Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 29.08.2016, 15:32   #1
spartaner007
 
Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB - Standard

Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB



Hallo ...,
mein Virenprogramm hat o.g. Virus und andere Viren festgestellt und in die Quarantäne verlagert.

GData-Protokoll:
Code:
ATTFilter
 
  <?xml version="1.0" encoding="utf-8" ?> 
- <report>
- <row>
  <State>Quarantäne: Datei wird in die Quarantäne verschoben</State> 
  <MachineName>**</MachineName> 
  <Date>28.08.2016 12:41:15</Date> 
  <Sender>Scanner</Sender> 
  <UserName>M**</UserName> 
  <VirusName>Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB (Engine A)</VirusName> 
  <FileName>C:\Users\M**\AppData\Roaming\Thunderbird\Profiles\**.default\Mail\pop.1und1.de\Trash</FileName> 
  <ArchiveName /> 
  </row>
- <row>
  <State>Quarantäne: Datei wird in die Quarantäne verschoben</State> 
  <MachineName>**</MachineName> 
  <Date>28.08.2016 12:42:38</Date> 
  <Sender>Scanner</Sender> 
  <UserName>M**</UserName> 
  <VirusName>Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB (Engine A)</VirusName> 
  <FileName>C:\Users\M**\AppData\Roaming\Thunderbird\Profiles\**.default\Mail\pop.1und1.de\Inbox</FileName> 
  <ArchiveName /> 
  </row>
- <row>
  <State>Quarantäne: Datei in Quarantäne verschoben</State> 
  <MachineName>**</MachineName> 
  <Date>28.08.2016 12:41:15</Date> 
  <Sender>Scanner</Sender> 
  <UserName>M**</UserName> 
  <VirusName>Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB (Engine A)</VirusName> 
  <FileName>C:\Users\M**\AppData\Roaming\Thunderbird\Profiles\**.default\Mail\pop.1und1.de\Trash</FileName> 
  <ArchiveName /> 
  </row>
- <row>
  <State>Quarantäne: Datei in Quarantäne verschoben</State> 
  <MachineName>**</MachineName> 
  <Date>28.08.2016 12:42:38</Date> 
  <Sender>Scanner</Sender> 
  <UserName>M**</UserName> 
  <VirusName>Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB (Engine A)</VirusName> 
  <FileName>C:\Users\M**\AppData\Roaming\Thunderbird\Profiles\**.default\Mail\pop.1und1.de\Inbox</FileName> 
  <ArchiveName /> 
  </row>
  </report>
         
Code:
ATTFilter
 
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 29.08.2016
Suchlaufzeit: 12:20
Protokolldatei: Mbam_Original.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.08.29.03
Rootkit-Datenbank: v2016.08.15.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: M**

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 565739
Abgelaufene Zeit: 30 Min., 32 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 5
PUP.Optional.ASK, HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2FA28606-DE77-4029-AF96-B231E3B8F827}, In Quarantäne, [0fc8da76a9f1053148878d417c868779], 
PUP.Optional.ASK, HKU\S-1-5-21-3160997517-2106278152-2557221923-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2FA28606-DE77-4029-AF96-B231E3B8F827}, In Quarantäne, [dcfb69e7dcbe290d4887616dac56ee12], 
PUP.Optional.ASK, HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2FA28606-DE77-4029-AF96-B231E3B8F827}, In Quarantäne, [7b5c153bc0dad4627c53dbf3ec16946c], 
PUP.Optional.ASK, HKU\S-1-5-21-3819896947-3942532061-1754202372-1140\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2FA28606-DE77-4029-AF96-B231E3B8F827}, In Quarantäne, [587f9ab6e4b647ef705f9e30966cfb05], 
PUP.Optional.ASK, HKU\S-1-5-21-55981234-3424176865-3846576974-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2FA28606-DE77-4029-AF96-B231E3B8F827}, In Quarantäne, [e7f03e12ebaf50e625aa319da260c739], 

Registrierungswerte: 5
PUP.Optional.ASK, HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}|URL, hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF, In Quarantäne, [0fc8da76a9f1053148878d417c868779]
PUP.Optional.ASK, HKU\S-1-5-21-3160997517-2106278152-2557221923-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}|URL, hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF, In Quarantäne, [dcfb69e7dcbe290d4887616dac56ee12]
PUP.Optional.ASK, HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}|URL, hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF, In Quarantäne, [7b5c153bc0dad4627c53dbf3ec16946c]
PUP.Optional.ASK, HKU\S-1-5-21-3819896947-3942532061-1754202372-1140\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}|URL, hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF, In Quarantäne, [587f9ab6e4b647ef705f9e30966cfb05]
PUP.Optional.ASK, HKU\S-1-5-21-55981234-3424176865-3846576974-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}|URL, hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF, In Quarantäne, [e7f03e12ebaf50e625aa319da260c739]

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         

Alt 29.08.2016, 22:31   #2
M-K-D-B
/// TB-Ausbilder
 
Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB - Standard

Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!
  • Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.



Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!




Die Funde von GData zeigen auf dein E-Mail Programm "Thunderbird". Evtl. hast du infizierte E-Mails erhalten >>> Emails Löschen !

MBAM zeigt nur Reste von unerwünschten Programmen an, wir schauen kurz drüber:


Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:



Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)






Schritt 2
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von TDSS-Killer,
  • die beiden neuen Logdateien von FRST.
__________________

__________________

Alt 30.08.2016, 14:44   #3
spartaner007
 
Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB - Standard

Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB



Hallo Matthias,
vielen Dank für die Antwort. Hier die Files:

FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 29-08-2016
durchgeführt von M** auf ** (30-08-2016 02:20:13)
Gestartet von C:\Users\M**\Desktop
Geladene Profile: M** (Verfügbare Profile: M** & Administrator & Admin)
Platform: Windows 7  Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\AVK\AVK_64.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(VETUBY) C:\VETUBY\PROGRAMM\B0000150\ScServer\DVckService.exe
(VETUBY) C:\VETUBY\PROGRAMM\B0000398\SiPaHostService.exe
(VETUBY) C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF \PdfPro7Hook.exe
(VETUBY) C:\VETUBY\PROGRAMM\Install\DvInesASDMon.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(VETUBY) C:\VETUBY\PROGRAMM\Sws\SwmHintergrundDienst.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\AVK\AVK.exe
(VETUBY) C:\VETUBY\PROGRAMM\B0000398\SiPaHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\AVK\AVK.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(VETUBY) C:\VETUBY\PROGRAMM\Install\DvInesASDSvc.Exe
(VETUBY) C:\VETUBY\PROGRAMM\B0001442\PSNTServ.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\AVK\AVKBackupService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(VETUBY) C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF \PDFProFiltSrv.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconCL.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(VETUBY) C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe
(VETUBY) C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
(VETUBY) C:\VETUBY\PROGRAMM\DFUEISDN\SSLClt\sslclt.exe
(VETUBYeG) C:\VETUBY\PROGRAMM\B0000299\AS\as.exe
(VETUBYeG) C:\VETUBY\PROGRAMM\B0000299\AS\as.exe
(VETUBYeG) C:\VETUBY\PROGRAMM\B0000299\AS\as.exe
(VETUBYeG) C:\VETUBY\PROGRAMM\B0000299\AS\as.exe
(VETUBYeG) C:\VETUBY\PROGRAMM\B0000299\AS\as.exe
(VETUBYeG) C:\VETUBY\PROGRAMM\B0000299\AS\as.exe
(VETUBYeG) C:\VETUBY\PROGRAMM\B0000299\AS\as.exe
(VETUBYeG) C:\VETUBY\PROGRAMM\B0000299\AS\as.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ashampoo GmbH & Co. KG) C:\Program Files (x86)\Ashampoo\Ashampoo Snap 3\ashsnap.exe
() C:\Program Files (x86)\Efuah\iDesk\iDeskService\ideskservice.exe
(Efuah Mediengruppe) C:\Program Files (x86)\Efuah\iDesk\iDeskService\ideskpython.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403888 2012-08-03] (Acronis)
HKLM\...\Run: [ApplyEsf-eDocPrintPro] => C:\Program Files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe [443392 2013-04-01] (May Software)
HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-11-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF \pdfpro7hook.exe [1275168 2010-10-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF7 Registry Controller] => C:\Program Files (x86)\Nuance\PDF \RegistryController.exe [121120 2010-10-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6049096 2012-08-23] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [943856 2012-07-24] (Acronis)
HKLM-x32\...\Run: [Vetuby.CC.ControllerUserMode] => C:\VETUBY\PROGRAMM\RZKOMM\Vetuby.CC.Processes.Cmd.exe StartRdtControllerUserMode -retry true
HKLM-x32\...\Run: [SwmHintergrunddienst] => C:\VETUBY\PROGRAMM\SWS\SwmHintergrundDienst.exe [1975848 2015-03-04] (VETUBY)
HKLM-x32\...\Run: [AVK CL] => C:\Program Files (x86)\G Data\AVK\AVK.exe [4782200 2015-07-07] (G Data Software AG)
HKLM-x32\...\Run: [SiPaHost] => C:\VETUBY\PROGRAMM\B0000398\SiPaHost.exe [557608 2015-04-01] (VETUBY)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [3231232 2016-04-09] (Microsoft Corporation) <==== ACHTUNG
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [3231232 2016-04-09] (Microsoft Corporation) <==== ACHTUNG
HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\...\Winlogon: [Shell] C:\Windows\explorer.exe [3231232 2016-04-09] (Microsoft Corporation) <==== ACHTUNG
HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [3231232 2016-04-09] (Microsoft Corporation) <==== ACHTUNG
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2012-08-23] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2012-08-23] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2012-08-23] (Acronis)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Basisschnittstelle Office Initialisierung.lnk [2016-04-11]
ShortcutTarget: Basisschnittstelle Office Initialisierung.lnk -> C:\VETUBY\PROGRAMM\BSOFFICE\service\OfficeDiag.exe (VETUBY)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CleanupPrintJobs.lnk [2016-04-11]
ShortcutTarget: CleanupPrintJobs.lnk -> C:\VETUBY\PROGRAMM\B0001401\CleanupPrintJobs.exe (VETUBY)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress.lnk [2015-07-31]
ShortcutTarget: PhraseExpress.lnk -> C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk [2016-04-11]
ShortcutTarget: SkyUserDevmode-Update.lnk -> C:\VETUBY\PROGRAMM\B0001401\UpdateDevmode.exe (VETUBY)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TK-Suite CL.lnk [2012-01-19]
ShortcutTarget: TK-Suite CL.lnk -> C:\Program Files (x86)\AGX\Tk-Suite\tools\ctimon.exe (AGX      )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VR Auftragsprüfung.lnk [2013-03-28]
ShortcutTarget:VR Auftragsprüfung.lnk -> C:\Program Files (x86)\VR\vrtoolcheckorder.exe (VR Software)
Startup: C:\Users\M**_veraltet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Datum Start **.lnk [2012-01-08]
ShortcutTarget: Datum Start **.lnk -> C:\BAT\Datum_Start_HO.bat ()
Startup: C:\Users\M**_veraltet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Org EasyClip.lnk [2012-01-08]
ShortcutTarget: Org EasyClip.lnk -> C:\lotus\organize\easyclip6.exe (Lotus Development Corporation)
Startup: C:\Users\M**_veraltet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tag M**.lnk [2014-07-25]
ShortcutTarget: Tag M**.lnk -> C:\Tag M**.xls (Keine Datei)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.199.10
Tcpip\..\Interfaces\{A070552C-AFA0-4964-887E-D5EDB484E8CE}: [DhcpNameServer] 192.168.199.10

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/28
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-3160997517-2106278152-2557221923-1126 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3160997517-2106278152-2557221923-1126 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3160997517-2106278152-2557221923-1126 -> {679374B8-BF0E-4E31-96D8-D47F9E30C085} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3160997517-2106278152-2557221923-1126 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
BHO: DtvIePwdSafeBHO Class -> {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} -> C:\VETUBY\PROGRAMM\B0000397\DtvIePwdSafe64.dll [2015-04-01] (VETUBY)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-09-26] (HP)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: SCardBHOEvent Class -> {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} -> C:\VETUBY\SYSTEM\DVCCSASCardBHO64002.Dll [2015-04-01] (VETUBY)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: IEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF \Bin\IEContextMenu.dll [2010-07-16] (Zeon Corporation)
BHO-x32: DtvIePwdSafeBHO Class -> {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} -> C:\VETUBY\PROGRAMM\B0000397\DtvIePwdSafe.dll [2015-04-01] (VETUBY)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-09-26] (HP)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: SCardBHOEvent Class -> {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} -> C:\VETUBY\SYSTEM\DVCCSAScardBHO002.dll [2015-04-01] (VETUBY)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files (x86)\Nuance\PDF \Bin\ZeonIEFavCL.dll [2010-07-16] (Zeon Corporation)
Toolbar: HKLM-x32 - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF \Bin\ZeonIEFavCL.dll [2010-07-16] (Zeon Corporation)
Handler: Efuahreader - Kein CLSID Wert
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\M**\AppData\Roaming\Mozilla\Firefox\Profiles\gv7wjv9w.default
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Bing 
FF Homepage: hxxp:/www.google.de
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll [2013-04-10] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @Vetuby.de/VETUBY_Best,version=1.7 -> C:\VETUBY\PROGRAMM\A0000015\npdvbm.dll [2008-12-02] ( VETUBY)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF \bin\nppdf.dll [2010-07-16] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-3160997517-2106278152-2557221923-1126: @citrixonline.com/appdetectorplugin -> C:\Users\M**\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-09-03] (Citrix Online)
FF SearchPlugin: C:\Users\M**\AppData\Roaming\Mozilla\Firefox\Profiles\gv7wjv9w.default\searchplugins\bingp.xml [2014-06-21]
FF Extension: (Adblock ) - C:\Users\M**\AppData\Roaming\Mozilla\Firefox\Profiles\gv7wjv9w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Extension: (TrueSuite Website Logon) - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2016-08-23] [ist nicht signiert]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]

