501 0x15b4  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:31:10.0533 0x15b4  DfsC - ok
21:31:10.0537 0x15b4  DgiVecp - ok
21:31:10.0549 0x15b4  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:31:10.0566 0x15b4  Dhcp - ok
21:31:10.0605 0x15b4  [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack       C:\Windows\system32\diagtrack.dll
21:31:10.0645 0x15b4  DiagTrack - ok
21:31:10.0650 0x15b4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
21:31:10.0682 0x15b4  discache - ok
21:31:10.0687 0x15b4  [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk            C:\Windows\system32\drivers\disk.sys
21:31:10.0697 0x15b4  Disk - ok
21:31:10.0704 0x15b4  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:31:10.0717 0x15b4  Dnscache - ok
21:31:10.0726 0x15b4  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:31:10.0762 0x15b4  dot3svc - ok
21:31:10.0769 0x15b4  [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
21:31:10.0784 0x15b4  Dot4 - ok
21:31:10.0789 0x15b4  [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
21:31:10.0801 0x15b4  Dot4Print - ok
21:31:10.0805 0x15b4  [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
21:31:10.0818 0x15b4  dot4usb - ok
21:31:10.0824 0x15b4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
21:31:10.0858 0x15b4  DPS - ok
21:31:10.0861 0x15b4  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:31:10.0870 0x15b4  drmkaud - ok
21:31:10.0895 0x15b4  [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:31:10.0926 0x15b4  DXGKrnl - ok
21:31:10.0936 0x15b4  [ 52A482DC61F24B498C8268866B90BB44, C3D01124E4544B54474BCEF4971D1AEE64F6AEA4BE65B9C4916047FB1F948D2F ] e1kexpress      C:\Windows\system32\DRIVERS\e1k62x64.sys
21:31:10.0949 0x15b4  e1kexpress - ok
21:31:10.0956 0x15b4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
21:31:10.0989 0x15b4  EapHost - ok
21:31:11.0070 0x15b4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
21:31:11.0151 0x15b4  ebdrv - ok
21:31:11.0158 0x15b4  [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] EFS             C:\Windows\System32\lsass.exe
21:31:11.0168 0x15b4  EFS - ok
21:31:11.0188 0x15b4  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:31:11.0212 0x15b4  ehRecvr - ok
21:31:11.0218 0x15b4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
21:31:11.0231 0x15b4  ehSched - ok
21:31:11.0247 0x15b4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
21:31:11.0268 0x15b4  elxstor - ok
21:31:11.0272 0x15b4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:31:11.0281 0x15b4  ErrDev - ok
21:31:11.0295 0x15b4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
21:31:11.0335 0x15b4  EventSystem - ok
21:31:11.0343 0x15b4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
21:31:11.0378 0x15b4  exfat - ok
21:31:11.0386 0x15b4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:31:11.0421 0x15b4  fastfat - ok
21:31:11.0441 0x15b4  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
21:31:11.0465 0x15b4  Fax - ok
21:31:11.0469 0x15b4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:31:11.0479 0x15b4  fdc - ok
21:31:11.0483 0x15b4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
21:31:11.0514 0x15b4  fdPHost - ok
21:31:11.0518 0x15b4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:31:11.0549 0x15b4  FDResPub - ok
21:31:11.0554 0x15b4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:31:11.0564 0x15b4  FileInfo - ok
21:31:11.0568 0x15b4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:31:11.0596 0x0a60  Object required for P2P: [ 6A050671F2C76FB48131F12786802807 ] AdobeFlashPlayerUpdateSvc
21:31:11.0600 0x15b4  Filetrace - ok
21:31:11.0604 0x15b4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:31:11.0614 0x15b4  flpydisk - ok
21:31:11.0623 0x15b4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:31:11.0638 0x15b4  FltMgr - ok
21:31:11.0671 0x15b4  [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache       C:\Windows\system32\FntCache.dll
21:31:11.0706 0x15b4  FontCache - ok
21:31:11.0712 0x15b4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:31:11.0720 0x15b4  FontCache3.0.0.0 - ok
21:31:11.0726 0x15b4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:31:11.0736 0x15b4  FsDepends - ok
21:31:11.0740 0x15b4  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:31:11.0749 0x15b4  Fs_Rec - ok
21:31:11.0757 0x15b4  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:31:11.0773 0x15b4  fvevol - ok
21:31:11.0778 0x15b4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:31:11.0788 0x15b4  gagp30kx - ok
21:31:11.0810 0x15b4  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:31:11.0857 0x15b4  gpsvc - ok
21:31:11.0887 0x15b4  [ 816FD5A6F3C2F3D600900096632FC60E, D92401C4B56663F8A12B6390562608A125713408B00266C53844129679E48E9C ] Greg_Service    C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
21:31:11.0919 0x15b4  Greg_Service - ok
21:31:11.0927 0x15b4  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:31:11.0937 0x15b4  gupdate - ok
21:31:11.0943 0x15b4  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:31:11.0952 0x15b4  gupdatem - ok
21:31:11.0965 0x15b4  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:31:11.0976 0x15b4  gusvc - ok
21:31:11.0980 0x15b4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:31:11.0989 0x15b4  hcw85cir - ok
21:31:12.0004 0x15b4  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:31:12.0024 0x15b4  HdAudAddService - ok
21:31:12.0030 0x15b4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:31:12.0045 0x15b4  HDAudBus - ok
21:31:12.0049 0x15b4  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
21:31:12.0057 0x15b4  HECIx64 - ok
21:31:12.0061 0x15b4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
21:31:12.0071 0x15b4  HidBatt - ok
21:31:12.0076 0x15b4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:31:12.0091 0x15b4  HidBth - ok
21:31:12.0095 0x15b4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:31:12.0108 0x15b4  HidIr - ok
21:31:12.0111 0x15b4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
21:31:12.0143 0x15b4  hidserv - ok
21:31:12.0149 0x15b4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:31:12.0158 0x15b4  HidUsb - ok
21:31:12.0163 0x15b4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:31:12.0195 0x15b4  hkmsvc - ok
21:31:12.0203 0x15b4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:31:12.0218 0x15b4  HomeGroupListener - ok
21:31:12.0225 0x15b4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:31:12.0239 0x15b4  HomeGroupProvider - ok
21:31:12.0244 0x15b4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:31:12.0254 0x15b4  HpSAMD - ok
21:31:12.0280 0x15b4  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:31:12.0306 0x15b4  HTTP - ok
21:31:12.0309 0x15b4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:31:12.0318 0x15b4  hwpolicy - ok
21:31:12.0323 0x15b4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:31:12.0325 0x163c  Object required for P2P: [ 125DFFF37D51A45A72934C3BF89A64CD ] Avira.ServiceHost
21:31:12.0335 0x15b4  i8042prt - ok
21:31:12.0345 0x15b4  [ 660BF3255A1EB18ED803FD2FBA6AE400, 74A77E9828D62F2821D398EAA84BB15BF093EAD1BD5A7824362ED3D1A063C509 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:31:12.0359 0x15b4  IAANTMON - ok
21:31:12.0371 0x15b4  [ BE7D72FCF442C26975942007E0831241, A0FD29B3D1A1278787F8B3FBE7EC3216AAF328467974A6D90752639BB44DCD84 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