Chrome: 
=======
CHR Profile: C:\Users\M**\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\M**\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-28]
CHR Extension: (Google Drive) - C:\Users\M**\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-28]
CHR Extension: (YouTube) - C:\Users\M**\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-28]
CHR Extension: (Google Search) - C:\Users\M**\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-28]
CHR Extension: (Website Logon) - C:\Users\M**\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef [2015-08-28]
CHR Extension: (Gmail) - C:\Users\M**\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-28]
CHR HKLM-x32\...\Chrome\Extension: [dfaldikcoaplhepekpbngkepfcoiihef] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-08-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://CLs2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AntiVirusKit CL; C:\Program Files (x86)\G Data\AVK\AVK.exe [4782200 2015-07-07] (G Data Software AG)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [2051192 2015-07-07] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\AVK\AVK_64.exe [2844440 2015-04-26] (G Data Software AG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 VETUBY Update-Service; C:\VETUBY\PROGRAMM\INSTALL\DvInesASDSvc.Exe [182312 2015-05-07] (VETUBY)
R3 Vetuby.CC.Processes.Hosting.RdtServiceMode; C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-09-28] (VETUBY)
S3 Vetuby.Database.Dimitra.Server; C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-09-28] (VETUBY)
R2 Vetuby.Framework.RemoteServiceModel.EnablerService; C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-09-28] (VETUBY)
R3 Vetuby.Framework.RemoteServices; C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-09-28] (VETUBY)
S3 Vetuby.Irw.ServiceProvider.HostXcut.Server; C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-09-28] (VETUBY)
R2 VetubyPrintService; C:\VETUBY\PROGRAMM\B0001442\PSNTSERV.EXE [155136 2015-04-01] (VETUBY) [Datei ist nicht signiert]
S4 DfueSammlerDienst; C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-09-28] (VETUBY)
R2 DVckService; C:\VETUBY\PROGRAMM\B0000150\ScServer\DVckService.exe [3099688 2015-04-01] (VETUBY)
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe [116224 2012-05-18] (Firebird Project) [Datei ist nicht signiert]
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe [4035584 2012-05-18] (Firebird Project) [Datei ist nicht signiert]
R2 GDBackupSvc; C:\Program Files (x86)\G Data\AVK\AVKBackupService.exe [1910392 2015-04-26] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [713336 2015-04-27] (G Data Software AG)
R2 hasplms; C:\Windows\system32\hasplms.exe [4608320 2014-11-27] (SafeNet Inc.)
R2 HRService; C:\Program Files (x86)\Efuah\iDesk\iDeskService\iDeskService.exe [12800 2013-07-03] () [Datei ist nicht signiert]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Datei ist nicht signiert]
S4 KOBIL_MSDI; C:\VETUBY\PROGRAMM\B0000404\msdisrv.exe [137736 2013-03-14] (KOBIL Systems GmbH)
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF \PDFProFiltSrv.exe [134944 2010-10-16] (Nuance Communications, Inc.)
R2 Sicherheitspaket-Dienst; C:\VETUBY\PROGRAMM\B0000398\SiPaHostService.exe [322088 2015-04-01] (VETUBY)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 Vetuby.SystemComponents.ServiceBus.V0300.PlugIn; Vetuby.Framework.RemoteServiceModel.GenericService2010.exe Vetuby.SystemComponents.ServiceBus.V0300.PlugIn [X]
S3 Vetuby.SystemComponents.ServiceBus.V0400.PlugIn; Vetuby.Framework.RemoteServiceModel.GenericService2010.exe Vetuby.SystemComponents.ServiceBus.V0400.PlugIn [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2015-08-27] (G Data Software AG)
R3 GDKBB; C:\Windows\system32\drivers\GDKBB64.sys [28672 2015-08-27] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [138752 2015-08-27] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64512 2015-08-27] (G DATA Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2015-08-27] (G Data Software)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331608 2014-11-27] (SafeNet Inc.)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2015-08-27] (G Data Software AG)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM52x64.sys [339728 2010-08-14] (Intel(R) Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP52X64.sys [65808 2010-08-14] (Intel(R) Corporation)
S3 KOBCCEX; C:\Windows\System32\drivers\KOBCCEX.sys [25344 2012-01-03] (KOBIL Systems GmbH) [Datei ist nicht signiert]
R3 KOBCCID; C:\Windows\System32\drivers\KOBCCID.sys [116864 2012-11-10] (KOBIL Systems GmbH)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-09] ()
R2 SC_SERV3D; C:\Windows\system32\drivers\d3_kafm.sys [96952 2014-03-03] (VETUBY)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [1093256 2013-03-24] (Acronis)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [166024 2013-03-24] (Acronis)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [33048 2006-11-30] (X10 Wireless Technology, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U0 dmboot; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-08-30 02:20 - 2016-08-30 02:20 - 00029363 _____ C:\Users\M**\Desktop\FRST.txt
2016-08-30 02:20 - 2016-08-30 02:20 - 00000000 ____D C:\FRST
2016-08-30 02:08 - 2016-08-30 02:08 - 02397696 _____ (Farbar) C:\Users\M**\Desktop\FRST64.exe
2016-08-29 17:24 - 2016-08-29 17:24 - 00002311 _____ C:\Users\Public\Desktop\Efuah Ster aufrufen.lnk
2016-08-29 12:18 - 2016-08-29 12:20 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-29 12:18 - 2016-08-29 12:18 - 00001108 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-08-29 12:18 - 2016-08-29 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-08-29 12:18 - 2016-08-29 12:18 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-08-29 12:18 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-08-29 12:18 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-29 12:18 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-08-29 12:06 - 2016-08-29 12:09 - 22851472 _____ (Malwarebytes ) C:\Users\M**\Desktop\mbam-setup-2.2.1.1043.exe
2016-08-23 09:57 - 2016-08-23 11:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-17 08:03 - 2016-07-08 17:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-17 08:03 - 2016-07-08 17:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-08-10 14:04 - 2016-08-02 16:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-10 14:04 - 2016-08-02 16:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-10 14:04 - 2016-08-02 08:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-10 14:04 - 2016-08-02 08:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-10 14:04 - 2016-08-02 08:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-10 14:04 - 2016-08-02 08:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-10 14:04 - 2016-08-02 08:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-10 14:04 - 2016-08-02 08:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-10 14:04 - 2016-08-02 08:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-10 14:04 - 2016-08-02 08:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-10 14:04 - 2016-08-02 08:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-10 14:04 - 2016-08-02 08:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-10 14:04 - 2016-08-02 08:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-10 14:04 - 2016-08-02 08:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-10 14:04 - 2016-08-02 08:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-10 14:04 - 2016-08-02 08:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-10 14:04 - 2016-08-02 08:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-10 14:04 - 2016-08-02 08:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-10 14:04 - 2016-08-02 08:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-10 14:04 - 2016-08-02 08:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-10 14:04 - 2016-08-02 08:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-10 14:04 - 2016-08-02 08:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-10 14:04 - 2016-08-02 08:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-10 14:04 - 2016-08-02 07:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-10 14:04 - 2016-08-02 07:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-10 14:04 - 2016-08-02 07:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-10 14:04 - 2016-08-02 07:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-10 14:04 - 2016-08-02 07:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-10 14:04 - 2016-08-02 07:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-10 14:04 - 2016-08-02 07:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-10 14:04 - 2016-08-02 07:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-10 14:04 - 2016-08-02 07:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-10 14:04 - 2016-08-02 07:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-10 14:04 - 2016-08-02 07:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-10 14:04 - 2016-08-02 07:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-10 14:04 - 2016-08-02 07:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-10 14:04 - 2016-08-02 07:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-10 14:04 - 2016-08-02 07:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-10 14:04 - 2016-08-02 07:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-10 14:04 - 2016-08-02 07:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-10 14:04 - 2016-08-02 07:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-10 14:04 - 2016-08-02 07:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-10 14:04 - 2016-08-02 07:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-10 14:04 - 2016-08-02 07:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-10 14:04 - 2016-08-02 07:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-10 14:04 - 2016-08-02 07:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-10 14:04 - 2016-08-02 07:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-10 14:04 - 2016-08-02 07:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-10 14:04 - 2016-08-02 07:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-10 14:04 - 2016-08-02 07:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-10 14:04 - 2016-08-02 07:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-10 14:04 - 2016-08-02 07:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-10 14:04 - 2016-08-02 07:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-10 14:04 - 2016-08-02 07:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-10 14:04 - 2016-08-02 07:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-10 14:04 - 2016-08-02 07:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-10 14:04 - 2016-08-02 07:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-10 14:04 - 2016-08-02 07:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-10 14:04 - 2016-08-02 07:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-10 14:04 - 2016-08-02 07:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-10 14:04 - 2016-08-02 07:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-10 14:04 - 2016-08-02 07:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-10 14:04 - 2016-08-02 06:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-10 14:04 - 2016-08-02 06:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-10 14:04 - 2016-08-02 06:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-10 14:04 - 2016-08-02 06:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-10 14:00 - 2016-07-08 17:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 14:00 - 2016-07-08 17:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-10 14:00 - 2016-07-08 17:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-10 14:00 - 2016-07-08 17:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-10 14:00 - 2016-07-08 17:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-10 14:00 - 2016-07-08 17:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-10 14:00 - 2016-07-08 16:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-10 14:00 - 2016-07-08 16:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-10 14:00 - 2016-07-08 16:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-10 14:00 - 2016-07-08 16:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-10 14:00 - 2016-07-08 16:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-10 14:00 - 2016-07-08 16:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-08-10 13:50 - 2016-07-08 17:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-08-30 02:02 - 2012-09-24 12:29 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-30 01:26 - 2013-07-22 11:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-30 00:45 - 2012-01-03 10:47 - 00000128 _____ C:\Windows\system32\config\netlogon.ftl
2016-08-29 17:30 - 2009-07-14 06:45 - 00027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-29 17:30 - 2009-07-14 06:45 - 00027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-29 17:25 - 2013-08-11 09:49 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-29 17:24 - 2012-01-04 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Efuah
2016-08-29 11:58 - 2015-08-26 17:10 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1D933CB6-A4A6-4298-AAB9-4BE18F150CFA}
2016-08-29 09:02 - 2012-09-24 12:29 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-29 08:04 - 2015-08-26 17:09 - 00000000 ____D C:\Users\M**\AppData\LocalLow\AuthenTec
2016-08-29 01:27 - 2012-03-08 08:53 - 00003210 _____ C:\Windows\System32\Tasks\HPCeeScheduleFor**$
2016-08-29 01:27 - 2012-03-08 08:53 - 00000334 _____ C:\Windows\Tasks\HPCeeScheduleFor**$.job
2016-08-28 10:09 - 2015-08-26 17:56 - 00000000 ____D C:\Users\M**\Documents\PhraseExpress
2016-08-28 10:05 - 2011-12-09 01:20 - 00000000 ____D C:\ProgramData\Temp
2016-08-28 10:04 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-23 20:41 - 2015-08-29 18:24 - 00005821 _____ C:\Users\M**\AppData\Local\EmptySettings.xml
2016-08-23 11:56 - 2012-11-22 12:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-18 16:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-18 14:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-08-11 08:36 - 2009-07-14 06:45 - 00433752 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-09 08:07 - 2012-09-24 12:30 - 00002189 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-09 08:07 - 2012-09-24 12:30 - 00002177 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-04 08:38 - 2015-06-20 18:01 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-08-29 18:24 - 2016-08-23 20:41 - 0005821 _____ () C:\Users\M**\AppData\Local\EmptySettings.xml
2012-11-10 15:46 - 2013-06-07 09:18 - 0000227 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Einige Dateien in TEMP:
====================
C:\Users\M**\AppData\Local\temp\jre-8u60-windows-au.exe
C:\Users\M**\AppData\Local\temp\jre-8u66-windows-au.exe
C:\Users\M**\AppData\Local\temp\jre-8u77-windows-au.exe
C:\Users\M**\AppData\Local\temp\ytb.exe
C:\Users\M**_veraltet\AppData\Local\temp\jre-7u65-windows-i586-iftw.exe
C:\Users\M**_veraltet\AppData\Local\temp\jre-7u67-windows-i586-iftw.exe
C:\Users\M**_veraltet\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe
C:\Users\M**_veraltet\AppData\Local\temp\jre-8u31-windows-au.exe


Einige mit null Byte Größe Dateien/Ordner:
==========================
C:\Windows\SysWOW64\bdcore.dll

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-08-16 11:43

==================== Ende von FRST.txt ============================
         
--- --- ---

[/code]

Code:
ATTFilter
 
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 29-08-2016
durchgeführt von M** (30-08-2016 02:21:38)
Gestartet von C:\Users\M**\Desktop
Windows 7  Service Pack 1 (X64) (2011-12-30 12:52:09)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Admin (S-1-5-21-55981234-3424176865-3846576974-1000 -  - Enabled) => C:\Users\Admin
 (S-1-5-21-55981234-3424176865-3846576974-500 -  - Disabled)
Gast (S-1-5-21-55981234-3424176865-3846576974-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: G Data AntiVirus (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G Data AntiVirus (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
ADAC Gebrauchtwagen 2010-2011 (HKLM-x32\...\{FB3FA4C6-98A3-41C0-8713-6BADBBCB4FBC}) (Version:  - )
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
AGX (HKLM-x32\...\tksuite_tksuite_CL) (Version: 4.3.19 - AGX GmbH & Co. KG)
AMD Catalyst Install Manager (HKLM\...\{0BD776F3-057D-4C11-020C-4FA9B13D04F9}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)
Ashampoo Snap 3.50 (HKLM-x32\...\Ashampoo Snap 3_is1) (Version: 3.5.0 - ashampoo GmbH & Co. KG)
AuthenTec TrueAPI (Version: 1.3.0.150 - AuthenTec, Inc.) Hidden
B1315AppGuid (x32 Version: 1.0.0 - VETUBY eG) Hidden
Brother MFL-Pro Suite MFC-8860DN (HKLM-x32\...\{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3243 - CDBurnerXP)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
AGELLOC Ka (HKLM-x32\...\{D3D88E2B-0853-4C17-8FAF-962D0A93D776}) (Version: 2.41.0.12 - Agelloc)
Agelloc Ka (HKLM-x32\...\Agelloc-Ka_is1) (Version: 2.0 - HSC GmbH Dürrweitzschen)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.835 - Corel Inc.)
CorelDRAW Graphics Suite 12 (HKLM-x32\...\{505AFDC0-5E72-4928-8368-5DEA385E3647}) (Version: 12.0.0.458 - Corel Corporation)
Crystal Reports Runtime XI (x32 Version: 1.0.9 - VETUBY eG) Hidden
VETUBY Infragistics Runtime V.3.2 (x32 Version: 3.2.0 - Infragistics, Inc.) Hidden
VETUBY-Installation V.3.7 (HKLM-x32\...\VETUBYB00000482.0) (Version:  - )
DFL7 ConfigDB (HKLM-x32\...\{C2644C5F-2469-438D-BDBF-E7ACF7C36EF4}) (Version: 7.1.7063.0 - VETUBY eG)
DFL7 Microkernel (HKLM-x32\...\{218F90D2-F8E3-4286-9299-BB7BBC8801C5}) (Version: 7.1.6271.0 - VETUBY eG)
Dialogseminar online V.3.02 (HKLM-x32\...\{E7A679C2-2A9C-4008-9CF9-178A6C13D923}) (Version: 10.2.8.2136 - iLinc Communications)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
eDocPrintPro (HKLM\...\{D3F786BC-45E0-4C05-8EF7-E17BC6058A5D}) (Version: 3.18.3 - MAY Computer)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.4.19695 - Landesfinanzdirektion Thüringen)
Firebird 2.1.5.18496 (x64) (HKLM\...\FBDBServer_2_1_x64_is1) (Version: 2.1.5.18496 - Firebird Project)
FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)
G Data Security CL (HKLM-x32\...\{7F07767B-0141-49E4-A850-5EAB7D08C2FA}) (Version: 13.2.0 - G DATA Software AG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
gs_x64 (HKLM\...\{4ED70939-4D42-48E4-B573-13E3B8B13ADF}) (Version: 9.06 - MAY-Computer)
Efuah Formular-Manager (x32 Version: 15.12.10.0010 - Efuah-Lexi
Efuah iDeskBrowser 2016 (x32 Version: 16.03.21.0105 - Efuah-Lexi
Efuah iDesk-Service (x32 Version: 16.02.21.0748 - Efuah-Lexi
Efuah Per Office Standard (HKLM-x32\...\{77777baa-39ce-4e69-abc7-bc53551f32da}) (Version: 20.4.0.0 - Efuah-Lexi)
Efuah Per Office Standard (x32 Version: 20.04.00.0000 - Efuah-Lexi
Efuah Ster (HKLM-x32\...\{c185c332-3cec-45ed-9611-199613282448}) (Version: 20.4.0.0 - Efuah-Lexi)
Efuah Ster (x32 Version: 20.04.00.0000 - Efuah-Lexi
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SimplePass PE 2011 (HKLM-x32\...\{9FECD1F1-4B1E-499D-BAF4-B9BDE655554D}) (Version: 5.3.0.282 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
Identive Cloud Smart Card Reader (HKLM-x32\...\{F476C0AA-80D6-481A-83FC-37763021C31F}) (Version: 1.02 - Identive)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections 15.7.176.0 (HKLM\...\PROSetDX) (Version: 15.7.176.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2253 - Intel Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
klickTel OEM Frühjahr 2010 (HKLM-x32\...\{AC172E9C-D9E6-4853-BEDB-FB6D72042F42}) (Version: 1.00.0000 - telegate MEDIA AG)
kobdfu x64x86 driver installation (x32 Version: 1.00.0000 - KOBIL Systems) Hidden
KOBIL CCID driver x64x86 (x32 Version: 1.013.02121 - KOBIL Systems) Hidden
Org 6.0 (HKLM-x32\...\Organizer V99.1) (Version:  - )
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 Primary Interop Assemblies (HKLM-x32\...\{90140000-1105-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1024 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - German/Deutsch (HKLM-x32\...\Office14.OMUI.de-de) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office   2010 (HKLM-x32\...\Office14.PROR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable - Language Pack - deu (HKLM-x32\...\{B2F21D11-631B-33C2-8E1A-73EA57FDFE33}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft ReportViewer 2010 SP1 Redistributable (KB2549864) (HKLM-x32\...\{1282C0BC-3B22-33D4-B72E-62922415DDCA}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005-Abwärtskompatibilität (HKLM\...\{36B72E6E-E433-45FC-A929-C416FF63415A}) (Version: 8.05.2004 - Microsoft Corporation)
Microsoft SQL Server Native CL (HKLM\...\{7C39E0D1-E138-42B1-B083-213EC2CF7692}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 47.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 de)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
Mozilla Thunderbird 45.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.2.0 (x86 de)) (Version: 45.2.0 - Mozilla)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{EBFC96E5-4409-426E-88B7-650ADB342E78}) (Version: 8.0.50727.42 - The Firebird Project)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nuance PDF Converter  (HKLM\...\{B625EA74-59BE-4F69-9400-357F453368FD}) (Version: 7.00.6403 - Nuance Communications, Inc)
NWB ReuetsXpert (HKLM-x32\...\{F713C6A9-AB4A-4332-9306-736C2F4F18B8}) (Version: 7.3.0 - Verlag Neue Wirtschafts-Briefe)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PhraseExpress v11.0.109 (HKLM-x32\...\PhraseExpress_is1) (Version: 11.0.109 - Bartels Media GmbH)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4222 - CyberLink Corp.) Hidden
Scansoft PDF  (x32 Version:  - ) Hidden
SCR3xxx Smart Card Reader (HKLM-x32\...\{17B0906A-26ED-45D0-B51B-83EF1AADCCFE}) (Version: 8.51 - Identive)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{F3E80B62-3C51-4940-A434-A1F517AB8D6A}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SPR532 SmartCard Reader V1.87 (HKLM-x32\...\{063368C4-1F03-46C7-92A8-9066AF67B372}) (Version: 1.87 - SCM Microsystems Inc.)
SQLXML4 (HKLM\...\{BFBF33B5-AEFE-454B-A189-DF5013028535}) (Version: 9.00.5000.00 - Microsoft Corporation)
Sun ODF Plugin for Microsoft Office 3.2 (HKLM-x32\...\{BD136CE7-6666-4273-A056-8D92F8625AAB}) (Version: 3.2.9483 - Sun Microsystems)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
True Image 2013 (HKLM-x32\...\{59F3D2AC-5F1F-4A93-8F23-6FD4F029D9A9}Visible) (Version: 16.0.5551 - Acronis)
True Image 2013 (x32 Version: 16.0.5551 - Acronis) Hidden
True Image 2013 Media Add-on (HKLM-x32\...\{91302AFA-15FA-4C92-9ADC-76A5048F634C}) (Version: 16.0.5023 - Acronis)
True Image 2013  Pack (HKLM-x32\...\{C408E706-94A7-454C-8B52-538AA6CBD0FB}) (Version: 16.0.5551 - Acronis)
Update System (HKLM-x32\...\{41EEA0F0-011B-11D5-8F68-005004538B1F}) (Version:  - )
VIP Access SDK (1.0.1.4)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.4 - Symantec Inc.)
Skov - Bts Edition (HKLM-x32\...\{9FAFEAEE-548F-4BBE-AE9E-7B298D42BC5A}) (Version: 26.0.99 - Skov GmbH)
Skov - Bts Edition (HKLM-x32\...\{CAD7F8D4-49C3-4101-BE7E-F1EEBF810AC2}) (Version: 24.001 - Skov GmbH)
Skov OS Upgrade (HKLM-x32\...\{EAA9023E-4091-4285-8BD5-F84D8E83469A}) (Version: 2.00.0000 - Skov GmbH)
VR (HKLM-x32\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version:  - )
WebUpdate - EtS (HKLM-x32\...\{C185AB5E-55CF-471D-8131-DAE00C13B326}) (Version: 18.007 - Skov GmbH)
WebUpdate - ELSTER (HKLM-x32\...\{E0ADF19F-E3D2-4B79-BE25-ACB56388E838}) (Version: 6.015 - Skov GmbH)
WebUpdate - Stammdaten (HKLM-x32\...\{C53D64C3-D000-4E57-A8D7-D138CBB70D91}) (Version: 7.012 - Skov GmbH)
WebUpdate-Reuetserklärungen (HKLM-x32\...\{B8719A77-EAE1-47CC-81C9-C6E4AE9470D9}) (Version: 91.60.00 - Skov GmbH)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0DBB0773-9214-4B13-BCDE-3016AC98D485} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-10] (Hewlett-Packard Company)
Task: {0DE3C3F8-4155-4244-AB39-80CF6EC89B32} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-03-20] (Oracle Corporation)
Task: {11CC6100-32D4-4072-BDA2-3AD804FF8D7D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {15D1D05B-40B7-4154-9BAA-895CB5EDBD8E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated)
Task: {2F1E5A16-80A2-4098-B47C-06C19334C2C1} - System32\Tasks\VETUBY eG\VETUBY Update-Monitor => C:\VETUBY\PROGRAMM\Install\DvInesASDMon.Exe [2015-09-15] (VETUBY eG)
Task: {483BCAEF-8A78-415E-8D24-62B9C3F1ADFE} - System32\Tasks\{A2BCF922-74F8-4BDA-A879-64B2EE7C1ADD} => C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE
Task: {4B701442-9B29-42D0-95DE-934F19F421CE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {514B7DCF-9FDA-429B-A57B-929E7F256F4E} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-25] ()
Task: {62FDCA39-E871-4D9F-A5D0-306F156CDDCD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-23] (Hewlett-Packard Company)
Task: {71C27071-F8FE-48C1-8852-6AB708865657} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {73EFD712-8788-4E62-BAAA-53CFB9E7E6AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {ACC468D1-9001-4574-80A7-9296C97E821B} - System32\Tasks\{2DEC486D-EE68-4562-9B69-FC100395545D} => pcalua.exe -a E:\Start.exe -d E:\
Task: {AE2218C5-293C-4750-9C54-0CFE21EBEE03} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-10] (Hewlett-Packard Company)
Task: {E1E4CF67-F4F1-4FBC-B5FC-5E6AA119E737} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {E5BCB62C-EB4E-4F2E-97A9-D77E54766D5D} - System32\Tasks\HPCeeScheduleFor**$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {FF1EE46A-163A-4A00-B6BB-B0CCECE66D7C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-10] (Hewlett-Packard Company)
Task: {FF8250B6-ACEE-4696-B76F-246542D5F0DE} - System32\Tasks\{1EE384C2-D134-473A-9540-2BB47B2465DF} => pcalua.exe -a C:\Users\M**\Desktop\esetsmartinstaller_enu.exe -d C:\Users\M**\Desktop

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleFor**$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\M**\Desktop\ruecksichern PhraseExpress von e nach c.lnk -> C:\BAT\einlese_PhraseExpress_M**.bat ()
Shortcut: C:\Users\M**\Desktop\sichern Mails von ** M**.lnk -> C:\BAT\sichern_Mails_**_nach_c.bat ()
Shortcut: C:\Users\M**\Desktop\Word VETUBY funktionierend.lnk -> C:\BAT\Word_VETUBY_funktionierend_**.bat ()
Shortcut: C:\Users\M**\Desktop\Word Makro funktionierend.lnk -> C:\BAT\Word_Makro_funktionierend_**.bat ()
Shortcut: C:\Users\M**\Desktop\rücksichern Programme Word und andere\rücksichern diverse Corel Formen Symbole auf **.lnk -> C:\BAT\einlese1_Corel_Formen_Datei_M**.bat ()
Shortcut: C:\Users\M**\Desktop\rücksichern Programme Word und andere\rücksichern Excel von e nach c nur Mustermappe.lnk -> C:\BAT\einlese1_Excel2010_M**.bat ()
Shortcut: C:\Users\M**\Desktop\rücksichern Programme Word und andere\rücksichern PhraseExpress von e nach c.lnk -> C:\BAT\einlese_PhraseExpress_M**.bat ()
Shortcut: C:\Users\M**\Desktop\rücksichern Programme Word und andere\rücksichern word von e nach c alles.lnk -> C:\BAT\einlese4_Word2010_M**.bat ()
Shortcut: C:\Users\M**\Desktop\rücksichern Programme Word und andere\rücksichern word von e nach c nur normal.dot.lnk -> C:\BAT\einlese8_Word2010_M**.bat ()

ShortcutWithArgument: C:\Users\Public\Desktop\Efuah Per Office Standard.lnk -> C:\Program Files (x86)\Efuah\iDesk\iDeskBrowser\hidb.exe (Efuah Gruppe) -> -splash \\res\\Efuah.bmp -new-window hxxp://127.0.0.1:38184/HR/PI51
ShortcutWithArgument: C:\Users\Public\Desktop\Efuah Ster aufrufen.lnk -> C:\Program Files (x86)\Efuah\iDesk\iDeskBrowser\hidb.exe (Efuah Gruppe) -> -splash \\res\\Efuah.bmp -new-window hxxp://127.0.0.1:38184/HR/PI19

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-11-09 23:10 - 2011-11-09 23:10 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-08-26 15:41 - 2005-04-22 13:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2013-07-03 20:02 - 2013-07-03 20:02 - 00012800 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\iDeskService.exe
2012-08-23 04:35 - 2012-08-23 04:35 - 13873200 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2012-08-23 04:31 - 2012-08-23 04:31 - 01590656 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\icudt38.dll
2012-07-24 15:48 - 2012-07-24 15:48 - 00012160 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll
2014-11-25 20:35 - 2014-11-25 20:35 - 00110120 ____N () C:\VETUBY\SYSTEM\DVCCSASCMTF001.dll
2015-04-23 17:09 - 2015-04-23 17:09 - 00182784 _____ () C:\VETUBY\PROGRAMM\RZKOMM\VETUBY.CC.BASECPP.DLL
2012-08-23 01:42 - 2012-08-23 01:42 - 00435584 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2012-01-03 23:34 - 2010-07-01 12:00 - 00050512 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo Snap 3\MouseHook.dll
2013-07-03 20:02 - 2013-07-03 20:02 - 00082432 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\pywintypes24.dll
2013-07-03 20:00 - 2013-07-03 20:00 - 00052224 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\DLLs\zlib.pyd
2013-07-03 20:02 - 2013-07-03 20:02 - 00029696 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Lib\site-packages\win32\win32process.pyd
2013-07-03 20:02 - 2013-07-03 20:02 - 00016896 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Lib\site-packages\win32\win32event.pyd
2013-07-03 20:00 - 2013-07-03 20:00 - 00037888 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\DLLs\_socket.pyd
2013-07-03 20:00 - 2013-07-03 20:00 - 00475136 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\DLLs\_ssl.pyd
2013-07-03 20:02 - 2013-07-03 20:02 - 00064512 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Lib\site-packages\win32\win32api.pyd
2013-07-03 20:02 - 2013-07-03 20:02 - 00017920 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Lib\site-packages\win32\win32evtlog.pyd
2013-07-03 20:02 - 2013-07-03 20:02 - 00027648 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Lib\site-packages\win32\servicemanager.pyd
2013-07-03 20:02 - 2013-07-03 20:02 - 00071680 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Lib\site-packages\win32\win32file.pyd
2013-07-03 20:02 - 2013-07-03 20:02 - 00018944 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Lib\site-packages\win32\win32pipe.pyd
2013-07-03 20:02 - 2013-07-03 20:02 - 00086528 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Lib\site-packages\win32\win32security.pyd
2013-07-03 20:02 - 2013-07-03 20:02 - 00036864 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Lib\site-packages\win32\win32service.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00017920 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\persistent.cPersistence.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00011264 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\persistent.TimeStamp.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00017920 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\persistent.cPickleCache.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00023040 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\Acquisition._Acquisition.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00017408 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\ExtensionClass._ExtensionClass.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00007680 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\ComputedAttribute._ComputedAttribute.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00024064 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\AccessControl.cAccessControl.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00010240 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\Record._Record.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00017408 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\DocumentTemplate.cDocumentTemplate.pyd
2013-07-03 20:00 - 2013-07-03 20:00 - 00124416 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\DLLs\pyexpat.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00049664 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\BTrees._OOBTree.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00051712 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\BTrees._OIBTree.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00053248 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\BTrees._IOBTree.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00053760 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\BTrees._IIBTree.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00008192 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\Persistence._Persistence.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00006656 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\MethodObject._MethodObject.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00008192 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\Missing._Missing.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00008704 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\MultiMapping._MultiMapping.pyd
2013-07-03 20:00 - 2013-07-03 20:00 - 00010240 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\DLLs\select.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00006656 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\ZODB.winlock.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00006144 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\Products.ZCTextIndex.stopper.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00007168 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\Products.ZCTextIndex.okascore.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00378368 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\_jpype.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00009728 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\TextIndexNG2\normalizer.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00010240 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\TextIndexNG2\indexsupport.pyd
2016-04-14 10:37 - 2016-04-14 10:37 - 00614912 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\osr32v10.dll
2016-04-14 10:52 - 2016-04-14 10:52 - 00052224 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\BTrees._fsBTree.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00259072 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\M2Crypto.__m2crypto.pyd
2013-07-03 19:57 - 2013-07-03 19:57 - 00148480 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\SSLEAY32.dll
2013-07-03 19:57 - 2013-07-03 19:57 - 00825344 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\LIBEAY32.dll
2016-04-14 10:52 - 2016-04-14 10:52 - 00014848 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\TextIndexNG2\TXNGSplitter.pyd

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\Temp:0574215C [512]
AlternateDataStreams: C:\ProgramData\Temp:D95ACC7D [247]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2013-10-31 02:21 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.199.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupreg: c:_program files (x86)_cor42 => C:\Program Files (x86)\Corel\Corel Graphics 12\Programs\CorUpd.exe /Watch /r="Software\Corel\CorelDRAW\12.0"
MSCONFIG\startupreg: CorelDRAW Graphics Suite 11b => C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=012712 serial=DR12WRX-0547867-QBY lang=DE

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [TCP Query User{294FAFF8-FA89-46CA-9877-ADCB4932A7D6}C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe] => (Block) C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe
FirewallRules: [UDP Query User{147CF546-3069-4A31-91A1-AFD5F2B44973}C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe] => (Block) C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe
FirewallRules: [TCP Query User{172A705F-D4EC-425A-AD7D-592910136FBA}C:\Vetuby\programm\b0000398\sipahost.exe] => (Block) C:\Vetuby\programm\b0000398\sipahost.exe
FirewallRules: [TCP Query User{D74D3D22-A67C-49D3-88DA-DD29C9189166}C:\Vetuby\programm\k0005000\arbeitsplatz.exe] => (Block) C:\Vetuby\programm\k0005000\arbeitsplatz.exe
FirewallRules: [UDP Query User{E7A77894-60EE-49D8-92FF-7FBB0E0DC942}C:\Vetuby\programm\k0005000\arbeitsplatz.exe] => (Block) C:\Vetuby\programm\k0005000\arbeitsplatz.exe
FirewallRules: [{60399911-0D3F-4CDF-93AA-D29B4B76CE9F}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [TCP Query User{1989F23E-EEC6-4C32-8A1C-DB48965D3248}C:\program files (x86)\g data\AVK\AVK.exe] => (Allow) C:\program files (x86)\g data\AVK\AVK.exe
FirewallRules: [UDP Query User{FBFB69C4-FD24-4694-BF88-55F5C8D80C95}C:\program files (x86)\g data\AVK\AVK.exe] => (Allow) C:\program files (x86)\g data\AVK\AVK.exe
FirewallRules: [TCP Query User{CB3DA784-F5F2-42B8-9B48-1404163C8673}C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe] => (Allow) C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe
FirewallRules: [UDP Query User{13A614C3-C210-4D7D-991A-2B01D8567868}C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe] => (Allow) C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe
FirewallRules: [TCP Query User{7A250F7E-99D6-4284-806C-686A61225A09}C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe] => (Block) C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe
FirewallRules: [UDP Query User{50B90E77-982F-4DE0-A22E-3F77B7BCDA09}C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe] => (Block) C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe
FirewallRules: [{5FE36310-BC20-435B-A3CF-84DC9BBF2C55}] => (Allow) C:\Program Files (x86)\PhraseExpress\PhraseExpress.exe
FirewallRules: [{63FA535F-4099-478D-B9E5-DE0EF0008B1B}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{579B7F4C-886F-42CA-9600-52F059AE44D4}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{7ABC9A6C-94E5-4BB1-AA12-2B10469123CD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{5F79A600-D361-4DC5-AAE7-65B4617C001D}C:\program files (x86)\g data\AVK\AVK.exe] => (Block) C:\program files (x86)\g data\AVK\AVK.exe
FirewallRules: [UDP Query User{F4213866-E334-440D-8949-2AE678CFA679}C:\program files (x86)\g data\AVK\AVK.exe] => (Block) C:\program files (x86)\g data\AVK\AVK.exe
FirewallRules: [{B9F034D3-BD88-4C77-8D14-3FEA6194AAA4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F171416D-5986-449F-B038-C98064509925}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{20F374D8-DF3B-4B5E-89B9-F0AD2C525054}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{19D1B3CB-745D-4412-8C18-10558755543D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{2D4F9BA8-56A2-4658-B0A8-AE0B3FCA1F0A}] => (Allow) C:\Program Files (x86)\PhraseExpress\PhraseExpress.exe
FirewallRules: [TCP Query User{388CBB47-AB58-456D-A75D-73B5DEDD66E6}C:\Vetuby\programm\sws\limaservice.exe] => (Allow) C:\Vetuby\programm\sws\limaservice.exe
FirewallRules: [UDP Query User{1F13A023-F582-400D-BE0C-53DFA4FE9725}C:\Vetuby\programm\sws\limaservice.exe] => (Allow) C:\Vetuby\programm\sws\limaservice.exe
FirewallRules: [{126432FB-4688-4F2E-8FE3-2A0D62994F66}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{E1F0428B-9E44-493C-92FA-F41264C4A67E}] => (Allow) C:\VETUBY\PROGRAMM\B0000398\SiPaHost.exe
FirewallRules: [{7199394B-5771-40BF-BB82-F8A5BE963554}] => (Allow) C:\VETUBY\PROGRAMM\B0000391\Vetuby.Security.Dokumentenschutz.exe
FirewallRules: [{BE7081D3-D782-42B1-9B95-AFBF7506D670}] => (Allow) C:\Program Files\TightVNC\tvnserver.exe
FirewallRules: [TCP Query User{D96180A0-7519-4C09-931A-30E42300B4EF}C:\program files (x86)\g data\AVK\AVK.exe] => (Allow) C:\program files (x86)\g data\AVK\AVK.exe
FirewallRules: [UDP Query User{574C5855-8FEA-4F92-B38C-9279A9CF9A0B}C:\program files (x86)\g data\AVK\AVK.exe] => (Allow) C:\program files (x86)\g data\AVK\AVK.exe
FirewallRules: [{3031FE58-FE1C-4F10-8B0A-0C83C21265FE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{785C587A-ADA1-49D3-9697-3948864FF7DA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7077CE7F-BBDC-470E-95BD-AB40E3928392}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{280FED29-87AA-4F47-ADB6-9CCE4428993C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BA3CFF32-B061-41CD-B233-EF9B30014090}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{627B4C30-B2CE-4F74-B86A-624210550351}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{68B01066-3D5A-4CEC-9416-D0DBB848D608}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{6EF12444-F1AC-4278-BD66-B16500A1E854}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{E87D25BF-70BC-4F87-A867-C70AB7410CCC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4AA6A2EF-72D0-40C5-89EE-CC0E160175C4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B60D5699-595E-47E6-9081-BCE748303D83}] => (Allow) C:\VETUBY\PROGRAMM\RWAPPLIC\Vetuby.Irw.Managed.ServiceProvider.exe
FirewallRules: [{2851787F-8D86-45D7-8D6E-6E2EFF90E6A2}] => (Allow) C:\VETUBY\PROGRAMM\RWAPPLIC\Vetuby.Irw.Managed.ServiceProvider.exe
FirewallRules: [{54E70833-8730-4982-B4C6-EDB16C9E309C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\VETUBY\PROGRAMM\NUMZUS\NumZus.exe] => Enabled:NumZus.exe
DomainProfile\AuthorizedApplications: [C:\VETUBY\PROGRAMM\RWAPPLIC\Vetuby.Irw.Managed.ServiceProvider.exe] => Enabled:VETUBY IRW ServiceProvider
DomainProfile\AuthorizedApplications: [C:\VETUBY\SYSTEM\DvpExe.exe] => Enabled:DvpExe.exe
DomainProfile\AuthorizedApplications: [C:\VETUBY\SYSTEM\DcomSrv.exe] => Enabled:DcomSrv.exe
DomainProfile\AuthorizedApplications: [C:\VETUBY\PROGRAMM\TNADNAM\Tnadnam.exe] => Enabled:Tnadnam.exe
StandardProfile\AuthorizedApplications: [C:\VETUBY\PROGRAMM\NUMZUS\NumZus.exe] => Enabled:NumZus.exe
StandardProfile\AuthorizedApplications: [C:\VETUBY\PROGRAMM\RWAPPLIC\Vetuby.Irw.Managed.ServiceProvider.exe] => Enabled:VETUBY IRW ServiceProvider
StandardProfile\AuthorizedApplications: [C:\VETUBY\SYSTEM\DvpExe.exe] => Enabled:DvpExe.exe
StandardProfile\AuthorizedApplications: [C:\VETUBY\SYSTEM\DcomSrv.exe] => Enabled:DcomSrv.exe
StandardProfile\AuthorizedApplications: [C:\VETUBY\PROGRAMM\TNADNAM\Tnadnam.exe] => Enabled:Tnadnam.exe

==================== Wiederherstellungspunkte =========================

16-08-2016 08:35:34 Windows Update
17-08-2016 17:56:51 Windows Update
23-08-2016 08:00:17 Windows Update
23-08-2016 20:42:02 Windows Update
28-08-2016 09:36:49 Windows Update
29-08-2016 17:04:39 Efuah Ster
29-08-2016 17:25:29 Efuah Ster

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
Prozentuale Nutzung des RAM: 49%
Installierter physikalischer RAM: 4054.03 MB
Verfügbarer physikalischer RAM: 2032.05 MB
Summe virtueller Speicher: 8106.25 MB
Verfügbarer virtueller Speicher: 5083.55 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:458.5 GB) (Free:324.47 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B089906B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=458.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=7.2 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
__________________