21:31:12.0387 0x15b4  iaStor - ok
21:31:12.0400 0x15b4  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:31:12.0418 0x15b4  iaStorV - ok
21:31:12.0446 0x15b4  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:31:12.0474 0x15b4  idsvc - ok
21:31:12.0480 0x15b4  IEEtwCollectorService - ok
21:31:12.0485 0x15b4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
21:31:12.0494 0x15b4  iirsp - ok
21:31:12.0517 0x15b4  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
21:31:12.0545 0x15b4  IKEEXT - ok
21:31:12.0595 0x15b4  [ D2356EBE25781B2FB61687E4D07ED188, 3950A09D4DD97CD777A22B572D1E79CBAB4072DB3CC70268FFB6EFC678A77D73 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:31:12.0645 0x15b4  IntcAzAudAddService - ok
21:31:12.0651 0x15b4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:31:12.0660 0x15b4  intelide - ok
21:31:12.0665 0x15b4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:31:12.0675 0x15b4  intelppm - ok
21:31:12.0682 0x15b4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:31:12.0715 0x15b4  IPBusEnum - ok
21:31:12.0719 0x15b4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:31:12.0751 0x15b4  IpFilterDriver - ok
21:31:12.0766 0x15b4  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:31:12.0788 0x15b4  iphlpsvc - ok
21:31:12.0794 0x15b4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:31:12.0805 0x15b4  IPMIDRV - ok
21:31:12.0810 0x15b4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:31:12.0844 0x15b4  IPNAT - ok
21:31:12.0848 0x15b4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:31:12.0862 0x15b4  IRENUM - ok
21:31:12.0865 0x15b4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:31:12.0874 0x15b4  isapnp - ok
21:31:12.0885 0x15b4  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:31:12.0900 0x15b4  iScsiPrt - ok
21:31:12.0904 0x15b4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:31:12.0914 0x15b4  kbdclass - ok
21:31:12.0918 0x15b4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:31:12.0928 0x15b4  kbdhid - ok
21:31:12.0931 0x15b4  [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] KeyIso          C:\Windows\system32\lsass.exe
21:31:12.0941 0x15b4  KeyIso - ok
21:31:12.0946 0x15b4  [ 0878723427BA190E5ABA5AA0112FA4D4, E332C83D3F4DF71761AA3DAC2C721FC2029F71ECC88A66E175BA56510855C4D4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:31:12.0957 0x15b4  KSecDD - ok
21:31:12.0963 0x15b4  [ C08CCCE2BE68D04E6C142614736959DA, AEC0AFC5C28DDC14DD6918BB6E236FA1C85CC30D69DA9AE40F9962D88248040F ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:31:12.0975 0x15b4  KSecPkg - ok
21:31:12.0979 0x15b4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:31:13.0010 0x15b4  ksthunk - ok
21:31:13.0023 0x15b4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:31:13.0061 0x15b4  KtmRm - ok
21:31:13.0070 0x15b4  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:31:13.0107 0x15b4  LanmanServer - ok
21:31:13.0113 0x15b4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:31:13.0146 0x15b4  LanmanWorkstation - ok
21:31:13.0152 0x15b4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:31:13.0184 0x15b4  lltdio - ok
21:31:13.0195 0x15b4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:31:13.0232 0x15b4  lltdsvc - ok
21:31:13.0236 0x15b4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:31:13.0268 0x15b4  lmhosts - ok
21:31:13.0276 0x15b4  [ 7485FBCEF9136F530953575E2977859D, 5A6A67EE407C6ECE637C2B2AC21259BB86D032E47CE59F77AAF48D687B74CFCB ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:31:13.0289 0x15b4  LMS - ok
21:31:13.0296 0x15b4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
21:31:13.0307 0x15b4  LSI_FC - ok
21:31:13.0313 0x15b4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
21:31:13.0324 0x15b4  LSI_SAS - ok
21:31:13.0329 0x15b4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:31:13.0340 0x15b4  LSI_SAS2 - ok
21:31:13.0346 0x15b4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:31:13.0357 0x15b4  LSI_SCSI - ok
21:31:13.0363 0x15b4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
21:31:13.0397 0x15b4  luafv - ok
21:31:13.0407 0x15b4  [ 504B5C84672392496BBE68FF450F9215, 19665E6A8E04729D45E0EE6C5A2E798ED76102949BF8342877041BE2C871042B ] McComponentHostService C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe
21:31:13.0421 0x15b4  McComponentHostService - ok
21:31:13.0427 0x15b4  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:31:13.0439 0x15b4  Mcx2Svc - ok
21:31:13.0443 0x15b4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
21:31:13.0453 0x15b4  megasas - ok
21:31:13.0463 0x15b4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
21:31:13.0478 0x15b4  MegaSR - ok
21:31:13.0485 0x15b4  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service D:\Microsoft Office\Office12\GrooveAuditService.exe
21:31:13.0495 0x15b4  Microsoft Office Groove Audit Service - ok
21:31:13.0500 0x15b4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
21:31:13.0533 0x15b4  MMCSS - ok
21:31:13.0537 0x15b4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
21:31:13.0569 0x15b4  Modem - ok
21:31:13.0573 0x15b4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:31:13.0585 0x15b4  monitor - ok
21:31:13.0589 0x15b4  [ 93F5ADCAD940111F6D4D71AE1D9EC7F6, 12E5D2F0B6D419E9FAA9D10A99FA33DA686DA2FEE6E1C6AE94DC0D22B9DD4929 ] motccgp         C:\Windows\system32\DRIVERS\motccgp.sys
21:31:13.0602 0x15b4  motccgp - ok
21:31:13.0605 0x15b4  [ D51E009BAEDA07EBC107D49D224C2414, F8EF80E91D67697337DD82FE0489448D2566C97C6B189BBBB4733B42BF26AB0C ] motccgpfl       C:\Windows\system32\DRIVERS\motccgpfl.sys
21:31:13.0616 0x15b4  motccgpfl - ok
21:31:13.0621 0x15b4  [ DB83DC223B9133DA3E41AFCBDECC46B5, A0780ECFC8A08BD5FE71C0413AC50BC4E00AA4A4B5CD9997889F5FA86B93D698 ] motmodem        C:\Windows\system32\DRIVERS\motmodem.sys
21:31:13.0633 0x15b4  motmodem - ok
21:31:13.0640 0x15b4  [ 36AC4DECEAE4226A5B5DD038C49658E1, FFCFEA39368130A8DF8CA9B63F89ACCDBD448841A7488E0C02E3C8EC947A0D9C ] MotoHelper      C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
21:31:13.0651 0x15b4  MotoHelper - ok
21:31:13.0654 0x15b4  [ EBD05F60CAFC5BBA2602B8D7101082D3, 9144E1E7C4DD6150C0E97B4C628DE0216ED372062F5F0FB216C81CAF93DBBF07 ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
21:31:13.0666 0x15b4  MotoSwitchService - ok
21:31:13.0669 0x15b4  [ 87701078C3F720AC7A028E937994CC49, 8A16F0E91F44DA2679DD54266324618930C081C768E067B28AAEB93EC599C4E0 ] Motousbnet      C:\Windows\system32\DRIVERS\Motousbnet.sys
21:31:13.0681 0x15b4  Motousbnet - ok
21:31:13.0684 0x15b4  [ 307727F9829FB46FF4BE0E4D1DAC5002, AE3CC069634D01748869E141E948553EA23E6F12BEDCE26F412A702377805496 ] motusbdevice    C:\Windows\system32\DRIVERS\motusbdevice.sys
21:31:13.0696 0x15b4  motusbdevice - ok
21:31:13.0700 0x15b4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:31:13.0710 0x15b4  mouclass - ok
21:31:13.0715 0x15b4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:31:13.0725 0x15b4  mouhid - ok
21:31:13.0732 0x15b4  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:31:13.0743 0x15b4  mountmgr - ok
21:31:13.0749 0x15b4  [ FC9A9C09B35A93F76A03D5E355FA862C, B7ED57B9D39D547BA2927FC5F02C2475BF131FDB8AD40FFDE72C966506756B56 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:31:13.0763 0x15b4  MozillaMaintenance - ok
21:31:13.0770 0x15b4  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:31:13.0784 0x15b4  mpio - ok