Alt 30.08.2016, 14:45   #4
spartaner007
 
Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB - Standard

Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB



Code:
ATTFilter
 
12:30:44.0488 0x1e24  TDSS rootkit removing tool 3.1.0.11 Aug  5 2016 12:13:31
12:31:26.0594 0x1e24  ============================================================
12:31:26.0594 0x1e24  Current date / time: 2016/08/30 12:31:26.0594
12:31:26.0594 0x1e24  SystemInfo:
12:31:26.0594 0x1e24  
12:31:26.0594 0x1e24  OS Version: 6.1.7601 ServicePack: 1.0
12:31:26.0594 0x1e24  Product type: PC
12:31:26.0594 0x1e24  ComputerName: **
12:31:26.0594 0x1e24  UserName: M**
12:31:26.0594 0x1e24  Windows directory: C:\Windows
12:31:26.0594 0x1e24  System windows directory: C:\Windows
12:31:26.0594 0x1e24  Running under WOW64
12:31:26.0594 0x1e24  Processor architecture: Intel x64
12:31:26.0594 0x1e24  Number of processors: 4
12:31:26.0594 0x1e24  Page size: 0x1000
12:31:26.0594 0x1e24  Boot type: Normal boot
12:31:26.0594 0x1e24  CodeIntegrityOptions = 0x00000001
12:31:26.0594 0x1e24  ============================================================
12:31:27.0094 0x1e24  KLMD registered as C:\Windows\system32\drivers\89657579.sys
12:31:27.0094 0x1e24  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.23418, osProperties = 0x1
12:31:28.0544 0x1e24  System UUID: {F8549884-F44C-DF46-06F8-60EB4B3B67ED}
12:31:29.0590 0x1e24  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:31:29.0590 0x1e24  ============================================================
12:31:29.0590 0x1e24  \Device\Harddisk0\DR0:
12:31:29.0590 0x1e24  MBR partitions:
12:31:29.0590 0x1e24  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:31:29.0590 0x1e24  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x394FD800
12:31:29.0590 0x1e24  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x39530000, BlocksNum 0xE55800
12:31:29.0590 0x1e24  ============================================================
12:31:29.0605 0x1e24  C: <-> \Device\Harddisk0\DR0\Partition2
12:31:29.0605 0x1e24  ============================================================
12:31:29.0605 0x1e24  Initialize success
12:31:29.0605 0x1e24  ============================================================
12:34:05.0996 0x0810  ============================================================
12:34:05.0996 0x0810  Scan started
12:34:05.0996 0x0810  Mode: Manual; SigCheck; TDLFS; 
12:34:05.0996 0x0810  ============================================================
12:34:05.0996 0x0810  KSN ping started
12:34:06.0120 0x0810  KSN ping finished: true
12:34:06.0994 0x0810  ================ Scan system memory ========================
12:34:06.0994 0x0810  System memory - ok
12:34:06.0994 0x0810  ================ Scan services =============================
12:34:07.0197 0x0810  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:34:07.0322 0x0810  1394ohci - ok
12:34:07.0368 0x0810  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:34:07.0400 0x0810  ACPI - ok
12:34:07.0415 0x0810  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:34:07.0446 0x0810  AcpiPmi - ok
12:34:07.0571 0x0810  [ C2093D96B299D472240B4A3359E93A07, 5787C8C4C9BD7E47F6307C56ADB5C4FB98BEB42246B897C00B1C278FF11A00F3 ] AcrSch2Svc      C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
12:34:07.0649 0x0810  AcrSch2Svc - ok
12:34:07.0743 0x0810  [ 68E7DEA59FDEF410BAF29FDB5B7A6EEF, B808FCF0C30B465A1330E47947B84FC722A3B4C46260E261C54B1EED725A288F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:34:07.0758 0x0810  AdobeARMservice - ok
12:34:07.0868 0x0810  [ 32B31B696CB8E8F380831DFEB80A67E4, 8C8F6E16F2FB3E8F10569261B7712BBC931A2924B6C27D561E7F828041C4F3E6 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:34:07.0883 0x0810  AdobeFlashPlayerUpdateSvc - ok
12:34:07.0946 0x0810  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:34:07.0977 0x0810  adp94xx - ok
12:34:08.0024 0x0810  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:34:08.0055 0x0810  adpahci - ok
12:34:08.0070 0x0810  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:34:08.0102 0x0810  adpu320 - ok
12:34:08.0133 0x0810  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:34:08.0195 0x0810  AeLookupSvc - ok
12:34:08.0258 0x0810  [ ABCF9C80EAACE03021BB7F450EB8993F, 8E38726C423E82954CA85266D6F38B605D010A659420A4EF99D29035A9474BFB ] afcdp           C:\Windows\system32\DRIVERS\afcdp.sys
12:34:08.0289 0x0810  afcdp - ok
12:34:08.0476 0x0810  [ 1AEA25F70F12ABB494A4E35E1D717414, B6DB77C9C0DB8B660CE9933E4CC751B0B6C882FE84FAA39D551B38AF961F5722 ] afcdpsrv        C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
12:34:08.0710 0x0810  afcdpsrv - ok
12:34:08.0741 0x0810  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
12:34:08.0819 0x0810  AFD - ok
12:34:08.0851 0x0810  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
12:34:08.0866 0x0810  agp440 - ok
12:34:08.0897 0x0810  [ 3190C577746303CA4C65114441192FE2, AEE970D59E9FB314B559CF0C41DD2CD3C9C9B5DD060A339368000F975F4CD389 ] aksdf           C:\Windows\system32\drivers\aksdf.sys
12:34:08.0913 0x0810  aksdf - ok
12:34:08.0929 0x0810  [ 2845A05E5AF65B5C7A143D637F08496D, 38DB4590EDD8CBE735ED0C072A03F4E619A3CDA7B8D908FD1CA8E90728F077EF ] aksfridge       C:\Windows\system32\drivers\aksfridge.sys
12:34:08.0944 0x0810  aksfridge - ok
12:34:08.0975 0x0810  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
12:34:09.0022 0x0810  ALG - ok
12:34:09.0069 0x0810  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:34:09.0085 0x0810  aliide - ok
12:34:09.0100 0x0810  [ 5EC60409BD50953BD4F892B18840039E, E02B6646E4A6A965DF9FB0A226487733F16D68EB88AE7D263A40067279190A9D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:34:09.0178 0x0810  AMD External Events Utility - ok
12:34:09.0225 0x0810  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:34:09.0241 0x0810  amdide - ok
12:34:09.0272 0x0810  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
12:34:09.0319 0x0810  AmdK8 - ok
12:34:09.0724 0x0810  [ 322E5C178990F116F00E3D923F4E6B1C, 1D39F9C371C7988299D7183C31641971E0398191287D72CE87ECC38398890B50 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:34:10.0286 0x0810  amdkmdag - ok
12:34:10.0333 0x0810  [ 961A81A84FDD700E361E8294528A37BA, B0F1F6479EE607C4BEEF624375BF01F766EBAD3403E503714848DD5546A2DF64 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
12:34:10.0379 0x0810  amdkmdap - ok
12:34:10.0411 0x0810  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
12:34:10.0442 0x0810  AmdPPM - ok
12:34:10.0473 0x0810  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:34:10.0489 0x0810  amdsata - ok
12:34:10.0520 0x0810  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:34:10.0551 0x0810  amdsbs - ok
12:34:10.0567 0x0810  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:34:10.0582 0x0810  amdxata - ok
12:34:10.0863 0x0810  [ 0D1F299A04DBE4446A3105DEBDDD81C6, 0123036847894724A905EF8DD7C4002D17EEC44F6685091E192032B8A80C02EB ] AntiVirusKit CL C:\Program Files (x86)\G Data\AVK\AVK.exe
12:34:11.0066 0x0810  AntiVirusKit CL - ok
12:34:11.0113 0x0810  [ 6474F8823C7188D2DA579F01FB6CED6B, 81D4E9D026CA60FB8840D520D151B8C2F4745A75DF90A4D6C80641F1A23AB605 ] AppID           C:\Windows\system32\drivers\appid.sys
12:34:11.0159 0x0810  AppID - ok
12:34:11.0175 0x0810  [ 8F58BA1F7772D6D7CE45F03309608001, CDB109E0DD241042C058F7D81A1BDEBC34435CB2DC4A7A7A3692193DD5806097 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:34:11.0206 0x0810  AppIDSvc - ok
12:34:11.0237 0x0810  [ B62867835B41BCD839D9896AB4D7DF09, 98036D0202DB6171E90485898175833AC44873A85E6453EBE928E433B364CE07 ] Appinfo         C:\Windows\System32\appinfo.dll
12:34:11.0284 0x0810  Appinfo - ok
12:34:11.0331 0x0810  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
12:34:11.0378 0x0810  AppMgmt - ok
12:34:11.0393 0x0810  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
12:34:11.0409 0x0810  arc - ok
12:34:11.0425 0x0810  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:34:11.0456 0x0810  arcsas - ok
12:34:11.0549 0x0810  [ 660D597B7A78256734D7F3230B21B355, CAA19E8EFAD63B8975A4CD8EFD5CE5F21E056856D36BC5A9E48517F1E574ABBA ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:34:11.0627 0x0810  aspnet_state - ok
12:34:11.0659 0x0810  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:34:11.0783 0x0810  AsyncMac - ok
12:34:11.0830 0x0810  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:34:11.0846 0x0810  atapi - ok
12:34:11.0893 0x0810  [ 230CF51113CD4B830B3BFD09B0D4C066, 54751AA93E5E697A09B9C02EED34BFFE4B9C98B69490B738BFD4127EACC0E39F ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
12:34:11.0908 0x0810  AtiHDAudioService - ok
12:34:11.0971 0x0810  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:34:12.0049 0x0810  AudioEndpointBuilder - ok
12:34:12.0080 0x0810  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:34:12.0111 0x0810  AudioSrv - ok
12:34:12.0298 0x0810  [ DB9B5BA0BC15D3091D8FF1E99C6F9880, 8C833C47114041722176BF944DF68CE5548C60B6A84BC9A16C51DEEA91784412 ] AVKProxy        C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
12:34:12.0392 0x0810  AVKProxy - ok
12:34:12.0579 0x0810  [ CB803D62726300AFEB7F5C3FAB55CAF6, 06D0B83169770F1664571C76DDD0E438B39B04BC22E43E11F4F7C7F25B9E59C4 ] AVKWCtl         C:\Program Files (x86)\G Data\AVK\AVK_64.exe
12:34:12.0704 0x0810  AVKWCtl - ok
12:34:12.0735 0x0810  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:34:12.0798 0x0810  AxInstSV - ok
12:34:12.0844 0x0810  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
12:34:12.0907 0x0810  b06bdrv - ok
12:34:12.0938 0x0810  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:34:12.0985 0x0810  b57nd60a - ok
12:34:13.0016 0x0810  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:34:13.0063 0x0810  BDESVC - ok
12:34:13.0078 0x0810  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:34:13.0141 0x0810  Beep - ok
12:34:13.0188 0x0810  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
12:34:13.0281 0x0810  BFE - ok
12:34:13.0328 0x0810  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
12:34:13.0453 0x0810  BITS - ok
12:34:13.0484 0x0810  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
12:34:13.0515 0x0810  blbdrive - ok
12:34:13.0546 0x0810  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:34:13.0593 0x0810  bowser - ok
12:34:13.0624 0x0810  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
12:34:13.0656 0x0810  BrFiltLo - ok
12:34:13.0671 0x0810  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
12:34:13.0702 0x0810  BrFiltUp - ok
12:34:13.0749 0x0810  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
12:34:13.0812 0x0810  BridgeMP - ok
12:34:13.0843 0x0810  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
12:34:13.0905 0x0810  Browser - ok
12:34:13.0936 0x0810  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:34:13.0983 0x0810  Brserid - ok
12:34:13.0999 0x0810  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:34:14.0030 0x0810  BrSerWdm - ok
12:34:14.0061 0x0810  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:34:14.0092 0x0810  BrUsbMdm - ok
12:34:14.0108 0x0810  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:34:14.0139 0x0810  BrUsbSer - ok
12:34:14.0155 0x0810  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
12:34:14.0202 0x0810  BTHMODEM - ok
12:34:14.0233 0x0810  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
12:34:14.0295 0x0810  bthserv - ok
12:34:14.0467 0x0810  [ C8D931D734FC0097478CE2583A75C4DF, 60C5F97D7E5A8B81A7123A5DB333577B0C7B9302C1D1C98D47BA96C0A3FB7417 ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
12:34:14.0748 0x0810  c2cautoupdatesvc - ok
12:34:14.0888 0x0810  [ 8E1CC0517DE17DF83CF80BFCE9F0C000, 13F7929D531914FA2ED1223977E15A7F45E3FF3DA1392ECC4B15F5619B37B754 ] c2cpnrsvc       C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
12:34:15.0138 0x0810  c2cpnrsvc - ok
12:34:15.0153 0x0810  catchme - ok
12:34:15.0184 0x0810  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:34:15.0231 0x0810  cdfs - ok
12:34:15.0262 0x0810  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
12:34:15.0294 0x0810  cdrom - ok
12:34:15.0325 0x0810  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:34:15.0387 0x0810  CertPropSvc - ok
12:34:15.0418 0x0810  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
12:34:15.0450 0x0810  circlass - ok
12:34:15.0496 0x0810  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
12:34:15.0528 0x0810  CLFS - ok
12:34:15.0590 0x0810  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:34:15.0606 0x0810  clr_optimization_v2.0.50727_32 - ok
12:34:15.0637 0x0810  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:34:15.0668 0x0810  clr_optimization_v2.0.50727_64 - ok
12:34:15.0715 0x0810  [ AB4CD527BEFCC43EE441E6C50CCE54C8, 13B776AE63049FFBA7E35EA0A4C26EBB57B10D973E05C4CF1214249754DC46E4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:34:15.0871 0x0810  clr_optimization_v4.0.30319_32 - ok
12:34:15.0886 0x0810  [ 1400C75FF021D6CFACE46AC41B60770E, 3FCB8D7714A79522F2738037D559F1FFFB2F05C5406D2A038EF5DDB4629CA1CE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:34:15.0996 0x0810  clr_optimization_v4.0.30319_64 - ok
12:34:16.0042 0x0810  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
12:34:16.0074 0x0810  CmBatt - ok
12:34:16.0105 0x0810  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:34:16.0120 0x0810  cmdide - ok
12:34:16.0183 0x0810  [ 3323F76352B0AF14B2CDC4DFBF3E980A, F8E3C3508C37E647497B6889F26819B1DB30275F48A994D1BBFBAA9454E5FD70 ] CNG             C:\Windows\system32\Drivers\cng.sys
12:34:16.0245 0x0810  CNG - ok
12:34:16.0277 0x0810  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
12:34:16.0292 0x0810  Compbatt - ok
12:34:16.0308 0x0810  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:34:16.0339 0x0810  CompositeBus - ok
12:34:16.0355 0x0810  COMSysApp - ok
12:34:16.0370 0x0810  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:34:16.0386 0x0810  crcdisk - ok
12:34:16.0417 0x0810  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:34:16.0479 0x0810  CryptSvc - ok
12:34:16.0511 0x0810  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
12:34:16.0557 0x0810  CSC - ok
12:34:16.0589 0x0810  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
12:34:16.0651 0x0810  CscService - ok
12:34:16.0713 0x0810  [ CDC82C641D32C99E7ADD779DFC1E912E, 91F17B28244E946419B1B78AE4D84DA3E749563DBEF68BCE8EEDC657553BB7FC ] VETUBY Update-Service C:\VETUBY\PROGRAMM\INSTALL\DvInesASDSvc.Exe
12:34:16.0807 0x0810  VETUBY Update-Service - ok
12:34:17.0135 0x0810  Vetuby.CC.Processes.Hosting.RdtServiceMode - ok
12:34:17.0150 0x0810  Vetuby.Database.Dimitra.Server - ok
12:34:17.0166 0x0810  Vetuby.Framework.RemoteServiceModel.EnablerService - ok
12:34:17.0181 0x0810  Vetuby.Framework.RemoteServices - ok
12:34:17.0197 0x0810  Vetuby.Irw.ServiceProvider.HostXcut.Server - ok
12:34:17.0213 0x0810  Vetuby.SystemComponents.ServiceBus.V0300.PlugIn - ok
12:34:17.0213 0x0810  Vetuby.SystemComponents.ServiceBus.V0400.PlugIn - ok
12:34:17.0259 0x0810  [ F9D2780B4F83F77A7959B52821EDB86F, 6EFEADA20F0B7C2B4A42FB2874044459D4DFA56DF1FD985C812471C93DC59CEB ] VetubyPrintService C:\VETUBY\PROGRAMM\B0001442\PSNTSERV.EXE
12:34:17.0291 0x0810  VetubyPrintService - detected UnsignedFile.Multi.Generic ( 1 )
12:34:17.0509 0x0810  VetubyPrintService ( UnsignedFile.Multi.Generic ) - warning
12:34:17.0727 0x0810  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:34:17.0790 0x0810  DcomLaunch - ok
12:34:17.0821 0x0810  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
12:34:17.0899 0x0810  defragsvc - ok
12:34:17.0961 0x0810  [ CF1F6326AC44C42F4615D4BD53188AC5, 28DC32F1957918C3D5DE72415CC32A51C6885CAA38119FE475D2631269D3B9B3 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:34:18.0024 0x0810  DfsC - ok
12:34:18.0055 0x0810  DfueSammlerDienst - ok
12:34:18.0086 0x0810  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:34:18.0133 0x0810  Dhcp - ok
12:34:18.0258 0x0810  [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack       C:\Windows\system32\diagtrack.dll
12:34:18.0398 0x0810  DiagTrack - ok
12:34:18.0414 0x0810  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
12:34:18.0476 0x0810  discache - ok
12:34:18.0539 0x0810  [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk            C:\Windows\system32\drivers\disk.sys
12:34:18.0554 0x0810  Disk - ok
12:34:18.0601 0x0810  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
12:34:18.0632 0x0810  dmvsc - ok
12:34:18.0663 0x0810  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:34:18.0710 0x0810  Dnscache - ok
12:34:18.0741 0x0810  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:34:18.0804 0x0810  dot3svc - ok
12:34:18.0819 0x0810  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
12:34:18.0882 0x0810  DPS - ok
12:34:18.0929 0x0810  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:34:18.0960 0x0810  drmkaud - ok
12:34:19.0131 0x0810  [ BFD5BCE16C3F5BF831A35900BDBEA942, 85DBA62253C9D89B629A3F0C9CED2C6C37C846ABC4D30D0A21B0EB8590DED065 ] DVckService     C:\VETUBY\PROGRAMM\B0000150\ScServer\DVckService.exe
12:34:19.0303 0x0810  DVckService - ok
12:34:19.0397 0x0810  [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:34:19.0459 0x0810  DXGKrnl - ok
12:34:19.0506 0x0810  [ DC1776D086AA9733B1929A3D979D9FDD, C7EEF160C615948CCCDE3B56C43F8A1E348B4E1212E0DDDB8A9EC2EC14FF73EE ] e1cexpress      C:\Windows\system32\DRIVERS\e1c62x64.sys
12:34:19.0537 0x0810  e1cexpress - ok
12:34:19.0568 0x0810  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
12:34:19.0631 0x0810  EapHost - ok
12:34:19.0771 0x0810  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
12:34:19.0974 0x0810  ebdrv - ok
12:34:20.0005 0x0810  [ 13FE29C1C8E782829C7FAA3B14F4A666, C53F7F9039E79AC6D5BDA94981A187570D6C7828930B6064CEFC17DC172EA20E ] EFS             C:\Windows\System32\lsass.exe
12:34:20.0052 0x0810  EFS - ok
12:34:20.0114 0x0810  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:34:20.0177 0x0810  ehRecvr - ok
12:34:20.0208 0x0810  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
12:34:20.0239 0x0810  ehSched - ok
12:34:20.0286 0x0810  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:34:20.0333 0x0810  elxstor - ok
12:34:20.0348 0x0810  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:34:20.0380 0x0810  ErrDev - ok
12:34:20.0426 0x0810  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
12:34:20.0504 0x0810  EventSystem - ok