21:31:13.0788 0x15b4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:31:13.0822 0x15b4  mpsdrv - ok
21:31:13.0844 0x15b4  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:31:13.0892 0x15b4  MpsSvc - ok
21:31:13.0899 0x15b4  [ D7ADC2B83CA0B0381F75A98351F72CEE, 05476B7CA0486DF770AE492B5A90C85E3D3E7485152EB2FA30A19EC9BE44ED81 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:31:13.0912 0x15b4  MRxDAV - ok
21:31:13.0918 0x15b4  [ 035C0A9A63DF3F3A52B90D8F6BF0F166, F409C8A31156E31A6D16D2B34EEE3098CE0D76A4DB7B49810EDDA2E2E19B2E26 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:31:13.0931 0x15b4  mrxsmb - ok
21:31:13.0941 0x15b4  [ 8308FC2E9147D7632221E3279BB14660, 3051FF91493FD03B7EDD4EDB23B2DE8DD7E03D46E231BC5925502BE98E78B1CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:31:13.0957 0x15b4  mrxsmb10 - ok
21:31:13.0962 0x15b4  [ 1F8DA4ECAEA7E2BCD97E738795817431, FBEF64C7067F5AFF864EF7E220C8A47AC43EB0BFD9A4E4C908F9D9D159AC5139 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:31:13.0974 0x15b4  mrxsmb20 - ok
21:31:13.0979 0x15b4  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:31:13.0988 0x15b4  msahci - ok
21:31:13.0995 0x15b4  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:31:14.0007 0x15b4  msdsm - ok
21:31:14.0014 0x15b4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
21:31:14.0027 0x15b4  MSDTC - ok
21:31:14.0033 0x15b4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:31:14.0064 0x15b4  Msfs - ok
21:31:14.0068 0x15b4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:31:14.0100 0x15b4  mshidkmdf - ok
21:31:14.0103 0x15b4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:31:14.0112 0x15b4  msisadrv - ok
21:31:14.0119 0x15b4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:31:14.0153 0x15b4  MSiSCSI - ok
21:31:14.0156 0x15b4  msiserver - ok
21:31:14.0160 0x15b4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:31:14.0191 0x15b4  MSKSSRV - ok
21:31:14.0194 0x15b4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:31:14.0225 0x15b4  MSPCLOCK - ok
21:31:14.0228 0x15b4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:31:14.0259 0x15b4  MSPQM - ok
21:31:14.0271 0x15b4  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:31:14.0288 0x15b4  MsRPC - ok
21:31:14.0294 0x15b4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:31:14.0303 0x15b4  mssmbios - ok
21:31:14.0306 0x15b4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:31:14.0337 0x15b4  MSTEE - ok
21:31:14.0341 0x15b4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
21:31:14.0351 0x15b4  MTConfig - ok
21:31:14.0355 0x15b4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
21:31:14.0366 0x15b4  Mup - ok
21:31:14.0369 0x15b4  [ 6FFECC25B39DC7652A0CEC0ADA9DB589, 927EF066CBBA8353149F8C3B7C4299AC06FED439DA874D25CFB583E5912611A2 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
21:31:14.0377 0x15b4  mwlPSDFilter - ok
21:31:14.0381 0x15b4  [ 0BEFE32CA56D6EE89D58175725596A85, E36B9E6159AF7F67D549F7178896CCCB8FC3964531B1DA20CBDD465E632D8FCF ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
21:31:14.0388 0x15b4  mwlPSDNServ - ok
21:31:14.0392 0x15b4  [ D43BC633B8660463E446E28E14A51262, C55F235B5E08FAC6D70B0FAC737D714E318A93F8E43FF8095B86A76559AF211D ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
21:31:14.0400 0x15b4  mwlPSDVDisk - ok
21:31:14.0412 0x15b4  [ 2F139207F618EC2933830227EEFFDDB4, 2942452EC631BF11CCCDA397C756CBBC0337F58B215A3F02DA263818CB3BE9A9 ] MWLService      C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
21:31:14.0425 0x15b4  MWLService - ok
21:31:14.0439 0x15b4  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
21:31:14.0480 0x15b4  napagent - ok
21:31:14.0491 0x15b4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:31:14.0511 0x15b4  NativeWifiP - ok
21:31:14.0538 0x15b4  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:31:14.0567 0x15b4  NDIS - ok
21:31:14.0573 0x15b4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:31:14.0604 0x15b4  NdisCap - ok
21:31:14.0607 0x15b4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:31:14.0639 0x15b4  NdisTapi - ok
21:31:14.0643 0x15b4  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:31:14.0674 0x15b4  Ndisuio - ok
21:31:14.0681 0x15b4  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:31:14.0714 0x15b4  NdisWan - ok
21:31:14.0718 0x15b4  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:31:14.0750 0x15b4  NDProxy - ok
21:31:14.0775 0x15b4  [ 7D2633295EB6FF2B938185874884059D, B3A4E52ABCB2E2720D8ADB0B68C222D4AB98E838D40B6A731D15EB1D6C9DEA15 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
21:31:14.0780 0x163c  Object send P2P result: true
21:31:14.0803 0x15b4  Nero BackItUp Scheduler 4.0 - ok
21:31:14.0808 0x15b4  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:31:14.0813 0x15b4  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
21:31:17.0119 0x15b4  Detect skipped due to KSN trusted
21:31:17.0119 0x15b4  Net Driver HPZ12 - ok
21:31:17.0123 0x15b4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:31:17.0156 0x15b4  NetBIOS - ok
21:31:17.0166 0x15b4  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:31:17.0201 0x15b4  NetBT - ok
21:31:17.0205 0x15b4  [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] Netlogon        C:\Windows\system32\lsass.exe
21:31:17.0214 0x15b4  Netlogon - ok
21:31:17.0225 0x15b4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
21:31:17.0265 0x15b4  Netman - ok
21:31:17.0271 0x15b4  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:31:17.0285 0x15b4  NetMsmqActivator - ok
21:31:17.0290 0x15b4  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:31:17.0304 0x15b4  NetPipeActivator - ok
21:31:17.0318 0x15b4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
21:31:17.0359 0x0a60  Object send P2P result: true
21:31:17.0359 0x15b4  netprofm - ok
21:31:17.0360 0x0a60  Object required for P2P: [ 37CD9EB03B36D8329F96BA921470DB54 ] AntiVirMailService
21:31:17.0380 0x15b4  [ 93A240FD4C133D1ED7CCF829159C4B78, E749D88BA7824FE64BC0E08C74A48F06D225123B62E05F1D094CDA269048D3BA ] netr7364        C:\Windows\system32\DRIVERS\netr7364.sys
21:31:17.0405 0x15b4  netr7364 - ok
21:31:17.0411 0x15b4  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:31:17.0425 0x15b4  NetTcpActivator - ok
21:31:17.0430 0x15b4  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:31:17.0443 0x15b4  NetTcpPortSharing - ok
21:31:17.0448 0x15b4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
21:31:17.0458 0x15b4  nfrd960 - ok
21:31:17.0467 0x15b4  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:31:17.0484 0x15b4  NlaSvc - ok
21:31:17.0488 0x15b4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:31:17.0520 0x15b4  Npfs - ok
21:31:17.0524 0x15b4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
21:31:17.0555 0x15b4  nsi - ok
21:31:17.0560 0x15b4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:31:17.0591 0x15b4  nsiproxy - ok
21:31:17.0631 0x15b4  [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:31:17.0683 0x15b4  Ntfs - ok
21:31:17.0689 0x15b4  [ BD691091AC7D9713D8F0B07C6B099E6C, 4A69ED227CCBBCB76F78078CEE42506A875759FFB519CB9C40173EF8ACD6D6D2 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
21:31:17.0697 0x15b4  NTI IScheduleSvc - ok
21:31:17.0700 0x15b4  [ 64DDD0DEE976302F4BD93E5EFCC2F013, 19F54B4549999EF96FAE1B2B97973F281304843ADE0CF5823574453AB41E3E9C ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
21:31:17.0707 0x15b4  NTIDrvr - ok
21:31:17.0710 0x15b4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
21:31:17.0741 0x15b4  Null - ok
21:31:17.0747 0x15b4  [ AD37248BD442D41C9A896E53EB8A85EE, 9CC50602480544DBD0B873B3444D355CC13CB97EC1BCA97F85668C45DEFE78C1 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
21:31:17.0755 0x15b4  NVHDA - ok
21:31:17.0995 0x15b4  [ FCBA1C22727939E7CFF9EB08FE9692AB, 081FBF38EA17746C5CF2260AD32B62385D4A075476E30CBB9A2AA080F8AA0CA4 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:31:18.0245 0x15b4  nvlddmkm - ok
21:31:18.0262 0x15b4  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:31:18.0274 0x15b4  nvraid - ok
21:31:18.0281 0x15b4  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:31:18.0293 0x15b4  nvstor - ok
21:31:18.0318 0x15b4  [ 10C232F6CFFD51D2332898AE7AE0FF23, 92E5452D8467852C22D702ACAFB5DBFD312A8F72A4353B8D0A9C18AEFCE4B2B2 ] nvsvc           C:\Windows\system32\nvvsvc.exe
21:31:18.0345 0x15b4  nvsvc - ok
21:31:18.0382 0x15b4  [ 4789E020D2617046862D1790FC235FF6, FCFD56DF2CADA830E7B2D4B91D5A9D2FE783B1396CBA124000765168FA5B6574 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:31:18.0417 0x15b4  nvUpdatusService - ok
21:31:18.0424 0x15b4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:31:18.0435 0x15b4  nv_agp - ok
21:31:18.0448 0x15b4  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:31:18.0465 0x15b4  odserv - ok
21:31:18.0470 0x15b4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:31:18.0481 0x15b4  ohci1394 - ok
21:31:18.0487 0x15b4  [ 99BF0B1BCADF83102CBBBEA4D0D22732, D8A8160CCCB1D10EDC030C2E130910FE36B00D059E8E5BCA6DC477A28F4F962D ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:31:18.0498 0x15b4  ose - ok
21:31:18.0510 0x15b4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:31:18.0526 0x15b4  p2pimsvc - ok
21:31:18.0541 0x15b4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
21:31:18.0560 0x15b4  p2psvc - ok
21:31:18.0566 0x15b4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:31:18.0577 0x15b4  Parport - ok
21:31:18.0582 0x15b4  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:31:18.0593 0x15b4  partmgr - ok
21:31:18.0603 0x15b4  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:31:18.0617 0x15b4  PcaSvc - ok
21:31:18.0624 0x15b4  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
21:31:18.0636 0x15b4  pci - ok
21:31:18.0641 0x15b4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
21:31:18.0650 0x15b4  pciide - ok
21:31:18.0659 0x15b4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:31:18.0672 0x15b4  pcmcia - ok
21:31:18.0676 0x15b4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:31:18.0686 0x15b4  pcw - ok
21:31:18.0709 0x15b4  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:31:18.0733 0x15b4  PEAUTH - ok
21:31:18.0747 0x15b4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:31:18.0758 0x15b4  PerfHost - ok
21:31:18.0797 0x15b4  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
21:31:18.0858 0x15b4  pla - ok
21:31:18.0872 0x15b4  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:31:18.0890 0x15b4  PlugPlay - ok
21:31:18.0898 0x15b4  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:31:18.0903 0x15b4  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
21:31:19.0818 0x0a60  Object send P2P result: true
21:31:21.0207 0x15b4  Detect skipped due to KSN trusted
21:31:21.0207 0x15b4  Pml Driver HPZ12 - ok
21:31:21.0211 0x15b4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:31:21.0222 0x15b4  PNRPAutoReg - ok
21:31:21.0232 0x15b4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:31:21.0249 0x15b4  PNRPsvc - ok
21:31:21.0264 0x15b4  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:31:21.0305 0x15b4  PolicyAgent - ok
21:31:21.0314 0x15b4  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
21:31:21.0349 0x15b4  Power - ok
21:31:21.0354 0x15b4  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:31:21.0387 0x15b4  PptpMiniport - ok
21:31:21.0392 0x15b4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
21:31:21.0403 0x15b4  Processor - ok
21:31:21.0411 0x15b4  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:31:21.0425 0x15b4  ProfSvc - ok
21:31:21.0429 0x15b4  [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:31:21.0439 0x15b4  ProtectedStorage - ok
21:31:21.0445 0x15b4  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:31:21.0478 0x15b4  Psched - ok
21:31:21.0520 0x15b4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
21:31:21.0562 0x15b4  ql2300 - ok
21:31:21.0570 0x15b4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
21:31:21.0582 0x15b4  ql40xx - ok
21:31:21.0590 0x15b4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
21:31:21.0609 0x15b4  QWAVE - ok
21:31:21.0613 0x15b4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:31:21.0628 0x15b4  QWAVEdrv - ok
21:31:21.0631 0x15b4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:31:21.0662 0x15b4  RasAcd - ok
21:31:21.0666 0x15b4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:31:21.0698 0x15b4  RasAgileVpn - ok
21:31:21.0703 0x15b4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
21:31:21.0737 0x15b4  RasAuto - ok
21:31:21.0743 0x15b4  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:31:21.0775 0x15b4  Rasl2tp - ok
21:31:21.0786 0x15b4  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
21:31:21.0824 0x15b4  RasMan - ok
21:31:21.0829 0x15b4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:31:21.0862 0x15b4  RasPppoe - ok
21:31:21.0867 0x15b4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:31:21.0900 0x15b4  RasSstp - ok
21:31:21.0911 0x15b4  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:31:21.0947 0x15b4  rdbss - ok
21:31:21.0951 0x15b4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:31:21.0963 0x15b4  rdpbus - ok
21:31:21.0967 0x15b4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:31:21.0998 0x15b4  RDPCDD - ok
21:31:22.0002 0x15b4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:31:22.0033 0x15b4  RDPENCDD - ok
21:31:22.0037 0x15b4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:31:22.0068 0x15b4  RDPREFMP - ok
21:31:22.0079 0x15b4  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:31:22.0094 0x15b4  RDPWD - ok
21:31:22.0102 0x15b4  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:31:22.0115 0x15b4  rdyboost - ok
21:31:22.0121 0x15b4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:31:22.0154 0x15b4  RemoteAccess - ok
21:31:22.0160 0x15b4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:31:22.0195 0x15b4  RemoteRegistry - ok
21:31:22.0200 0x15b4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:31:22.0232 0x15b4  RpcEptMapper - ok
21:31:22.0237 0x15b4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
21:31:22.0247 0x15b4  RpcLocator - ok
21:31:22.0262 0x15b4  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] RpcSs           C:\Windows\system32\rpcss.dll
21:31:22.0282 0x15b4  RpcSs - ok
21:31:22.0287 0x15b4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:31:22.0320 0x15b4  rspndr - ok
21:31:22.0323 0x15b4  [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] SamSs           C:\Windows\system32\lsass.exe
21:31:22.0333 0x15b4  SamSs - ok
21:31:22.0369 0x15b4  [ B2923FEE51D918ACCE5498728ACB0796, AE6C520FC3DE36F8771AE9419DC2AB459AD062C8112E5A4799FD97F604B7D120 ] Samsung Network Fax Server C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe
21:31:22.0401 0x15b4  Samsung Network Fax Server - ok
21:31:22.0404 0x15b4  Samsung Printer Dianostics Service - ok
21:31:22.0412 0x15b4  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:31:22.0423 0x15b4  sbp2port - ok
21:31:22.0432 0x15b4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:31:22.0468 0x15b4  SCardSvr - ok
21:31:22.0472 0x15b4  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:31:22.0502 0x15b4  scfilter - ok
21:31:22.0535 0x15b4  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
21:31:22.0569 0x15b4  Schedule - ok
21:31:22.0575 0x15b4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:31:22.0606 0x15b4  SCPolicySvc - ok
21:31:22.0613 0x15b4  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:31:22.0627 0x15b4  SDRSVC - ok
21:31:22.0630 0x15b4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:31:22.0641 0x15b4  secdrv - ok
21:31:22.0644 0x15b4  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
21:31:22.0654 0x15b4  seclogon - ok
21:31:22.0659 0x15b4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
21:31:22.0691 0x15b4  SENS - ok
21:31:22.0695 0x15b4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:31:22.0705 0x15b4  SensrSvc - ok
21:31:22.0709 0x15b4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:31:22.0718 0x15b4  Serenum - ok
21:31:22.0724 0x15b4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:31:22.0735 0x15b4  Serial - ok
21:31:22.0739 0x15b4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
21:31:22.0748 0x15b4  sermouse - ok
21:31:22.0758 0x15b4  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
21:31:22.0791 0x15b4  SessionEnv - ok
21:31:22.0794 0x15b4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:31:22.0806 0x15b4  sffdisk - ok
21:31:22.0809 0x15b4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:31:22.0821 0x15b4  sffp_mmc - ok
21:31:22.0825 0x15b4  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:31:22.0837 0x15b4  sffp_sd - ok
21:31:22.0840 0x15b4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:31:22.0850 0x15b4  sfloppy - ok
21:31:22.0861 0x15b4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:31:22.0900 0x15b4  SharedAccess - ok
21:31:22.0912 0x15b4  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:31:22.0950 0x15b4  ShellHWDetection - ok
21:31:22.0955 0x15b4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:31:22.0964 0x15b4  SiSRaid2 - ok
21:31:22.0969 0x15b4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
21:31:22.0980 0x15b4  SiSRaid4 - ok
21:31:22.0985 0x15b4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:31:23.0018 0x15b4  Smb - ok
21:31:23.0024 0x15b4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:31:23.0035 0x15b4  SNMPTRAP - ok
21:31:23.0044 0x15b4  [ 5177D14A78E60FD61DCFC6B388E7E971, 19BE5CCF035C5E6C42DB299FBF39AB93E8B25AF56E903735D80F52FE7FFE8389 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
21:31:23.0052 0x15b4  Sony PC Companion - detected UnsignedFile.Multi.Generic ( 1 )
21:31:25.0360 0x15b4  Detect skipped due to KSN trusted
21:31:25.0360 0x15b4  Sony PC Companion - ok
21:31:25.0363 0x15b4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:31:25.0373 0x15b4  spldr - ok
21:31:25.0388 0x15b4  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
21:31:25.0411 0x15b4  Spooler - ok
21:31:25.0492 0x15b4  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
21:31:25.0600 0x15b4  sppsvc - ok
21:31:25.0608 0x15b4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:31:25.0641 0x15b4  sppuinotify - ok
21:31:25.0654 0x15b4  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:31:25.0673 0x15b4  srv - ok
21:31:25.0686 0x15b4  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:31:25.0704 0x15b4  srv2 - ok
21:31:25.0711 0x15b4  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:31:25.0723 0x15b4  srvnet - ok
21:31:25.0731 0x15b4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:31:25.0766 0x15b4  SSDPSRV - ok
21:31:25.0770 0x15b4  [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
21:31:25.0777 0x15b4  SSPORT - ok
21:31:25.0782 0x15b4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:31:25.0815 0x15b4  SstpSvc - ok
21:31:25.0835 0x15b4  [ 98CC6BDCB5F593394CE2000EC454AEE4, 13973E69DDFB5A0494141C60ABF0E6F7EF555B476AC4171B18A31FF04618D54B ] StarMoney 8.0 OnlineUpdate C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
21:31:25.0858 0x15b4  StarMoney 8.0 OnlineUpdate - ok
21:31:25.0879 0x15b4  [ 98CC6BDCB5F593394CE2000EC454AEE4, 13973E69DDFB5A0494141C60ABF0E6F7EF555B476AC4171B18A31FF04618D54B ] StarMoney Business 5.0 OnlineUpdate C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe
21:31:25.0901 0x15b4  StarMoney Business 5.0 OnlineUpdate - ok
21:31:25.0920 0x15b4  [ E2496AF75B2099453D6DBCD91C600D2D, 4B00123F677F6998223B5C51ADFB44781348919BA154442146AA0542C36D76B9 ] StarMoney Business 7 OnlineUpdate C:\Program Files (x86)\StarMoney Business 7\ouservice\StarMoneyOnlineUpdate.exe
21:31:25.0945 0x15b4  StarMoney Business 7 OnlineUpdate - ok
21:31:25.0958 0x15b4  [ 5A19667A580B1CE886EAF968B9743F45, 0A9EBE4057A0A6EF4732623794C2416A6BD8B87356DA46652BD92762505F57C7 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:31:25.0974 0x15b4  Stereo Service - ok
21:31:25.0978 0x15b4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
21:31:25.0987 0x15b4  stexstor - ok
21:31:25.0990 0x15b4  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
21:31:26.0000 0x15b4  StillCam - ok
21:31:26.0017 0x15b4  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
21:31:26.0044 0x15b4  stisvc - ok
21:31:26.0048 0x15b4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:31:26.0057 0x15b4  swenum - ok
21:31:26.0071 0x15b4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
21:31:26.0114 0x15b4  swprv - ok
21:31:26.0164 0x15b4  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
21:31:26.0212 0x15b4  SysMain - ok
21:31:26.0219 0x15b4  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:31:26.0236 0x15b4  TabletInputService - ok
21:31:26.0246 0x15b4  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:31:26.0283 0x15b4  TapiSrv - ok
21:31:26.0329 0x15b4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:31:26.0380 0x15b4  Tcpip - ok
21:31:26.0428 0x15b4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:31:26.0478 0x15b4  TCPIP6 - ok
21:31:26.0485 0x15b4  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:31:26.0496 0x15b4  tcpipreg - ok
21:31:26.0500 0x15b4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:31:26.0510 0x15b4  TDPIPE - ok
21:31:26.0514 0x15b4  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:31:26.0523 0x15b4  TDTCP - ok
21:31:26.0529 0x15b4  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:31:26.0541 0x15b4  tdx - ok
21:31:26.0687 0x15b4  [ A903E5C565A2677F3960E4AAB7B42280, 6D819D4F464005FBAECAAB719EB2D6539E8A48851C09A1AA8E9D48CDFDA9FEE1 ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
21:31:26.0815 0x15b4  TeamViewer - ok
21:31:26.0824 0x15b4  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:31:26.0834 0x15b4  TermDD - ok
21:31:26.0853 0x15b4  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
21:31:26.0878 0x15b4  TermService - ok
21:31:26.0882 0x15b4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
21:31:26.0897 0x15b4  Themes - ok
21:31:26.0901 0x15b4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
21:31:26.0934 0x15b4  THREADORDER - ok