12:34:20.0520 0x0810  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
12:34:20.0582 0x0810  exfat - ok
12:34:20.0598 0x0810  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:34:20.0660 0x0810  fastfat - ok
12:34:20.0723 0x0810  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
12:34:20.0785 0x0810  Fax - ok
12:34:20.0801 0x0810  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
12:34:20.0816 0x0810  fdc - ok
12:34:20.0832 0x0810  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
12:34:20.0894 0x0810  fdPHost - ok
12:34:20.0910 0x0810  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:34:20.0972 0x0810  FDResPub - ok
12:34:21.0019 0x0810  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:34:21.0035 0x0810  FileInfo - ok
12:34:21.0035 0x0810  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:34:21.0097 0x0810  Filetrace - ok
12:34:21.0175 0x0810  [ BFED104567919E11D360D5DAF583CED4, 9453D70D887C7F7450A3227D6B3279D420D5380150845BE94A17363079DECA96 ] FirebirdGuardianDefaultInstance C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
12:34:21.0191 0x0810  FirebirdGuardianDefaultInstance - detected UnsignedFile.Multi.Generic ( 1 )
12:34:21.0284 0x0810  Detect skipped due to KSN trusted
12:34:21.0284 0x0810  FirebirdGuardianDefaultInstance - ok
12:34:21.0456 0x0810  [ AB25B6A0D8E4C53B166A1CD54F5DD199, 4FAFB0AD7388FB2591B7259E98C338CC78F2FAC036A9C0972463D4EAC5E460F1 ] FirebirdServerDefaultInstance C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
12:34:21.0659 0x0810  FirebirdServerDefaultInstance - detected UnsignedFile.Multi.Generic ( 1 )
12:34:21.0752 0x0810  Detect skipped due to KSN trusted
12:34:21.0752 0x0810  FirebirdServerDefaultInstance - ok
12:34:21.0768 0x0810  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
12:34:21.0799 0x0810  flpydisk - ok
12:34:21.0830 0x0810  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:34:21.0862 0x0810  FltMgr - ok
12:34:21.0924 0x0810  [ F0CC1A9106F9FB0F704F6ED95622B43E, DE09E37619B91AD4F43B473A41E6563F4FCFB891A7F9665E8631131A49FA96A1 ] fltsrv          C:\Windows\system32\DRIVERS\fltsrv.sys
12:34:21.0940 0x0810  fltsrv - ok
12:34:22.0033 0x0810  [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache       C:\Windows\system32\FntCache.dll
12:34:22.0158 0x0810  FontCache - ok
12:34:22.0189 0x0810  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:34:22.0205 0x0810  FontCache3.0.0.0 - ok
12:34:22.0267 0x0810  [ C902AE091D15962DE76E455C970D416B, FC05A7990D6E775886D620C779EB6FC214A6A1C0FA86EE8F55563BB3BDCA86EC ] FPLService      C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
12:34:22.0283 0x0810  FPLService - ok
12:34:22.0314 0x0810  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:34:22.0330 0x0810  FsDepends - ok
12:34:22.0361 0x0810  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:34:22.0376 0x0810  Fs_Rec - ok
12:34:22.0423 0x0810  [ FA169871D8FADCC6539C4E8726610286, 14BF1C5225BD736C686FAC6393050BCFC5C43BC9557A78901CC98BC446A3894D ] FTDIBUS         C:\Windows\system32\drivers\ftdibus.sys
12:34:22.0439 0x0810  FTDIBUS - ok
12:34:22.0470 0x0810  [ 24237091348D1EFB5635A1CF9649E311, 23C66EEC336770E035825EEBABEB02258FFB1436A5CC0E26C267C470EA5B0D07 ] FTSER2K         C:\Windows\system32\drivers\ftser2k.sys
12:34:22.0486 0x0810  FTSER2K - ok
12:34:22.0532 0x0810  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:34:22.0564 0x0810  fvevol - ok
12:34:22.0579 0x0810  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:34:22.0595 0x0810  gagp30kx - ok
12:34:22.0751 0x0810  [ A42BFF5A301FF1AC3871924FE851C940, 69E0D23FF68143D4E85852D606B91C516E4CE433C1DAE42EF80151F73ACE2769 ] GDBackupSvc     C:\Program Files (x86)\G Data\AVK\AVKBackupService.exe
12:34:22.0844 0x0810  GDBackupSvc - ok
12:34:22.0876 0x0810  [ A92D4EAF413AC4BA6C12E84FE6E05D42, 8C3F9B01B7DAD699F030F9BD3CF963EF8EA6ED0D4B444C22926B3B0291C9A429 ] GDBehave        C:\Windows\system32\drivers\GDBehave.sys
12:34:22.0891 0x0810  GDBehave - ok
12:34:22.0907 0x0810  [ A2437FAC59A29E330CCD50FFA7F55C3F, AAD982E88B90D8CA994812C9D16CBDCADF190FAD13A4DAC9D962E68325F815F6 ] GDKBB           C:\Windows\system32\drivers\GDKBB64.sys
12:34:22.0922 0x0810  GDKBB - ok
12:34:22.0969 0x0810  [ F235159D1C1EB2F92C904E06406EDAE5, C3DECFE795C00D65CC9EBC96EE782120AF33ADB1C301E67AE0FB49FA0727173B ] GDMnIcpt        C:\Windows\system32\drivers\MiniIcpt.sys
12:34:22.0985 0x0810  GDMnIcpt - ok
12:34:23.0094 0x0810  [ B508CF57EACDBB21BEBAE813531D3B32, 508BD22F78B2694C1DDF51D2B25B06D7B2D7202B1D49A03D7A6C2555E18A237E ] GDScan          C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
12:34:23.0141 0x0810  GDScan - ok
12:34:23.0156 0x0810  [ D194B7A16C58B71D8A8CF845F49607F8, 11DC186BB26473C604E8464BB55B84109607B278C751CD38F14AA695901EF3D1 ] gdwfpcd         C:\Windows\system32\drivers\gdwfpcd64.sys
12:34:23.0172 0x0810  gdwfpcd - ok
12:34:23.0234 0x0810  [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc           C:\Windows\System32\gpsvc.dll
12:34:23.0297 0x0810  gpsvc - ok
12:34:23.0344 0x0810  [ F273BCFE6BD4B67DE006345E88F2C938, C0F98A6A106EBAAA9B14F5620C613969915BFA91E272A023E1C5A8C8C5344977 ] GRD             C:\Windows\system32\drivers\GRD.sys
12:34:23.0359 0x0810  GRD - ok
12:34:23.0453 0x0810  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:34:23.0468 0x0810  gupdate - ok
12:34:23.0484 0x0810  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:34:23.0500 0x0810  gupdatem - ok
12:34:23.0531 0x0810  [ 3921C845A24C62CA1F44EEF4826263E9, 4CB2CAB0B96F097B3BFC28EA12AA7C28131AEC114BF0920BC80789CDD6BF4019 ] hardlock        C:\Windows\system32\drivers\hardlock.sys
12:34:23.0562 0x0810  hardlock - ok
12:34:23.0562 0x0810  hasplms - ok
12:34:23.0578 0x0810  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:34:23.0609 0x0810  hcw85cir - ok
12:34:23.0640 0x0810  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:34:23.0687 0x0810  HdAudAddService - ok
12:34:23.0718 0x0810  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:34:23.0749 0x0810  HDAudBus - ok
12:34:23.0780 0x0810  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
12:34:23.0812 0x0810  HidBatt - ok
12:34:23.0827 0x0810  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:34:23.0858 0x0810  HidBth - ok
12:34:23.0890 0x0810  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:34:23.0921 0x0810  HidIr - ok
12:34:23.0952 0x0810  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
12:34:23.0999 0x0810  hidserv - ok
12:34:24.0046 0x0810  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:34:24.0061 0x0810  HidUsb - ok
12:34:24.0077 0x0810  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:34:24.0155 0x0810  hkmsvc - ok
12:34:24.0171 0x0810  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:34:24.0233 0x0810  HomeGroupListener - ok
12:34:24.0249 0x0810  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:34:24.0280 0x0810  HomeGroupProvider - ok
12:34:24.0342 0x0810  [ 49CA87032215E0CBBF153D6098107748, 6FBFB6AFF63B44B5DCD605733F15DC0579E5DAD0B7985A6B84549C96F14F6F9F ] HookCentre      C:\Windows\system32\drivers\HookCentre.sys
12:34:24.0358 0x0810  HookCentre - ok
12:34:24.0405 0x0810  [ 13BB1114451C63BFB41BA7DAA4D70A29, A07D27DCD1D5F333973DDF7E91BF902307088C48696EE1D1970A0152A507231B ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
12:34:24.0420 0x0810  HP Support Assistant Service - ok
12:34:24.0436 0x0810  [ BCC4A8B2E2E902F52E7F2E7D8E125765, 4253DEABF5E4613E42BFC921BF4E2DD5BDF80A640250F41BDA7DD2711A6BA8A1 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
12:34:24.0451 0x0810  HPDrvMntSvc.exe - ok
12:34:24.0498 0x0810  [ EC9739A46F1F83C6E52A7A4697F44A65, CF4E93D3E8CA607DDEF87C6996F6C7326316144A61C1B4F83EA1B4B2F9BDC69B ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
12:34:24.0545 0x0810  hpqwmiex - ok
12:34:24.0561 0x0810  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:34:24.0576 0x0810  HpSAMD - ok
12:34:24.0717 0x0810  [ 5D36F476BC1149D0FAE9159FA8AFA56F, E95548177869A4FF643A06ACD1FF5363F789F821B36A352FD20C3E78CC419C3F ] HRService       C:\Program Files (x86)\Efuah\iDesk\iDeskService\iDeskService.exe
12:34:24.0717 0x0810  HRService - detected UnsignedFile.Multi.Generic ( 1 )
12:34:24.0810 0x0810  HRService ( UnsignedFile.Multi.Generic ) - warning
12:34:24.0810 0x0810  Force sending object to P2P due to detect: HRService
12:34:25.0060 0x0810  Object send P2P result: true
12:34:25.0278 0x0810  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:34:25.0372 0x0810  HTTP - ok
12:34:25.0387 0x0810  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:34:25.0403 0x0810  hwpolicy - ok
12:34:25.0434 0x0810  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:34:25.0465 0x0810  i8042prt - ok
12:34:25.0497 0x0810  [ D7921D5A870B11CC1ADAB198A519D50A, 5DF99EB5D5504E9D9EB21658E8B4A58DEE2AD143A1875DB7F9B7BF4877FCB57F ] iaStor          C:\Windows\system32\drivers\iaStor.sys
12:34:25.0528 0x0810  iaStor - ok
12:34:25.0559 0x0810  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:34:25.0590 0x0810  iaStorV - ok
12:34:25.0668 0x0810  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:34:25.0684 0x0810  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
12:34:25.0793 0x0810  Detect skipped due to KSN trusted
12:34:25.0793 0x0810  IDriverT - ok
12:34:25.0871 0x0810  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:34:25.0918 0x0810  idsvc - ok
12:34:25.0933 0x0810  IEEtwCollectorService - ok
12:34:25.0965 0x0810  [ 2DCEA6E19134AEA8BF9B68110732A880, E8582F25EFC768BE738C16051BB95387713F4022B6278A90F14BAC7CE8321258 ] IFCoEMP         C:\Windows\system32\drivers\ifM52x64.sys
12:34:25.0996 0x0810  IFCoEMP - ok
12:34:26.0011 0x0810  [ 3A58E368FBF1CCF9E89F922EB76405C0, BCE3B31761B3D02DD0797CF210E165E484B608733769C0CB20DD2EB24BF63E5B ] IFCoEVB         C:\Windows\system32\drivers\ifP52X64.sys
12:34:26.0027 0x0810  IFCoEVB - ok
12:34:26.0542 0x0810  [ 0AC9E321D604BE48A0D72B69BA484BDC, CAB41D696F86105ABC660DB66EFC602E81F725B809E821DE48912F2452EA8BEC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
12:34:27.0135 0x0810  igfx - ok
12:34:27.0181 0x0810  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:34:27.0197 0x0810  iirsp - ok
12:34:27.0259 0x0810  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
12:34:27.0322 0x0810  IKEEXT - ok
12:34:27.0353 0x0810  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd           C:\Windows\system32\drivers\Impcd.sys
12:34:27.0400 0x0810  Impcd - ok
12:34:27.0525 0x0810  [ A0C2C3D4C03C4FB896CFC53873784178, 7C2178B72D7B7B8FD9045A40656A4492ACF4527AAA0B7D9CB7881487AAD67D95 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:34:27.0665 0x0810  IntcAzAudAddService - ok
12:34:27.0696 0x0810  [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
12:34:27.0759 0x0810  IntcDAud - ok
12:34:27.0790 0x0810  [ 28D387EEFAD7CC3A0BEB9C3262E83ADD, 41C3232407CEB4DA84A465018F23B842D67EA9412C02EE3C8DED4D66ABBDEC2A ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
12:34:27.0805 0x0810  Intel(R) PROSet Monitoring Service - ok
12:34:27.0868 0x0810  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:34:27.0883 0x0810  intelide - ok
12:34:27.0915 0x0810  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
12:34:27.0946 0x0810  intelppm - ok
12:34:27.0993 0x0810  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:34:28.0055 0x0810  IPBusEnum - ok
12:34:28.0086 0x0810  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:34:28.0149 0x0810  IpFilterDriver - ok
12:34:28.0227 0x0810  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:34:28.0289 0x0810  iphlpsvc - ok
12:34:28.0336 0x0810  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:34:28.0367 0x0810  IPMIDRV - ok
12:34:28.0398 0x0810  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:34:28.0445 0x0810  IPNAT - ok
12:34:28.0476 0x0810  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:34:28.0507 0x0810  IRENUM - ok
12:34:28.0554 0x0810  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:34:28.0570 0x0810  isapnp - ok
12:34:28.0617 0x0810  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:34:28.0632 0x0810  iScsiPrt - ok
12:34:28.0679 0x0810  [ F415A88162D23977B5EDAE4F0410E903, B86FD88B4285ED96BFDB9430E4DB134AC1B09DBB541929C4D6C1EEAF792D444D ] IviRegMgr       C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
12:34:28.0695 0x0810  IviRegMgr - ok
12:34:28.0741 0x0810  [ 6C85719A21B3F62C2C76280F4BD36C7B, 471E333467937720EF9369419EEDE5C2246C976123B437E0AC66F394CF1C056A ] jhi_service     C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
12:34:28.0773 0x0810  jhi_service - ok
12:34:28.0788 0x0810  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:34:28.0804 0x0810  kbdclass - ok
12:34:28.0819 0x0810  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:34:28.0851 0x0810  kbdhid - ok
12:34:28.0866 0x0810  [ 13FE29C1C8E782829C7FAA3B14F4A666, C53F7F9039E79AC6D5BDA94981A187570D6C7828930B6064CEFC17DC172EA20E ] KeyIso          C:\Windows\system32\lsass.exe
12:34:28.0882 0x0810  KeyIso - ok
12:34:28.0897 0x0810  [ 322CD7A01A961D94C6EAB640D6427504, 17979EB65FEE44E329F3E8097194AE20422818EC6859DAA0206EB2CC3EEFA8D7 ] KOBCCEX         C:\Windows\system32\drivers\KOBCCEX.sys
12:34:28.0913 0x0810  KOBCCEX - detected UnsignedFile.Multi.Generic ( 1 )
12:34:29.0007 0x0810  Detect skipped due to KSN trusted
12:34:29.0007 0x0810  KOBCCEX - ok
12:34:29.0038 0x0810  [ 3209D40399078C1091398F43215EDD1A, 4F4A5D85D06352DAD09ECB5BD272FC011DF23F6787CCE51AC9BCDD2A48DDA16F ] KOBCCID         C:\Windows\system32\drivers\KOBCCID.sys
12:34:29.0116 0x0810  KOBCCID - ok
12:34:29.0163 0x0810  [ 6E9E3377A74CBBFD953B8508E74FB37F, 04F884DB140B2D7577D760158F57FD08ABFA77411285432F2A1F0F544A4F26AB ] KOBIL_MSDI      C:\VETUBY\PROGRAMM\B0000404\msdisrv.exe
12:34:29.0178 0x0810  KOBIL_MSDI - ok
12:34:29.0225 0x0810  [ CFBA6BCBBDC7E33813D92FFB3460FA07, 4BE0DF9AC976A991731C784CD3F32C4CED67AD58267658F046798E84BA1BF78C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:34:29.0256 0x0810  KSecDD - ok
12:34:29.0288 0x0810  [ CE66825289EE8326CB52C4E9E785ACB0, 41113B55F891A300C7967F585F59921917EC0718C26798946056B1DE534EE0E3 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:34:29.0319 0x0810  KSecPkg - ok
12:34:29.0350 0x0810  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:34:29.0397 0x0810  ksthunk - ok
12:34:29.0428 0x0810  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:34:29.0506 0x0810  KtmRm - ok
12:34:29.0537 0x0810  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
12:34:29.0600 0x0810  LanmanServer - ok
12:34:29.0631 0x0810  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:34:29.0709 0x0810  LanmanWorkstation - ok
12:34:29.0740 0x0810  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:34:29.0787 0x0810  lltdio - ok
12:34:29.0818 0x0810  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:34:29.0880 0x0810  lltdsvc - ok
12:34:29.0896 0x0810  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:34:29.0958 0x0810  lmhosts - ok
12:34:30.0021 0x0810  [ 97F9EAAC985A663394CD8F54DCD3E73A, D5BA3E7ED36BA361B1941F12D83568C30F7E49A8B9D54D3EBBBD05767E1F3B0A ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
12:34:30.0052 0x0810  LMS - ok
12:34:30.0068 0x0810  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:34:30.0099 0x0810  LSI_FC - ok
12:34:30.0114 0x0810  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:34:30.0146 0x0810  LSI_SAS - ok
12:34:30.0161 0x0810  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:34:30.0177 0x0810  LSI_SAS2 - ok
12:34:30.0192 0x0810  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:34:30.0208 0x0810  LSI_SCSI - ok
12:34:30.0239 0x0810  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:34:30.0302 0x0810  luafv - ok
12:34:30.0348 0x0810  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:34:30.0364 0x0810  Mcx2Svc - ok
12:34:30.0380 0x0810  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:34:30.0411 0x0810  megasas - ok
12:34:30.0426 0x0810  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
12:34:30.0458 0x0810  MegaSR - ok
12:34:30.0489 0x0810  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\drivers\HECIx64.sys
12:34:30.0504 0x0810  MEIx64 - ok
12:34:30.0567 0x0810  Microsoft SharePoint Workspace Audit Service - ok
12:34:30.0598 0x0810  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
12:34:30.0660 0x0810  MMCSS - ok
12:34:30.0676 0x0810  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
12:34:30.0738 0x0810  Modem - ok
12:34:30.0754 0x0810  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:34:30.0785 0x0810  monitor - ok
12:34:30.0832 0x0810  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:34:30.0848 0x0810  mouclass - ok
12:34:30.0879 0x0810  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:34:30.0894 0x0810  mouhid - ok
12:34:30.0941 0x0810  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:34:30.0957 0x0810  mountmgr - ok
12:34:31.0019 0x0810  [ 69E23C730974BAC8C11DF2B7C4C9D37B, 8DC4448EC9C9647381952D7822B39C89E0997B4B964A785AE274144FADEE3C02 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:34:31.0050 0x0810  MozillaMaintenance - ok
12:34:31.0066 0x0810  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:34:31.0097 0x0810  mpio - ok
12:34:31.0113 0x0810  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:34:31.0175 0x0810  mpsdrv - ok
12:34:31.0238 0x0810  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:34:31.0331 0x0810  MpsSvc - ok
12:34:31.0362 0x0810  [ D7ADC2B83CA0B0381F75A98351F72CEE, 05476B7CA0486DF770AE492B5A90C85E3D3E7485152EB2FA30A19EC9BE44ED81 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:34:31.0409 0x0810  MRxDAV - ok
12:34:31.0456 0x0810  [ B7FADA5E1E55BB63F90EB9F8F016113B, 33C2C898E4AD0CBD34D9A6CF51987A4703009E23CD9D4F4294BF444C4D3D5A60 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:34:31.0518 0x0810  mrxsmb - ok
12:34:31.0565 0x0810  [ 34AFF1849B3EC042C40C5EEC9D78562A, E3378A9977B429812C38529C562FE27945706ADB5E9E877C4A90B0285631A501 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:34:31.0612 0x0810  mrxsmb10 - ok
12:34:31.0628 0x0810  [ 058CE7A55E140EB0C72FBA6FD2FA72DE, B1D89E524A621BDCC464882EF621BDC7779BFCBCC9FD923D70DE130C41D0DB4C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:34:31.0674 0x0810  mrxsmb20 - ok
12:34:31.0706 0x0810  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:34:31.0721 0x0810  msahci - ok
12:34:31.0752 0x0810  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:34:31.0768 0x0810  msdsm - ok