21:31:26.0941 0x15b4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
21:31:26.0974 0x15b4  TrkWks - ok
21:31:26.0982 0x15b4  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:31:27.0015 0x15b4  TrustedInstaller - ok
21:31:27.0021 0x15b4  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:31:27.0030 0x15b4  tssecsrv - ok
21:31:27.0035 0x15b4  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:31:27.0045 0x15b4  TsUsbFlt - ok
21:31:27.0097 0x15b4  [ 82B220AAC7079DBD34F014589E5A5886, F5F82C0C9BB13F041CA3750A478E2062BCF1A64AC901655413A61A719DFC34F2 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
21:31:27.0152 0x15b4  TuneUp.UtilitiesSvc - ok
21:31:27.0159 0x15b4  [ DB3C912A851FCA6358FED4D53DAA7E91, B35375EC9AF61D829489D9B278605E2098D6402419E79EB24C65D3B65816AEBC ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys
21:31:27.0170 0x15b4  TuneUpUtilitiesDrv - ok
21:31:27.0176 0x15b4  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:31:27.0209 0x15b4  tunnel - ok
21:31:27.0213 0x15b4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
21:31:27.0223 0x15b4  uagp35 - ok
21:31:27.0226 0x15b4  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00, 4646712B3F3AF6188DBCE1A95D92261E8B15E9583FE5DD538EC884F48B51759D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
21:31:27.0233 0x15b4  UBHelper - ok
21:31:27.0246 0x15b4  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:31:27.0283 0x15b4  udfs - ok
21:31:27.0290 0x15b4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:31:27.0301 0x15b4  UI0Detect - ok
21:31:27.0305 0x15b4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:31:27.0315 0x15b4  uliagpkx - ok
21:31:27.0319 0x15b4  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:31:27.0330 0x15b4  umbus - ok
21:31:27.0333 0x15b4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
21:31:27.0342 0x15b4  UmPass - ok
21:31:27.0397 0x15b4  [ 765F2DD351BA064F657751D8D75E58C0, 954834FF6F05E065C2BE6CEC22136A0399026BFF9D91BE859E8E047C3ED8267F ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:31:27.0455 0x15b4  UNS - ok
21:31:27.0465 0x15b4  [ 70DDE3A86DBEB1D6C3C30AD687B1877A, 2DAE797240DB8F521F1C9D1171524790052E186B060D58A1B102FBFFC80CE48E ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
21:31:27.0477 0x15b4  Updater Service - ok
21:31:27.0489 0x15b4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
21:31:27.0528 0x15b4  upnphost - ok
21:31:27.0532 0x15b4  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
21:31:27.0536 0x15b4  USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )
21:31:29.0841 0x15b4  Detect skipped due to KSN trusted
21:31:29.0841 0x15b4  USBAAPL64 - ok
21:31:29.0846 0x15b4  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:31:29.0857 0x15b4  usbccgp - ok
21:31:29.0863 0x15b4  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:31:29.0874 0x15b4  usbcir - ok
21:31:29.0878 0x15b4  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
21:31:29.0889 0x15b4  usbehci - ok
21:31:29.0902 0x15b4  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:31:29.0918 0x15b4  usbhub - ok
21:31:29.0922 0x15b4  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:31:29.0931 0x15b4  usbohci - ok
21:31:29.0935 0x15b4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:31:29.0947 0x15b4  usbprint - ok
21:31:29.0952 0x15b4  [ B5E6C4F280EBF0B16F74A5B415F2E0DF, 4B1F7C95F267A29FC8AE4F285E2B19200C7E3F8505B1E75797A7A9EDE4CD1EDE ] USBS3S4Detection C:\OEM\USBDECTION\USBS3S4Detection.exe
21:31:29.0960 0x15b4  USBS3S4Detection - ok
21:31:29.0964 0x15b4  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:31:29.0974 0x15b4  usbscan - ok
21:31:29.0979 0x15b4  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
21:31:29.0990 0x15b4  USBSTOR - ok
21:31:29.0994 0x15b4  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:31:30.0003 0x15b4  usbuhci - ok
21:31:30.0007 0x15b4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
21:31:30.0039 0x15b4  UxSms - ok
21:31:30.0043 0x15b4  [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] VaultSvc        C:\Windows\system32\lsass.exe
21:31:30.0052 0x15b4  VaultSvc - ok
21:31:30.0056 0x15b4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:31:30.0065 0x15b4  vdrvroot - ok
21:31:30.0081 0x15b4  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
21:31:30.0122 0x15b4  vds - ok
21:31:30.0127 0x15b4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:31:30.0139 0x15b4  vga - ok
21:31:30.0143 0x15b4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:31:30.0174 0x15b4  VgaSave - ok
21:31:30.0181 0x15b4  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:31:30.0195 0x15b4  vhdmp - ok
21:31:30.0198 0x15b4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:31:30.0207 0x15b4  viaide - ok
21:31:30.0212 0x15b4  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:31:30.0222 0x15b4  volmgr - ok
21:31:30.0233 0x15b4  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:31:30.0250 0x15b4  volmgrx - ok
21:31:30.0261 0x15b4  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:31:30.0276 0x15b4  volsnap - ok
21:31:30.0283 0x15b4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
21:31:30.0295 0x15b4  vsmraid - ok
21:31:30.0336 0x15b4  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
21:31:30.0401 0x15b4  VSS - ok
21:31:30.0406 0x15b4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:31:30.0418 0x15b4  vwifibus - ok
21:31:30.0423 0x15b4  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:31:30.0437 0x15b4  vwififlt - ok
21:31:30.0440 0x15b4  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
21:31:30.0454 0x15b4  vwifimp - ok
21:31:30.0468 0x15b4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
21:31:30.0508 0x15b4  W32Time - ok
21:31:30.0513 0x15b4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
21:31:30.0523 0x15b4  WacomPen - ok
21:31:30.0528 0x15b4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:31:30.0559 0x15b4  WANARP - ok
21:31:30.0563 0x15b4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:31:30.0594 0x15b4  Wanarpv6 - ok
21:31:30.0632 0x15b4  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
21:31:30.0675 0x15b4  wbengine - ok
21:31:30.0686 0x15b4  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:31:30.0704 0x15b4  WbioSrvc - ok
21:31:30.0716 0x15b4  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:31:30.0738 0x15b4  wcncsvc - ok
21:31:30.0743 0x15b4  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:31:30.0753 0x15b4  WcsPlugInService - ok
21:31:30.0757 0x15b4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
21:31:30.0766 0x15b4  Wd - ok
21:31:30.0788 0x15b4  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:31:30.0816 0x15b4  Wdf01000 - ok
21:31:30.0823 0x15b4  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:31:30.0835 0x15b4  WdiServiceHost - ok
21:31:30.0840 0x15b4  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:31:30.0851 0x15b4  WdiSystemHost - ok
21:31:30.0862 0x15b4  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
21:31:30.0877 0x15b4  WebClient - ok
21:31:30.0885 0x15b4  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:31:30.0922 0x15b4  Wecsvc - ok
21:31:30.0927 0x15b4  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:31:30.0960 0x15b4  wercplsupport - ok
21:31:30.0965 0x15b4  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:31:30.0998 0x15b4  WerSvc - ok