12:34:31.0799 0x0810  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
12:34:31.0815 0x0810  MSDTC - ok
12:34:31.0846 0x0810  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:34:31.0908 0x0810  Msfs - ok
12:34:31.0924 0x0810  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:34:31.0986 0x0810  mshidkmdf - ok
12:34:32.0002 0x0810  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:34:32.0018 0x0810  msisadrv - ok
12:34:32.0049 0x0810  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:34:32.0111 0x0810  MSiSCSI - ok
12:34:32.0111 0x0810  msiserver - ok
12:34:32.0142 0x0810  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:34:32.0189 0x0810  MSKSSRV - ok
12:34:32.0205 0x0810  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:34:32.0252 0x0810  MSPCLOCK - ok
12:34:32.0252 0x0810  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:34:32.0314 0x0810  MSPQM - ok
12:34:32.0330 0x0810  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:34:32.0361 0x0810  MsRPC - ok
12:34:32.0376 0x0810  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:34:32.0392 0x0810  mssmbios - ok
12:34:32.0392 0x0810  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:34:32.0439 0x0810  MSTEE - ok
12:34:32.0454 0x0810  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
12:34:32.0470 0x0810  MTConfig - ok
12:34:32.0517 0x0810  [ AA0C2BA3782E92BD85E2264BE418E67C, 8B0953926E83274DF16670F1EF6F4E302F7EE17418F486975C353A406850298C ] Mup             C:\Windows\system32\Drivers\mup.sys
12:34:32.0532 0x0810  Mup - ok
12:34:32.0579 0x0810  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
12:34:32.0642 0x0810  napagent - ok
12:34:32.0688 0x0810  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:34:32.0751 0x0810  NativeWifiP - ok
12:34:32.0829 0x0810  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:34:32.0891 0x0810  NDIS - ok
12:34:32.0907 0x0810  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:34:32.0954 0x0810  NdisCap - ok
12:34:32.0985 0x0810  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:34:33.0032 0x0810  NdisTapi - ok
12:34:33.0047 0x0810  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:34:33.0110 0x0810  Ndisuio - ok
12:34:33.0141 0x0810  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:34:33.0203 0x0810  NdisWan - ok
12:34:33.0219 0x0810  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:34:33.0281 0x0810  NDProxy - ok
12:34:33.0297 0x0810  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:34:33.0359 0x0810  NetBIOS - ok
12:34:33.0406 0x0810  [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:34:33.0500 0x0810  NetBT - ok
12:34:33.0531 0x0810  [ 13FE29C1C8E782829C7FAA3B14F4A666, C53F7F9039E79AC6D5BDA94981A187570D6C7828930B6064CEFC17DC172EA20E ] Netlogon        C:\Windows\system32\lsass.exe
12:34:33.0546 0x0810  Netlogon - ok
12:34:33.0578 0x0810  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
12:34:33.0656 0x0810  Netman - ok
12:34:33.0734 0x0810  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:34:33.0780 0x0810  NetMsmqActivator - ok
12:34:33.0796 0x0810  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:34:33.0812 0x0810  NetPipeActivator - ok
12:34:33.0843 0x0810  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
12:34:33.0905 0x0810  netprofm - ok
12:34:33.0921 0x0810  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:34:33.0936 0x0810  NetTcpActivator - ok
12:34:33.0952 0x0810  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:34:33.0968 0x0810  NetTcpPortSharing - ok
12:34:33.0983 0x0810  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:34:33.0999 0x0810  nfrd960 - ok
12:34:34.0046 0x0810  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:34:34.0124 0x0810  NlaSvc - ok
12:34:34.0139 0x0810  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:34:34.0186 0x0810  Npfs - ok
12:34:34.0217 0x0810  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
12:34:34.0280 0x0810  nsi - ok
12:34:34.0295 0x0810  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:34:34.0342 0x0810  nsiproxy - ok
12:34:34.0436 0x0810  [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:34:34.0529 0x0810  Ntfs - ok
12:34:34.0545 0x0810  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
12:34:34.0592 0x0810  Null - ok
12:34:34.0623 0x0810  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:34:34.0638 0x0810  nvraid - ok
12:34:34.0654 0x0810  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:34:34.0685 0x0810  nvstor - ok
12:34:34.0716 0x0810  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:34:34.0732 0x0810  nv_agp - ok
12:34:34.0763 0x0810  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:34:34.0779 0x0810  ohci1394 - ok
12:34:34.0826 0x0810  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:34:34.0857 0x0810  ose - ok
12:34:35.0106 0x0810  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:34:35.0309 0x0810  osppsvc - ok
12:34:35.0356 0x0810  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:34:35.0403 0x0810  p2pimsvc - ok
12:34:35.0434 0x0810  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
12:34:35.0481 0x0810  p2psvc - ok
12:34:35.0496 0x0810  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
12:34:35.0528 0x0810  Parport - ok
12:34:35.0574 0x0810  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:34:35.0590 0x0810  partmgr - ok
12:34:35.0621 0x0810  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:34:35.0684 0x0810  PcaSvc - ok
12:34:35.0699 0x0810  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
12:34:35.0715 0x0810  pci - ok
12:34:35.0762 0x0810  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:34:35.0777 0x0810  pciide - ok
12:34:35.0808 0x0810  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:34:35.0840 0x0810  pcmcia - ok
12:34:35.0855 0x0810  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:34:35.0871 0x0810  pcw - ok
12:34:35.0949 0x0810  [ B0C25EA5278579EC685E32E16BBFF24F, D2239647F16778085EC5A1508E9DE4D3E546ECF5A758ABA787B6D9D96F2E614D ] PDFProFiltSrv   C:\Program Files (x86)\Nuance\PDF \PDFProFiltSrv.exe
12:34:35.0964 0x0810  PDFProFiltSrv - ok
12:34:36.0027 0x0810  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:34:36.0089 0x0810  PEAUTH - ok
12:34:36.0152 0x0810  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
12:34:36.0276 0x0810  PeerDistSvc - ok
12:34:36.0323 0x0810  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:34:36.0354 0x0810  PerfHost - ok
12:34:36.0417 0x0810  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
12:34:36.0557 0x0810  pla - ok
12:34:36.0604 0x0810  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:34:36.0651 0x0810  PlugPlay - ok
12:34:36.0666 0x0810  [ 0BEE791C7C7ACE453C134E73633C497D, 82B30461DBF40AC15FCE6A83B9BAD2EBD05B27DEA1B784EAA096422FE8927B7B ] pmxdrv          C:\Windows\system32\drivers\pmxdrv.sys
12:34:36.0682 0x0810  pmxdrv - ok
12:34:36.0698 0x0810  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:34:36.0729 0x0810  PNRPAutoReg - ok
12:34:36.0745 0x0810  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:34:36.0776 0x0810  PNRPsvc - ok
12:34:36.0823 0x0810  [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:34:36.0916 0x0810  PolicyAgent - ok
12:34:36.0947 0x0810  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
12:34:37.0025 0x0810  Power - ok
12:34:37.0057 0x0810  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:34:37.0119 0x0810  PptpMiniport - ok
12:34:37.0135 0x0810  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
12:34:37.0150 0x0810  Processor - ok
12:34:37.0197 0x0810  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:34:37.0259 0x0810  ProfSvc - ok
12:34:37.0259 0x0810  [ 13FE29C1C8E782829C7FAA3B14F4A666, C53F7F9039E79AC6D5BDA94981A187570D6C7828930B6064CEFC17DC172EA20E ] ProtectedStorage C:\Windows\system32\lsass.exe
12:34:37.0275 0x0810  ProtectedStorage - ok
12:34:37.0291 0x0810  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:34:37.0353 0x0810  Psched - ok
12:34:37.0369 0x0810  [ F036CFB275D0C55F4E45FBBF5F98B3C8, D8D1CA9F65B34A93AB9F7FD9BB6C453B2BF4E8320E620F56055B743DF1D56DE8 ] PSI_SVC_2       C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
12:34:37.0384 0x0810  PSI_SVC_2 - ok
12:34:37.0478 0x0810  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:34:37.0556 0x0810  ql2300 - ok
12:34:37.0571 0x0810  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:34:37.0603 0x0810  ql40xx - ok
12:34:37.0634 0x0810  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
12:34:37.0665 0x0810  QWAVE - ok
12:34:37.0681 0x0810  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:34:37.0712 0x0810  QWAVEdrv - ok
12:34:37.0727 0x0810  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:34:37.0774 0x0810  RasAcd - ok
12:34:37.0805 0x0810  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:34:37.0868 0x0810  RasAgileVpn - ok
12:34:37.0883 0x0810  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
12:34:37.0961 0x0810  RasAuto - ok
12:34:37.0961 0x0810  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:34:38.0024 0x0810  Rasl2tp - ok
12:34:38.0039 0x0810  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
12:34:38.0102 0x0810  RasMan - ok
12:34:38.0117 0x0810  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:34:38.0164 0x0810  RasPppoe - ok
12:34:38.0180 0x0810  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:34:38.0242 0x0810  RasSstp - ok
12:34:38.0289 0x0810  [ 71B6F78D6444CCE6F77BC42917A4E8F7, 34927A2C1CA349D251A327ED1F30018B065A8E6B886D9B5080A8AE2F6A8C0914 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:34:38.0320 0x0810  rdbss - ok
12:34:38.0336 0x0810  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
12:34:38.0367 0x0810  rdpbus - ok
12:34:38.0398 0x0810  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:34:38.0461 0x0810  RDPCDD - ok
12:34:38.0476 0x0810  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
12:34:38.0539 0x0810  RDPDR - ok
12:34:38.0539 0x0810  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:34:38.0601 0x0810  RDPENCDD - ok
12:34:38.0632 0x0810  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:34:38.0679 0x0810  RDPREFMP - ok
12:34:38.0726 0x0810  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:34:38.0773 0x0810  RDPWD - ok
12:34:38.0804 0x0810  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:34:38.0835 0x0810  rdyboost - ok
12:34:38.0866 0x0810  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:34:38.0929 0x0810  RemoteAccess - ok
12:34:38.0960 0x0810  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:34:39.0038 0x0810  RemoteRegistry - ok
12:34:39.0053 0x0810  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:34:39.0116 0x0810  RpcEptMapper - ok
12:34:39.0131 0x0810  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
12:34:39.0147 0x0810  RpcLocator - ok
12:34:39.0194 0x0810  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] RpcSs           C:\Windows\system32\rpcss.dll
12:34:39.0225 0x0810  RpcSs - ok
12:34:39.0256 0x0810  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:34:39.0303 0x0810  rspndr - ok
12:34:39.0319 0x0810  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
12:34:39.0334 0x0810  s3cap - ok
12:34:39.0350 0x0810  [ 13FE29C1C8E782829C7FAA3B14F4A666, C53F7F9039E79AC6D5BDA94981A187570D6C7828930B6064CEFC17DC172EA20E ] SamSs           C:\Windows\system32\lsass.exe
12:34:39.0365 0x0810  SamSs - ok
12:34:39.0397 0x0810  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:34:39.0412 0x0810  sbp2port - ok
12:34:39.0443 0x0810  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:34:39.0490 0x0810  SCardSvr - ok
12:34:39.0506 0x0810  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:34:39.0568 0x0810  scfilter - ok
12:34:39.0646 0x0810  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
12:34:39.0771 0x0810  Schedule - ok
12:34:39.0787 0x0810  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:34:39.0833 0x0810  SCPolicySvc - ok
12:34:39.0865 0x0810  [ 96AD7163BDBB94D2C6B57FF294C7064C, C750C123511B29602D3F8D73A4C28704AC798BA8A6B7E35E5B519A651259350E ] SC_SERV3D       C:\Windows\system32\drivers\d3_kafm.sys
12:34:39.0880 0x0810  SC_SERV3D - ok
12:34:39.0911 0x0810  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:34:39.0943 0x0810  SDRSVC - ok
12:34:39.0974 0x0810  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:34:40.0052 0x0810  secdrv - ok
12:34:40.0099 0x0810  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
12:34:40.0145 0x0810  seclogon - ok
12:34:40.0177 0x0810  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
12:34:40.0223 0x0810  SENS - ok
12:34:40.0239 0x0810  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:34:40.0270 0x0810  SensrSvc - ok
12:34:40.0286 0x0810  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:34:40.0317 0x0810  Serenum - ok
12:34:40.0364 0x0810  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
12:34:40.0379 0x0810  Serial - ok
12:34:40.0395 0x0810  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:34:40.0442 0x0810  sermouse - ok
12:34:40.0473 0x0810  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
12:34:40.0535 0x0810  SessionEnv - ok
12:34:40.0551 0x0810  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:34:40.0567 0x0810  sffdisk - ok
12:34:40.0582 0x0810  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:34:40.0598 0x0810  sffp_mmc - ok
12:34:40.0613 0x0810  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:34:40.0629 0x0810  sffp_sd - ok
12:34:40.0645 0x0810  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:34:40.0676 0x0810  sfloppy - ok
12:34:40.0707 0x0810  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:34:40.0785 0x0810  SharedAccess - ok
12:34:40.0832 0x0810  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:34:40.0879 0x0810  ShellHWDetection - ok
12:34:40.0941 0x0810  Sicherheitspaket-Dienst - ok
12:34:40.0957 0x0810  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:34:40.0972 0x0810  SiSRaid2 - ok
12:34:40.0988 0x0810  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:34:41.0003 0x0810  SiSRaid4 - ok
12:34:41.0113 0x0810  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
12:34:41.0144 0x0810  SkypeUpdate - ok
12:34:41.0159 0x0810  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:34:41.0222 0x0810  Smb - ok
12:34:41.0300 0x0810  [ FDB6E127DF739D4911319F0C8D339CAF, 8A61851C07F686838BD0816683620B5856D3F698E5F1AEC5ECD75F69817287B1 ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
12:34:41.0331 0x0810  snapman - ok
12:34:41.0347 0x0810  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:34:41.0362 0x0810  SNMPTRAP - ok
12:34:41.0378 0x0810  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:34:41.0393 0x0810  spldr - ok
12:34:41.0440 0x0810  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
12:34:41.0534 0x0810  Spooler - ok
12:34:41.0674 0x0810  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
12:34:41.0908 0x0810  sppsvc - ok
12:34:41.0924 0x0810  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:34:41.0971 0x0810  sppuinotify - ok
12:34:42.0017 0x0810  [ F2F4B895296EE3ECCE781CC2A296A5D1, 126321EDDA8141A42DBE7C90675948433063E6D5B6DEFD805AA0797C95A461EE ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:34:42.0095 0x0810  srv - ok
12:34:42.0111 0x0810  [ FD0008BEDD2723170CCA7D61837DFD52, F9F576FA7B84CAB5180B9080D62B8A00B3E5D5BC73199B11C63193742529227D ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:34:42.0173 0x0810  srv2 - ok
12:34:42.0205 0x0810  [ 63B5845D9379262083655D5C6AB8DFC5, 1813D2FC41ADCDAC6E3A522373B9DB934CC27B89E7185E0E4FC26E30CDAF1523 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:34:42.0251 0x0810  srvnet - ok
12:34:42.0283 0x0810  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:34:42.0345 0x0810  SSDPSRV - ok
12:34:42.0361 0x0810  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:34:42.0439 0x0810  SstpSvc - ok
12:34:42.0454 0x0810  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:34:42.0470 0x0810  stexstor - ok
12:34:42.0517 0x0810  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
12:34:42.0548 0x0810  StillCam - ok
12:34:42.0595 0x0810  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
12:34:42.0657 0x0810  stisvc - ok
12:34:42.0688 0x0810  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
12:34:42.0704 0x0810  storflt - ok
12:34:42.0719 0x0810  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
12:34:42.0751 0x0810  StorSvc - ok
12:34:42.0766 0x0810  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
12:34:42.0782 0x0810  storvsc - ok
12:34:42.0797 0x0810  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:34:42.0813 0x0810  swenum - ok
12:34:42.0844 0x0810  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
12:34:42.0922 0x0810  swprv - ok
12:34:43.0265 0x0810  [ A214C8AA6A6C06C9DBAB1310E38DAB4A, 67261D6FDF830C993C81C12402C12C6F23D7524D883EBB68FD3BAF3209394E59 ] syncagentsrv    C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
12:34:43.0624 0x0810  syncagentsrv - ok
12:34:43.0733 0x0810  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
12:34:43.0827 0x0810  SysMain - ok
12:34:43.0858 0x0810  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:34:43.0889 0x0810  TabletInputService - ok
12:34:43.0921 0x0810  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:34:43.0999 0x0810  TapiSrv - ok
12:34:44.0092 0x0810  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:34:44.0217 0x0810  Tcpip - ok
12:34:44.0311 0x0810  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:34:44.0389 0x0810  TCPIP6 - ok
12:34:44.0435 0x0810  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:34:44.0467 0x0810  tcpipreg - ok
12:34:44.0498 0x0810  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:34:44.0514 0x0810  TDPIPE - ok
12:34:44.0638 0x0810  [ 843DAFC2CD4ED5D57FA40FD2000C6296, 857749DCC061EDB423D1A5CB2DB394EE944FCBF3D729B52263F76D95F8AF3195 ] tdrpman         C:\Windows\system32\DRIVERS\tdrpman.sys
12:34:44.0732 0x0810  tdrpman - ok
12:34:44.0763 0x0810  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:34:44.0794 0x0810  TDTCP - ok
12:34:44.0826 0x0810  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:34:44.0841 0x0810  tdx - ok
12:34:45.0122 0x0810  [ CFC9B7B465283378D374D5E380D5D244, 5E66A62C6A6272B65181F116031AA80E8DCEDA3B7E2C1130DD631347DF644D79 ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
12:34:45.0418 0x0810  TeamViewer - ok