21:31:31.0001 0x15b4  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:31:31.0032 0x15b4  WfpLwf - ok
21:31:31.0035 0x15b4  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:31:31.0045 0x15b4  WIMMount - ok
21:31:31.0047 0x15b4  WinDefend - ok
21:31:31.0052 0x15b4  WinHttpAutoProxySvc - ok
21:31:31.0063 0x15b4  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:31:31.0100 0x15b4  Winmgmt - ok
21:31:31.0158 0x15b4  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
21:31:31.0212 0x15b4  WinRM - ok
21:31:31.0220 0x15b4  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:31:31.0233 0x15b4  WinUsb - ok
21:31:31.0257 0x15b4  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:31:31.0290 0x15b4  Wlansvc - ok
21:31:31.0294 0x15b4  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:31:31.0304 0x15b4  WmiAcpi - ok
21:31:31.0312 0x15b4  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:31:31.0327 0x15b4  wmiApSrv - ok
21:31:31.0329 0x15b4  WMPNetworkSvc - ok
21:31:31.0333 0x15b4  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:31:31.0343 0x15b4  WPCSvc - ok
21:31:31.0349 0x15b4  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:31:31.0362 0x15b4  WPDBusEnum - ok
21:31:31.0366 0x15b4  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:31:31.0398 0x15b4  ws2ifsl - ok
21:31:31.0403 0x15b4  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
21:31:31.0419 0x15b4  wscsvc - ok
21:31:31.0423 0x15b4  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
21:31:31.0435 0x15b4  WSDPrintDevice - ok
21:31:31.0438 0x15b4  WSearch - ok
21:31:31.0499 0x15b4  [ 86F11B85102AFA6A1A6101DCE2F09386, 68A0F0E628C8F33FDAC114876DA8ED14776DD74E80AC5A6A52257E19DE011091 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:31:31.0567 0x15b4  wuauserv - ok
21:31:31.0577 0x15b4  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:31:31.0588 0x15b4  WudfPf - ok
21:31:31.0599 0x15b4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:31:31.0612 0x15b4  WUDFRd - ok
21:31:31.0617 0x15b4  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:31:31.0628 0x15b4  wudfsvc - ok
21:31:31.0638 0x15b4  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:31:31.0652 0x15b4  WwanSvc - ok
21:31:31.0667 0x15b4  ================ Scan global ===============================
21:31:31.0670 0x15b4  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
21:31:31.0678 0x15b4  [ E0E4D286839FC27F56A85B4710E16B6B, 6BBBADB8904D6159E6171A339E0BF30A41D14E885D560BFB8BB73B1FF7239E1A ] C:\Windows\system32\winsrv.dll
21:31:31.0688 0x15b4  [ E0E4D286839FC27F56A85B4710E16B6B, 6BBBADB8904D6159E6171A339E0BF30A41D14E885D560BFB8BB73B1FF7239E1A ] C:\Windows\system32\winsrv.dll
21:31:31.0695 0x15b4  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
21:31:31.0706 0x15b4  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
21:31:31.0713 0x15b4  [ Global ] - ok
21:31:31.0713 0x15b4  ================ Scan MBR ==================================
21:31:31.0716 0x15b4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:31:31.0781 0x15b4  \Device\Harddisk0\DR0 - ok
21:31:31.0781 0x15b4  ================ Scan VBR ==================================
21:31:31.0783 0x15b4  [ B57F793D31CCF623B804A8D8D8DA0EDC ] \Device\Harddisk0\DR0\Partition1
21:31:31.0784 0x15b4  \Device\Harddisk0\DR0\Partition1 - ok
21:31:31.0786 0x15b4  [ D7C5AAC4E45A7058EBA5705039927596 ] \Device\Harddisk0\DR0\Partition2
21:31:31.0787 0x15b4  \Device\Harddisk0\DR0\Partition2 - ok
21:31:31.0789 0x15b4  [ 554B776F1EFB857BF710C8DCB3FA06D7 ] \Device\Harddisk0\DR0\Partition3
21:31:31.0790 0x15b4  \Device\Harddisk0\DR0\Partition3 - ok
21:31:31.0790 0x15b4  ================ Scan generic autorun ======================
21:31:31.0796 0x15b4  [ D1930CA970D4250D891F432419E3D6C9, C839ED92D5BCC293081E05F2B199848C37A478A361BA6C3255421A297211C915 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
21:31:31.0806 0x15b4  IAAnotif - ok
21:31:31.0984 0x15b4  [ 5DDFE0C2AFC6FC6BC94B7B4E15BC71EF, 8143E418548BA982D8207A9319611CF6CE3475F9CD8FD82A620A39E674F53490 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
21:31:32.0191 0x15b4  RtHDVCpl - ok
21:31:32.0212 0x15b4  [ 8CC5E4DB25E4C22A308E2820E69D4950, A53BBE06FF226DA7E37C3ADA881AF4F856E439553DFA7D10DDECB07196545B39 ] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
21:31:32.0229 0x15b4  CDAServer - ok
21:31:32.0238 0x15b4  [ D9CB30BF12B3670650C85637EA1AB6EA, AFA4943A853ACE460007D3AFE5D45B4C972BF51777ACF4C0E84684DA6A014131 ] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
21:31:32.0249 0x15b4  BackupManagerTray - ok
21:31:32.0266 0x15b4  [ 84F122BFFA0638CE735E891620EF7754, 5A3227301212C4F767258F8207268055B8EA672E82F64CD9CBDCD96858476D7F ] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
21:31:32.0286 0x15b4  Hotkey Utility - ok
21:31:32.0292 0x15b4  [ C218A8A7A9BD3ECCA6B93E5F0E983DE7, 553B2030509F908B2E97BD6F829DC18D06B1DDFBE7E0390164CC2589992A461E ] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
21:31:32.0300 0x15b4  ArcadeDeluxeAgent - ok
21:31:32.0307 0x15b4  [ 69D251A7769FF64F28432A2E942B88DD, D79E6D70232E949B0AC3D085D5CCB531880261E3F89EA6FC4EFCE85A6576E5B3 ] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
21:31:32.0317 0x15b4  PlayMovie - ok
21:31:32.0320 0x15b4  [ C637FC4638A96165256B28D38DE7B953, CD658543610F151C7860DBDCF36596C9B5417D87E598FA50A435392D4AED1C14 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
21:31:32.0328 0x15b4  HP Software Update - ok
21:31:32.0365 0x15b4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:31:32.0432 0x15b4  Sidebar - ok
21:31:32.0438 0x15b4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:31:32.0454 0x15b4  mctadmin - ok
21:31:32.0487 0x15b4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:31:32.0522 0x15b4  Sidebar - ok
21:31:32.0528 0x15b4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:31:32.0543 0x15b4  mctadmin - ok
21:31:32.0579 0x15b4  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
21:31:32.0624 0x15b4  Sidebar - ok
21:31:32.0685 0x15b4  [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
21:31:32.0756 0x15b4  HP Officejet Pro 8600 (NET) - ok
21:31:32.0762 0x15b4  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
21:31:32.0769 0x15b4  swg - ok
21:31:32.0771 0x15b4  e1a04a3c - ok
21:31:32.0773 0x15b4  ed3f074a - ok
21:31:32.0775 0x15b4  58f139df - ok
21:31:32.0808 0x15b4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:31:32.0843 0x15b4  Sidebar - ok
21:31:32.0849 0x15b4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:31:32.0865 0x15b4  mctadmin - ok
21:31:32.0870 0x15b4  [ B54B12B37A61F93CBBA38C00A4EBF838, 1352E439BEB9CED023818EE694EAE8257C725EF066A94E17DB54CCB39D5CE4F8 ] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe
21:31:32.0890 0x15b4  ScrSav - ok
21:31:32.0893 0x15b4  Waiting for KSN requests completion. In queue: 308
21:31:33.0895 0x15b4  Waiting for KSN requests completion. In queue: 308
21:31:34.0895 0x15b4  Waiting for KSN requests completion. In queue: 308
21:31:35.0917 0x15b4  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.16.273 ), 0x41000 ( enabled : updated )
21:31:35.0920 0x15b4  Win FW state via NFP2: enabled ( trusted )
21:31:38.0344 0x15b4  ============================================================
21:31:38.0344 0x15b4  Scan finished
21:31:38.0344 0x15b4  ============================================================
21:31:38.0350 0x0a2c  Detected object count: 0
21:31:38.0350 0x0a2c  Actual detected object count: 0

Alt 17.05.2016, 20:52   #8
M-K-D-B
/// TB-Ausbilder
 
Windows 7/Xort-Verschlüsselung/ Decrypter ? - Standard

Windows 7/Xort-Verschlüsselung/ Decrypter ?


Servus,


also ich fasse zusammen:

1.
Es gibt aktuell keinen Decrypter für diesen Verschlüsselungstrojaner, d. h. wir können deine privaten Daten aktuell nicht entschlüsseln.

2.
Trotzdem solltest du die verschlüsselten Dateien auf der externen Festplatte gespeichert lassen, evtl. gibt es in Zukunft irgendwann die Möglichkeit, sie zu entschlüsseln.

3.
Dein Rechner ist infiziert, wir können ihn bereinigen, wenn du das möchtest.
Oder du setzt deinen Rechner neu auf.
Gib mir einfach Bescheid, wofür du dich entschieden hast.

Alt 17.05.2016, 21:00   #9
xort_ebra
 
Windows 7/Xort-Verschlüsselung/ Decrypter ? - Standard

Windows 7/Xort-Verschlüsselung/ Decrypter ?


Hallo M-K-D-B,

1-2. Wann oder wie werde ich es dann erfahren ob es Decrypter gibt in Zukunft?

3. Soll ich dann lieber Windows neu instalieren?

Alt 17.05.2016, 21:08   #10
M-K-D-B
/// TB-Ausbilder
 
Windows 7/Xort-Verschlüsselung/ Decrypter ? - Standard

Windows 7/Xort-Verschlüsselung/ Decrypter ?


Zitat:
Zitat von xort_ebra Beitrag anzeigen
1-2. Wann oder wie werde ich es dann erfahren ob es Decrypter gibt in Zukunft?
Die genannte Seite immer wieder besuchen und eine Datei hochladen.
Zudem auf Seiten wie HeiseSecurity oder hier im TB mitlesen, ob es ggf. einen Decrypter dafür gibt.


Zitat:
Zitat von xort_ebra Beitrag anzeigen
3. Soll ich dann lieber Windows neu instalieren?
Ich würde es tun, sobald ich alles notwendige gesichert habe.


Tut mir Leid, dass ich dir nichts Besseres sagen konnte.

Alt 17.05.2016, 21:15   #11
xort_ebra
 
Windows 7/Xort-Verschlüsselung/ Decrypter ? - Standard

Windows 7/Xort-Verschlüsselung/ Decrypter ?


Alles klar, ich werde die genannten Seiten besuchen.

Eine Frage noch, die externe Festplatte ist auch mit .xort verschüsselt, aber manche datein sind noch heil.. Wenn ich mir jetzt neue externe festplatte kaufe, und die datein die nicht mit .xoro verschüsselt sind kopiere, würde da noch der trojaner die restlichen datein auch verschlüsseln?

Alt 17.05.2016, 22:12   #12
M-K-D-B
/// TB-Ausbilder
 
Windows 7/Xort-Verschlüsselung/ Decrypter ? - Standard

Windows 7/Xort-Verschlüsselung/ Decrypter ?


Zitat:
Zitat von xort_ebra Beitrag anzeigen
Wenn ich mir jetzt neue externe festplatte kaufe, und die datein die nicht mit .xoro verschüsselt sind kopiere, würde da noch der trojaner die restlichen datein auch verschlüsseln?
An den aktuell jetzt infizierten PC würde ich nichts mehr anschließend, bevor er nicht neu installiert wurde. Ansonsten sollte es kein Problem geben.



Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

Antwort

Themen zu Windows 7/Xort-Verschlüsselung/ Decrypter ?
about, bild, computer, dateien, datein, ebenfalls, email, externe, externe festplatte, festplatte, files, formation, gen, geschlossen, help, heute, hilfe!, important, information, office, platte, software, this, virus, windows


« Windows 8.1: Bundespolizei Trojaner, ohne Lockscreen und ohne weitere Befunde | Etrecheck Log - Analyse »

Ähnliche Themen: Windows 7/Xort-Verschlüsselung/ Decrypter ?


  1. Malware hat Dateien verschlüsselt .xort wurde angehängt
    Log-Analyse und Auswertung - 18.05.2016 (10)
  2. XORT-Befall Windows 7 Datei-Wiederherstellung
    Log-Analyse und Auswertung - 18.05.2016 (4)
  3. XORT auf Windows 8 Laptop
    Plagegeister aller Art und deren Bekämpfung - 18.05.2016 (7)
  4. XORT - schon jemand bezahlt?
    Diskussionsforum - 18.05.2016 (18)
  5. Windows 10 Rechner von XORT Virus befallen / Gibt es schon Decrypter ?
    Diskussionsforum - 03.05.2016 (9)
  6. .xort Dateiendung entschlüsseln? Crypto Trojaner/Malware
    Plagegeister aller Art und deren Bekämpfung - 25.03.2016 (1)
  7. Windows 10 Rechner von "XORT Virus" befallen
    Log-Analyse und Auswertung - 21.03.2016 (24)
  8. CryptoWall 3.0 decrypter erhalten nach lösegeld zahlung
    Diskussionsforum - 05.08.2015 (53)
  9. Gratis-Tool zur Datei-Verschlüsselung für Mac und Windows-PCs
    Nachrichten - 13.05.2015 (0)
  10. Windows 7: Webseite droht mit Verschlüsselung
    Log-Analyse und Auswertung - 30.12.2014 (9)
  11. Windows-Verschlüsselungs-Trojaner (neu) - noch kein decrypter verfügbar?
    Plagegeister aller Art und deren Bekämpfung - 23.05.2012 (2)
  12. Windows Verschlüsselung Trojaner
    Plagegeister aller Art und deren Bekämpfung - 23.05.2012 (3)
  13. Trojaner blockiert Windows (Windows-Verschlüsselung)
    Log-Analyse und Auswertung - 20.05.2012 (1)
  14. Windows-Verschlüsselung Trojaner infiziert
    Log-Analyse und Auswertung - 08.05.2012 (2)
  15. Windows-Verschlüsselung Trojaner
    Log-Analyse und Auswertung - 04.05.2012 (7)
  16. windows verschlüsselung trojaner er hat mich^^
    Plagegeister aller Art und deren Bekämpfung - 02.05.2012 (9)
  17. windows verschlüsselung trojaner
    Log-Analyse und Auswertung - 02.05.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7/Xort-Verschlüsselung/ Decrypter ? - Hallo, seit heute hat ein Virus alle meine Office und Bild Dateien verschlüsselt und mit der Endung .xort versehen (beisoiel.docx > beispiel.docx.xort). ein notedatei habe ich ebenfalls: "All Important files - Windows 7/Xort-Verschlüsselung/ Decrypter ?...
Archiv
Du betrachtest: Windows 7/Xort-Verschlüsselung/ Decrypter ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129