12:34:45.0668 0x0810  [ E99CD4524662A2DA7C73372C626669D8, 694DF29BF6CFF8CA06B8C701BBD148DCF58D6A6ECE3CF6CC900B0D0E5A3DFDF2 ] TeamViewer9     C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
12:34:45.0933 0x0810  TeamViewer9 - ok
12:34:45.0980 0x0810  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:34:45.0996 0x0810  TermDD - ok
12:34:46.0042 0x0810  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
12:34:46.0136 0x0810  TermService - ok
12:34:46.0152 0x0810  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
12:34:46.0198 0x0810  Themes - ok
12:34:46.0214 0x0810  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
12:34:46.0276 0x0810  THREADORDER - ok
12:34:46.0354 0x0810  [ 31C9790525705B292F3B30F6676873CD, 6D7DF2DB38DD0A32D0DB1031AFE65AA1FCA21C53FBBE292670A0E9806CE096EA ] tib_mounter     C:\Windows\system32\DRIVERS\tib_mounter.sys
12:34:46.0432 0x0810  tib_mounter - ok
12:34:46.0479 0x0810  [ 48DDEF0B921DD331536CC82C1A8FF64F, 540107E278E4C7DE4F43D37F7EA7BC094B6755399C22EE3A68574AA8A7719ACC ] TPM             C:\Windows\system32\drivers\tpm.sys
12:34:46.0495 0x0810  TPM - ok
12:34:46.0510 0x0810  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
12:34:46.0573 0x0810  TrkWks - ok
12:34:46.0604 0x0810  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:34:46.0651 0x0810  TrustedInstaller - ok
12:34:46.0682 0x0810  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:34:46.0713 0x0810  tssecsrv - ok
12:34:46.0729 0x0810  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:34:46.0776 0x0810  TsUsbFlt - ok
12:34:46.0791 0x0810  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
12:34:46.0822 0x0810  TsUsbGD - ok
12:34:46.0854 0x0810  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:34:46.0900 0x0810  tunnel - ok
12:34:47.0072 0x0810  [ 56C10D3338B01D3FBCC5AF24B3833E1C, 99ABF0D33E2372521384DA3C98FD4A3534155AD5B6B7852EBE94E098AA3DC9B8 ] tvnserver       C:\Program Files\TightVNC\tvnserver.exe
12:34:47.0197 0x0810  tvnserver - ok
12:34:47.0212 0x0810  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:34:47.0244 0x0810  uagp35 - ok
12:34:47.0259 0x0810  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:34:47.0337 0x0810  udfs - ok
12:34:47.0368 0x0810  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:34:47.0400 0x0810  UI0Detect - ok
12:34:47.0431 0x0810  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:34:47.0462 0x0810  uliagpkx - ok
12:34:47.0478 0x0810  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:34:47.0509 0x0810  umbus - ok
12:34:47.0524 0x0810  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
12:34:47.0556 0x0810  UmPass - ok
12:34:47.0587 0x0810  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
12:34:47.0618 0x0810  UmRdpService - ok
12:34:47.0790 0x0810  [ A69CD6BDB82872999D2E46F9324ADA83, 1F06D5B716D48E693A082C1FC49D80405F50D60C78FDF5829FF51F1CC11CF011 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
12:34:47.0930 0x0810  UNS - ok
12:34:47.0946 0x0810  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
12:34:48.0024 0x0810  upnphost - ok
12:34:48.0070 0x0810  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:34:48.0102 0x0810  usbccgp - ok
12:34:48.0148 0x0810  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:34:48.0180 0x0810  usbcir - ok
12:34:48.0211 0x0810  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
12:34:48.0242 0x0810  usbehci - ok
12:34:48.0304 0x0810  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:34:48.0351 0x0810  usbhub - ok
12:34:48.0382 0x0810  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:34:48.0398 0x0810  usbohci - ok
12:34:48.0414 0x0810  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
12:34:48.0445 0x0810  usbprint - ok
12:34:48.0476 0x0810  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:34:48.0523 0x0810  USBSTOR - ok
12:34:48.0570 0x0810  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:34:48.0601 0x0810  usbuhci - ok
12:34:48.0632 0x0810  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
12:34:48.0694 0x0810  UxSms - ok
12:34:48.0710 0x0810  [ 13FE29C1C8E782829C7FAA3B14F4A666, C53F7F9039E79AC6D5BDA94981A187570D6C7828930B6064CEFC17DC172EA20E ] VaultSvc        C:\Windows\system32\lsass.exe
12:34:48.0726 0x0810  VaultSvc - ok
12:34:48.0741 0x0810  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:34:48.0757 0x0810  vdrvroot - ok
12:34:48.0788 0x0810  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
12:34:48.0850 0x0810  vds - ok
12:34:48.0866 0x0810  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:34:48.0897 0x0810  vga - ok
12:34:48.0913 0x0810  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:34:48.0975 0x0810  VgaSave - ok
12:34:49.0006 0x0810  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:34:49.0022 0x0810  vhdmp - ok
12:34:49.0069 0x0810  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:34:49.0084 0x0810  viaide - ok
12:34:49.0147 0x0810  [ 927CBC96C4635F235301411E530FB56E, 2A942C64CB2970DDA23C72EB14A9541460369E97AC68BC11DC12E9D6B2ACAAAD ] vididr          C:\Windows\system32\DRIVERS\vididr.sys
12:34:49.0162 0x0810  vididr - ok
12:34:49.0209 0x0810  [ 88B4E5C396003BCF479CA4D9BE851D57, 3F381C92AA53DAC38DAACB971D0013D64527F3C2002BEAEBF9C4A5ED18CC0294 ] vidsflt         C:\Windows\system32\DRIVERS\vidsflt.sys
12:34:49.0240 0x0810  vidsflt - ok
12:34:49.0256 0x0810  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
12:34:49.0287 0x0810  vmbus - ok
12:34:49.0287 0x0810  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
12:34:49.0303 0x0810  VMBusHID - ok
12:34:49.0334 0x0810  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:34:49.0350 0x0810  volmgr - ok
12:34:49.0381 0x0810  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:34:49.0412 0x0810  volmgrx - ok
12:34:49.0428 0x0810  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:34:49.0459 0x0810  volsnap - ok
12:34:49.0474 0x0810  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:34:49.0506 0x0810  vsmraid - ok
12:34:49.0568 0x0810  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
12:34:49.0708 0x0810  VSS - ok
12:34:49.0724 0x0810  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:34:49.0755 0x0810  vwifibus - ok
12:34:49.0786 0x0810  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
12:34:49.0864 0x0810  W32Time - ok
12:34:49.0896 0x0810  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:34:49.0927 0x0810  WacomPen - ok
12:34:49.0974 0x0810  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:34:50.0020 0x0810  WANARP - ok
12:34:50.0020 0x0810  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:34:50.0067 0x0810  Wanarpv6 - ok
12:34:50.0161 0x0810  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:34:50.0239 0x0810  WatAdminSvc - ok
12:34:50.0317 0x0810  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
12:34:50.0457 0x0810  wbengine - ok
12:34:50.0488 0x0810  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:34:50.0535 0x0810  WbioSrvc - ok
12:34:50.0582 0x0810  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:34:50.0629 0x0810  wcncsvc - ok
12:34:50.0644 0x0810  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:34:50.0691 0x0810  WcsPlugInService - ok
12:34:50.0707 0x0810  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
12:34:50.0722 0x0810  Wd - ok
12:34:50.0800 0x0810  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:34:50.0847 0x0810  Wdf01000 - ok
12:34:50.0878 0x0810  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:34:50.0910 0x0810  WdiServiceHost - ok
12:34:50.0910 0x0810  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:34:50.0941 0x0810  WdiSystemHost - ok
12:34:50.0972 0x0810  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebCL       C:\Windows\System32\webclnt.dll
12:34:51.0019 0x0810  WebCL - ok
12:34:51.0034 0x0810  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:34:51.0097 0x0810  Wecsvc - ok
12:34:51.0112 0x0810  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:34:51.0175 0x0810  wercplsupport - ok
12:34:51.0190 0x0810  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:34:51.0253 0x0810  WerSvc - ok
12:34:51.0268 0x0810  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:34:51.0315 0x0810  WfpLwf - ok
12:34:51.0331 0x0810  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:34:51.0346 0x0810  WIMMount - ok
12:34:51.0393 0x0810  WinDefend - ok
12:34:51.0393 0x0810  WinHttpAutoProxySvc - ok
12:34:51.0440 0x0810  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:34:51.0518 0x0810  Winmgmt - ok
12:34:51.0627 0x0810  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
12:34:51.0783 0x0810  WinRM - ok
12:34:51.0846 0x0810  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\drivers\WinUSB.sys
12:34:51.0877 0x0810  WinUsb - ok
12:34:51.0924 0x0810  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:34:52.0002 0x0810  Wlansvc - ok
12:34:52.0017 0x0810  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:34:52.0064 0x0810  WmiAcpi - ok
12:34:52.0095 0x0810  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:34:52.0126 0x0810  wmiApSrv - ok
12:34:52.0142 0x0810  WMPNetworkSvc - ok
12:34:52.0158 0x0810  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:34:52.0204 0x0810  WPCSvc - ok
12:34:52.0220 0x0810  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:34:52.0267 0x0810  WPDBusEnum - ok
12:34:52.0298 0x0810  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:34:52.0345 0x0810  ws2ifsl - ok
12:34:52.0376 0x0810  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
12:34:52.0407 0x0810  wscsvc - ok
12:34:52.0407 0x0810  WSearch - ok
12:34:52.0548 0x0810  [ 86F11B85102AFA6A1A6101DCE2F09386, 68A0F0E628C8F33FDAC114876DA8ED14776DD74E80AC5A6A52257E19DE011091 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:34:52.0704 0x0810  wuauserv - ok
12:34:52.0751 0x0810  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:34:52.0797 0x0810  WudfPf - ok
12:34:52.0829 0x0810  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:34:52.0844 0x0810  WUDFRd - ok
12:34:52.0860 0x0810  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:34:52.0875 0x0810  wudfsvc - ok
12:34:52.0922 0x0810  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:34:52.0969 0x0810  WwanSvc - ok
12:34:52.0985 0x0810  [ 6533F30045B0A234783BD8B4069F0433, 458A753961A4D0AC63BC44613A10101DCA5CFD7AB0F5CFA174F1DEF2A72B825D ] XUIF            C:\Windows\system32\Drivers\x10ufx2.sys
12:34:53.0016 0x0810  XUIF - ok
12:34:53.0031 0x0810  ================ Scan global ===============================
12:34:53.0063 0x0810  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
12:34:53.0109 0x0810  [ E0E4D286839FC27F56A85B4710E16B6B, 6BBBADB8904D6159E6171A339E0BF30A41D14E885D560BFB8BB73B1FF7239E1A ] C:\Windows\system32\winsrv.dll
12:34:53.0125 0x0810  [ E0E4D286839FC27F56A85B4710E16B6B, 6BBBADB8904D6159E6171A339E0BF30A41D14E885D560BFB8BB73B1FF7239E1A ] C:\Windows\system32\winsrv.dll
12:34:53.0156 0x0810  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
12:34:53.0219 0x0810  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
12:34:53.0219 0x0810  [ Global ] - ok
12:34:53.0219 0x0810  ================ Scan MBR ==================================
12:34:53.0234 0x0810  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:34:53.0468 0x0810  \Device\Harddisk0\DR0 - ok
12:34:53.0468 0x0810  ================ Scan VBR ==================================
12:34:53.0484 0x0810  [ 679E164DE41E72DFB4524B6304E9F8C4 ] \Device\Harddisk0\DR0\Partition1
12:34:53.0484 0x0810  \Device\Harddisk0\DR0\Partition1 - ok
12:34:53.0484 0x0810  [ 3EEDF9E5045A29C681A113132EB78164 ] \Device\Harddisk0\DR0\Partition2
12:34:53.0484 0x0810  \Device\Harddisk0\DR0\Partition2 - ok
12:34:53.0484 0x0810  [ CD382474B6BE7D457FC4BE42100E1451 ] \Device\Harddisk0\DR0\Partition3
12:34:53.0484 0x0810  \Device\Harddisk0\DR0\Partition3 - ok
12:34:53.0484 0x0810  ================ Scan generic autorun ======================
12:34:53.0531 0x0810  [ A44BA0B582415872D43BE0DB83F30A2A, 9F83479333D8FD549BA2070A4E5DDA66FA31F4262FD5CDD851DECA80C37902E7 ] C:\Windows\system32\igfxtray.exe
12:34:53.0546 0x0810  IgfxTray - ok
12:34:53.0577 0x0810  [ 5B4246D732EEF2177F38B4D18874D61F, 64939238FD58D919D3309C48B09CD433585B3B79ABA71826467FFB67750EA083 ] C:\Windows\system32\hkcmd.exe
12:34:53.0593 0x0810  HotKeysCmds - ok
12:34:53.0624 0x0810  [ 70FAB14E574503315963F601D63912DF, A5DEB742DA0C23555EA061F0389A10049454E37201B3B725C1606B718FB5C352 ] C:\Windows\system32\igfxpers.exe
12:34:53.0655 0x0810  Persistence - ok
12:34:54.0108 0x0810  [ FF01BF4D9C1D6AB832E0A788E75CC330, 64B2D68947000B3970AA97AC548791220BF5BF12B4D7F39C6BB3E373BB42BD3E ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
12:34:54.0716 0x0810  RtHDVCpl - ok
12:34:54.0747 0x0810  [ 554A50B5310E702029D3A675459108FF, 4757D5FFFAC7E73D4A3D931DB1399DDFDBD5811639BDA4517F886C21CC7F2574 ] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
12:34:54.0763 0x0810  hpsysdrv - ok
12:34:54.0810 0x0810  [ 6BF88A7FA1F5945929723628B6801555, 4D648D0ABFC3EF9EA495FC90B4106AF489633C23997712D413C3B24AB81BB526 ] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
12:34:54.0825 0x0810  Acronis Scheduler2 Service - ok
12:34:54.0903 0x0810  [ BBC93F07669F444DD3FC4F6C2A09C9DF, A82605BEFD0EABC4A44E44067079F96E57651C6AD97578111D85228C539422BD ] C:\Program Files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe
12:34:54.0935 0x0810  ApplyEsf-eDocPrintPro - detected UnsignedFile.Multi.Generic ( 1 )
12:34:55.0028 0x0810  ApplyEsf-eDocPrintPro ( UnsignedFile.Multi.Generic ) - warning
12:34:55.0028 0x0810  Force sending object to P2P due to detect: C:\Program Files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe
12:34:55.0215 0x0810  Object send P2P result: true
12:34:55.0465 0x0810  [ 56C10D3338B01D3FBCC5AF24B3833E1C, 99ABF0D33E2372521384DA3C98FD4A3534155AD5B6B7852EBE94E098AA3DC9B8 ] C:\Program Files\TightVNC\tvnserver.exe
12:34:55.0559 0x0810  tvncontrol - ok
12:34:55.0590 0x0810  [ 49FBD026C73B6EFBFD3F58E641E39411, A2B80515D5107AD9817036B118D141F7A7306C372D54211A0B9687DB12D715FA ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
12:34:55.0605 0x0810  IMSS - ok
12:34:55.0652 0x0810  [ E66A704AA07E9FD565D8C22253986666, D4A685D04A1A92051065B2BC959E11BA143145C1B4ABA300BBB4A2FFFBF8AD9D ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
12:34:55.0683 0x0810  StartCCC - ok
12:34:55.0746 0x0810  [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
12:34:55.0761 0x0810  BCSSync - ok
12:34:55.0871 0x0810  [ D3A2A4864C4EE7C6901FA4B425BAB5E2, 0E725D0B8EDE5C2765E7B75B9486097D9D1F02F93AC528F42A46E464471EACBC ] C:\Program Files (x86)\Nuance\PDF \pdfpro7hook.exe
12:34:55.0933 0x0810  PDFHook - ok
12:34:55.0964 0x0810  [ 97397E835E13D3012C4BED7582752F4C, 13FC34818717D134806A398C36C4D274CFA4F9F6C8E2AB340D56E67B185EB5F9 ] C:\Program Files (x86)\Nuance\PDF \RegistryController.exe
12:34:56.0011 0x0810  PDF7 Registry Controller - ok
12:34:56.0089 0x0810  [ 4D5D968FE6AE6BF94A807F73F7FF6B3D, 3D5D5D775EE251C2B903AA8DA804AE4D1632DD59A8A0A36C545FE984FCFE06DD ] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
12:34:56.0167 0x0810  BrMfcWnd - detected UnsignedFile.Multi.Generic ( 1 )
12:34:56.0463 0x0810  Detect skipped due to KSN trusted
12:34:56.0463 0x0810  BrMfcWnd - ok
12:34:56.0495 0x0810  [ 4DE3EF07E0854547309C6B40235A9D44, F73D8E6D98583865D1C8DB728058D83C72A3908E21E04EF313FCB829C040A1EC ] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe
12:34:56.0526 0x0810  ControlCenter3 - detected UnsignedFile.Multi.Generic ( 1 )
12:34:56.0760 0x0810  Detect skipped due to KSN trusted
12:34:56.0760 0x0810  ControlCenter3 - ok
12:34:57.0041 0x0810  [ 60560CEDC32CAB29024ED5E5B560DE4E, FB967295D4872DA675C0D0D73027A8176CF38A3AB8BDF87CFDE4A1E596AFE8DE ] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
12:34:57.0337 0x0810  TrueImageMonitor.exe - ok
12:34:57.0431 0x0810  [ CCC11052D20C42AE1B206EF04B8403EB, DA302A72A4E96BAB8AA5F594DE500499E1B4E7E40D2359C0F3DCFCBA6BE143FE ] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
12:34:57.0477 0x0810  AcronisTibMounterMonitor - ok
12:34:57.0524 0x0810  [ 5A7B6D7D0D77079A6CEF9AA722FABECA, B4DE62FE98CC5A75C0DE98A0645D31186B4BBFC5F1A22803832B483A51ABD71C ] C:\VETUBY\PROGRAMM\RZKOMM\Vetuby.CC.Processes.Cmd.exe
12:34:57.0665 0x0810  Vetuby.CC.ControllerUserMode - ok
12:34:58.0008 0x0810  [ F88CC6F051C1A9C46D1DE5F856292E24, B5F00E408CC4A28B5E9399F4C028888D63C69BA100683299FEF5286F8C770348 ] C:\VETUBY\PROGRAMM\SWS\SwmHintergrundDienst.exe
12:34:58.0133 0x0810  SwmHintergrunddienst - ok
12:34:58.0413 0x0810  [ 0D1F299A04DBE4446A3105DEBDDD81C6, 0123036847894724A905EF8DD7C4002D17EEC44F6685091E192032B8A80C02EB ] C:\Program Files (x86)\G Data\AVK\AVK.exe
12:34:58.0616 0x0810  AVK CL - ok
12:34:58.0663 0x0810  [ AA3BFB8338F7EC01FF532CC57A851240, 7BC7FBBAEBBD2A3CA7667692099F0965135BD948486B4132D6712ABF19608B8D ] C:\VETUBY\PROGRAMM\B0000398\SiPaHost.exe
12:34:58.0694 0x0810  SiPaHost - ok
12:34:58.0741 0x0810  [ C9B67BCB8E384064A8C2263740B0C437, F2609406A84F3A8E256DD250F84A774EF43F92C9F8B373E297A99ACF95B3CCE4 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
12:34:58.0772 0x0810  SunJavaUpdateSched - ok
12:34:58.0866 0x0810  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
12:34:59.0006 0x0810  Sidebar - ok
12:34:59.0084 0x0810  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
12:34:59.0147 0x0810  Sidebar - ok
12:34:59.0162 0x0810  Waiting for KSN requests completion. In queue: 136
12:35:00.0223 0x0810  AV detected via SS2: G Data AntiVirus,  (  ), 0x41000 ( enabled : updated )
12:35:00.0254 0x0810  Win FW state via NFP2: enabled ( trusted )
12:35:00.0535 0x0810  ============================================================
12:35:00.0535 0x0810  Scan finished
12:35:00.0535 0x0810  ============================================================
12:35:00.0535 0x0d80  Detected object count: 3
12:35:00.0535 0x0d80  Actual detected object count: 3
13:54:48.0130 0x0d80  VetubyPrintService ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:48.0130 0x0d80  VetubyPrintService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:54:48.0132 0x0d80  HRService ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:48.0132 0x0d80  HRService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:54:48.0133 0x0d80  ApplyEsf-eDocPrintPro ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:48.0133 0x0d80  ApplyEsf-eDocPrintPro ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 30.08.2016, 20:41   #5
M-K-D-B
/// TB-Ausbilder
 
Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB - Standard

Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB



Servus,




Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel
    • "Prefetch" Dateien
    • Proxy
    • Winsock
    • Internet Explorer Richtlinien
    • Chrome Richtlinien
  • Bestätige die Auswahl mit Ok.
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 31.08.2016, 01:15   #6
spartaner007
 
Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB - Standard

Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB



Servus Matthias,
hier das Ergebnis:

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v6.010 - Bericht erstellt am 31/08/2016 um 00:58:48
# Aktualisiert am 12/08/2016 von ToolsLib
# Datenbank : 2016-08-30.2 [Server]
# Betriebssystem : Windows 7  Service Pack 1 (X64)
# Benutzername : M** - **
# Gestartet von : C:\Users\M**\Desktop\AdwCleaner_6.010.exe
# Modus: Löschen
# Unterstützung : https://toolslib.net/forum



***** [ Dienste ] *****



***** [ Ordner ] *****

[-] Ordner gelöscht: C:\Users\M**\AppData\Local\YSearchUtil
[-] Ordner gelöscht: C:\Program Files (x86)\Yahoo!\yset
[-] Ordner gelöscht: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil


***** [ Dateien ] *****

[-] Datei gelöscht: C:\Users\M**\AppData\Roaming\Mozilla\Firefox\Profiles\gv7wjv9w.default\searchplugins\bingp.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Verknüpfungen ] *****



***** [ Aufgabenplanung ] *****



***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\DControls.dcToolbar
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\DControls.dcToolbarButton
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\DRCtl.dcToolbar
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\DRCtl.dcToolbarButton
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\DRTlb.dcToolbar
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Ionic.Crc.CRC32
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Ionic.Zip.BadCrcException
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Ionic.Zip.BadPasswordException
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Ionic.Zip.BadReadException
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Ionic.Zip.BadStateException
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Ionic.Zip.ComHelper
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Ionic.Zip.ReadOptions
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Ionic.Zip.SelfExtractorSaveOptions
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Ionic.Zip.SfxGenerationException
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Ionic.Zip.ZipEntry
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Ionic.Zip.ZipException
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Ionic.Zip.ZipFile
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Ionic.Zlib.Adler
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Ionic.Zlib.ZlibCodec
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Ionic.Zlib.ZlibException
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\jZip.file
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\QSDRTlB.dcToolbar
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00004}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00005}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00006}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00007}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00008}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00009}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000A}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000B}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000C}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000D}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000E}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000F}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPath\jZip.exe
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\s
[-] Wert gelöscht: HKLM\SOFTWARE\RegisteredApplications [jZip]
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Google\Chrome\Extensions\npdicihegicnhaangkdmcgbjceoemeoo


***** [ Browser ] *****



*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [4427 Bytes] - [31/08/2016 00:58:48]
C:\AdwCleaner\AdwCleaner[R0].txt - [5728 Bytes] - [28/10/2013 01:05:11]
C:\AdwCleaner\AdwCleaner[R0]_fuer_Forum.txt - [5668 Bytes] - [28/10/2013 01:09:18]
C:\AdwCleaner\AdwCleaner[S0].txt - [5510 Bytes] - [28/10/2013 01:24:52]
C:\AdwCleaner\AdwCleaner[S0]_fuer_Forum.txt - [5450 Bytes] - [28/10/2013 01:33:06]
C:\AdwCleaner\AdwCleaner[S1].txt - [4761 Bytes] - [31/08/2016 00:50:00]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4887 Bytes] ##########
         
--- --- ---

[/code]

Gruß R.

Alt 31.08.2016, 13:51   #7
M-K-D-B
/// TB-Ausbilder
 
Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB - Standard

Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB



Servus,


gut gemacht.


  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 31.08.2016, 18:08   #8
spartaner007
 
Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB - Standard

Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB



Servus Matthias,
hier das Ergebnis:

FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
durchgeführt von M** auf ** (31-08-2016 16:57:30)
Gestartet von C:\Users\M**\Desktop
Geladene Profile: M** (Verfügbare Profile: M** &  & Admin)
Platform: Windows 7  Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(VETUBY eG) C:\VETUBY\PROGRAMM\B0000150\ScServer\DVckService.exe
(VETUBY eG) C:\VETUBY\PROGRAMM\B0000398\SiPaHostService.exe
(VETUBY eG) C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(VETUBY eG) C:\VETUBY\PROGRAMM\Install\DvInesASDSvc.Exe
(VETUBY eG) C:\VETUBY\PROGRAMM\B0001442\PSNTServ.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
() C:\Program Files (x86)\Efuah\iDesk\iDeskService\ideskservice.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Efuah Mediengruppe) C:\Program Files (x86)\Efuah\iDesk\iDeskService\ideskpython.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF \PDFProFiltSrv.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
(VETUBY eG) C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Bartels Media GmbH) C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
(VETUBY eG) C:\VETUBY\PROGRAMM\Install\DvInesASDMon.exe
(AGX      ) C:\Program Files (x86)\AGX\Tk-Suite\tools\ctimon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF \PdfPro7Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(VETUBY eG) C:\VETUBY\PROGRAMM\Sws\SwmHintergrundDienst.exe
(VETUBY eG) C:\VETUBY\PROGRAMM\B0000398\SiPaHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(VETUBY eG) C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(VETUBY eG) C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe
(VETUBY eG) C:\VETUBY\PROGRAMM\DFUEISDN\SSLClt\sslclt.exe
(VETUBYeG) C:\VETUBY\PROGRAMM\B0000299\AS\as.exe
(VETUBYeG) C:\VETUBY\PROGRAMM\B0000299\AS\as.exe
(VETUBYeG) C:\VETUBY\PROGRAMM\B0000299\AS\as.exe
(VETUBYeG) C:\VETUBY\PROGRAMM\B0000299\AS\as.exe
(VETUBYeG) C:\VETUBY\PROGRAMM\B0000299\AS\as.exe
(VETUBYeG) C:\VETUBY\PROGRAMM\B0000299\AS\as.exe
(VETUBYeG) C:\VETUBY\PROGRAMM\B0000299\AS\as.exe
(VETUBYeG) C:\VETUBY\PROGRAMM\B0000299\AS\as.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconCL.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\AVK\AVK_64.exe
(G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G DATA Software AG) C:\Program Files (x86)\G DATA\AVK\GdAgentSrv.exe
(G DATA Software AG) C:\Program Files (x86)\G DATA\AVK\GdAgentUi.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403888 2012-08-03] (Acronis)
HKLM\...\Run: [ApplyEsf-eDocPrintPro] => C:\Program Files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe [443392 2013-04-01] (May Software)
HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-11-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF \pdfpro7hook.exe [1275168 2010-10-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF7 Registry Controller] => C:\Program Files (x86)\Nuance\PDF \RegistryController.exe [121120 2010-10-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6049096 2012-08-23] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [943856 2012-07-24] (Acronis)
HKLM-x32\...\Run: [Vetuby.CC.ControllerUserMode] => C:\VETUBY\PROGRAMM\RZKOMM\Vetuby.CC.Processes.Cmd.exe StartRdtControllerUserMode -retry true
HKLM-x32\...\Run: [SwmHintergrunddienst] => C:\VETUBY\PROGRAMM\SWS\SwmHintergrundDienst.exe [1975848 2015-03-04] (VETUBY eG)
HKLM-x32\...\Run: [AVK CL] => "C:\Program Files (x86)\G Data\AVK\AVK.exe" /GUI
HKLM-x32\...\Run: [SiPaHost] => C:\VETUBY\PROGRAMM\B0000398\SiPaHost.exe [557608 2015-04-01] (VETUBY eG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [3231232 2016-04-09] (Microsoft Corporation) <==== ACHTUNG
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [3231232 2016-04-09] (Microsoft Corporation) <==== ACHTUNG
HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\...\Winlogon: [Shell] C:\Windows\explorer.exe [3231232 2016-04-09] (Microsoft Corporation) <==== ACHTUNG
HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [3231232 2016-04-09] (Microsoft Corporation) <==== ACHTUNG
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2012-08-23] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2012-08-23] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2012-08-23] (Acronis)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Basisschnittstelle Office Initialisierung.lnk [2016-04-11]
ShortcutTarget: Basisschnittstelle Office Initialisierung.lnk -> C:\VETUBY\PROGRAMM\BSOFFICE\service\OfficeDiag.exe (VETUBY eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CleanupPrintJobs.lnk [2016-04-11]
ShortcutTarget: CleanupPrintJobs.lnk -> C:\VETUBY\PROGRAMM\B0001401\CleanupPrintJobs.exe (VETUBY eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress.lnk [2015-07-31]
ShortcutTarget: PhraseExpress.lnk -> C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk [2016-04-11]
ShortcutTarget: SkyUserDevmode-Update.lnk -> C:\VETUBY\PROGRAMM\B0001401\UpdateDevmode.exe (VETUBY eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TK-Suite CL.lnk [2012-01-19]
ShortcutTarget: TK-Suite CL.lnk -> C:\Program Files (x86)\AGX\Tk-Suite\tools\ctimon.exe (AGX      )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VR Prüfung.lnk [2013-03-28]
ShortcutTarget:VR Prüfung.lnk -> C:\Program Files (x86)\VR\vrtoolcheckorder.exe (VR Software)
Startup: C:\Users\M**_veraltet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Datum Start **.lnk [2012-01-08]
ShortcutTarget: Datum Start **.lnk -> C:\BAT\Datum_Start_HO.bat ()
Startup: C:\Users\M**_veraltet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Org EasyClip.lnk [2012-01-08]
ShortcutTarget: Org EasyClip.lnk -> C:\lotus\organize\easyclip6.exe (Lotus Development Corporation)
Startup: C:\Users\M**_veraltet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tag M**.lnk [2014-07-25]
ShortcutTarget: Tag M**.lnk -> C:\TagM**.xls (Keine Datei)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.199.10
Tcpip\..\Interfaces\{A070552C-AFA0-4964-887E-D5EDB484E8CE}: [DhcpNameServer] 192.168.199.10

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/28
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-3160997517-2106278152-2557221923-1126 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3160997517-2106278152-2557221923-1126 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3160997517-2106278152-2557221923-1126 -> {679374B8-BF0E-4E31-96D8-D47F9E30C085} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3160997517-2106278152-2557221923-1126 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
BHO: DtvIePwdSafeBHO Class -> {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} -> C:\VETUBY\PROGRAMM\B0000397\DtvIePwdSafe64.dll [2015-04-01] (VETUBY eG)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-09-26] (HP)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: SCardBHOEvent Class -> {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} -> C:\VETUBY\SYSTEM\DVCCSASCardBHO64002.Dll [2015-04-01] (VETUBY eG)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: IEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF \Bin\IEContextMenu.dll [2010-07-16] (Zeon Corporation)
BHO-x32: DtvIePwdSafeBHO Class -> {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} -> C:\VETUBY\PROGRAMM\B0000397\DtvIePwdSafe.dll [2015-04-01] (VETUBY eG)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-09-26] (HP)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: SCardBHOEvent Class -> {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} -> C:\VETUBY\SYSTEM\DVCCSAScardBHO002.dll [2015-04-01] (VETUBY eG)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files (x86)\Nuance\PDF \Bin\ZeonIEFavCL.dll [2010-07-16] (Zeon Corporation)
Toolbar: HKLM-x32 - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF \Bin\ZeonIEFavCL.dll [2010-07-16] (Zeon Corporation)
Handler: Efuahreader - Kein CLSID Wert
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\M**\AppData\Roaming\Mozilla\Firefox\Profiles\gv7wjv9w.default
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Bing 
FF Homepage: hxxp:/www.google.de
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll [2013-04-10] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @Vetuby.de/VETUBY_Best,version=1.7 -> C:\VETUBY\PROGRAMM\A0000015\npdvbm.dll [2008-12-02] ( VETUBY eG)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF \bin\nppdf.dll [2010-07-16] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-3160997517-2106278152-2557221923-1126: @citrixonline.com/appdetectorplugin -> C:\Users\M**\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-09-03] (Citrix Online)
FF Extension: (Adblock ) - C:\Users\M**\AppData\Roaming\Mozilla\Firefox\Profiles\gv7wjv9w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Extension: (TrueSuite Website Logon) - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2016-08-30] [ist nicht signiert]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]

Chrome: 
=======
CHR Profile: C:\Users\M**\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\M**\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-28]
CHR Extension: (Google Drive) - C:\Users\M**\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-28]
CHR Extension: (YouTube) - C:\Users\M**\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-28]
CHR Extension: (Google Search) - C:\Users\M**\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-28]
CHR Extension: (Website Logon) - C:\Users\M**\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef [2015-08-28]
CHR Extension: (Gmail) - C:\Users\M**\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-28]
CHR HKLM-x32\...\Chrome\Extension: [dfaldikcoaplhepekpbngkepfcoiihef] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-08-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AntiVirusKit CL; C:\Program Files (x86)\G Data\AVK\GdAgentSrv.exe [4526408 2016-05-12] (G DATA Software AG)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [2826336 2016-05-12] (G DATA Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\AVK\AVK_64.exe [4580056 2016-05-12] (G Data Software AG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 VETUBY Update-Service; C:\VETUBY\PROGRAMM\INSTALL\DvInesASDSvc.Exe [182312 2015-05-07] (VETUBY eG)
R3 Vetuby.CC.Processes.Hosting.RdtServiceMode; C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-09-28] (VETUBY eG)
S3 Vetuby.Database.Dimitra.Server; C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-09-28] (VETUBY eG)
R2 Vetuby.Framework.RemoteServiceModel.EnablerService; C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-09-28] (VETUBY eG)
R3 Vetuby.Framework.RemoteServices; C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-09-28] (VETUBY eG)
S3 Vetuby.Irw.ServiceProvider.HostXcut.Server; C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-09-28] (VETUBY eG)
R2 VetubyPrintService; C:\VETUBY\PROGRAMM\B0001442\PSNTSERV.EXE [155136 2015-04-01] (VETUBY eG) [Datei ist nicht signiert]
S4 DfueSammlerDienst; C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-09-28] (VETUBY eG)
R2 DVckService; C:\VETUBY\PROGRAMM\B0000150\ScServer\DVckService.exe [3099688 2015-04-01] (VETUBY eG)
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe [116224 2012-05-18] (Firebird Project) [Datei ist nicht signiert]
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe [4035584 2012-05-18] (Firebird Project) [Datei ist nicht signiert]
R3 GDScan; C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [811336 2016-05-12] (G DATA Software AG)
S3 GD_SetupService_CLI; C:\Program Files (x86)\G DATA\Setup\CL\SetupSVC.exe [1661344 2016-08-31] (G DATA Software AG)
R2 hasplms; C:\Windows\system32\hasplms.exe [4608320 2014-11-27] (SafeNet Inc.)
R2 HRService; C:\Program Files (x86)\Efuah\iDesk\iDeskService\iDeskService.exe [12800 2013-07-03] () [Datei ist nicht signiert]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Datei ist nicht signiert]
S4 KOBIL_MSDI; C:\VETUBY\PROGRAMM\B0000404\msdisrv.exe [137736 2013-03-14] (KOBIL Systems GmbH)
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF \PDFProFiltSrv.exe [134944 2010-10-16] (Nuance Communications, Inc.)
R2 Sicherheitspaket-Dienst; C:\VETUBY\PROGRAMM\B0000398\SiPaHostService.exe [322088 2015-04-01] (VETUBY eG)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 Vetuby.SystemComponents.ServiceBus.V0300.PlugIn; Vetuby.Framework.RemoteServiceModel.GenericService2010.exe Vetuby.SystemComponents.ServiceBus.V0300.PlugIn [X]
S3 Vetuby.SystemComponents.ServiceBus.V0400.PlugIn; Vetuby.Framework.RemoteServiceModel.GenericService2010.exe Vetuby.SystemComponents.ServiceBus.V0400.PlugIn [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2015-08-27] (G Data Software AG)
R0 GDBehave2; C:\Windows\System32\drivers\GDBehave2.sys [171592 2016-08-31] (G Data Software AG)
R3 GDKBB; C:\Windows\system32\drivers\GDKBB64.sys [37448 2016-08-31] (G DATA Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [255048 2016-08-31] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [74824 2016-08-31] (G DATA Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2015-08-27] (G Data Software)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331608 2014-11-27] (SafeNet Inc.)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [136264 2016-08-31] (G Data Software AG)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM52x64.sys [339728 2010-08-14] (Intel(R) Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP52X64.sys [65808 2010-08-14] (Intel(R) Corporation)
S3 KOBCCEX; C:\Windows\System32\drivers\KOBCCEX.sys [25344 2012-01-03] (KOBIL Systems GmbH) [Datei ist nicht signiert]
R3 KOBCCID; C:\Windows\System32\drivers\KOBCCID.sys [116864 2012-11-10] (KOBIL Systems GmbH)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-09] ()
R2 SC_SERV3D; C:\Windows\system32\drivers\d3_kafm.sys [96952 2014-03-03] (Vetuby eG)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [1093256 2013-03-24] (Acronis)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [166024 2013-03-24] (Acronis)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [33048 2006-11-30] (X10 Wireless Technology, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U0 dmboot; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-08-31 16:55 - 2016-08-31 16:55 - 00000000 ____D C:\Users\M**\Desktop\FRST-OlderVersion
2016-08-31 11:55 - 2016-08-31 11:55 - 00171592 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave2.sys
2016-08-31 00:39 - 2016-08-31 00:40 - 03826240 _____ C:\Users\M**\Desktop\AdwCleaner_6.010.exe
2016-08-30 15:33 - 2016-08-31 00:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-30 12:30 - 2016-08-30 14:48 - 00229488 _____ C:\TDSSKiller.3.1.0.11_30.08.2016_12.30.44_log.txt
2016-08-30 12:27 - 2016-08-30 12:27 - 04747704 _____ (AO Kaspersky Lab) C:\Users\M**\Desktop\tdsskiller.exe
2016-08-30 02:21 - 2016-08-30 02:24 - 00057704 _____ C:\Users\M**\Desktop\Addition.txt
2016-08-30 02:20 - 2016-08-31 16:58 - 00028909 _____ C:\Users\M**\Desktop\FRST.txt
2016-08-30 02:20 - 2016-08-31 16:57 - 00000000 ____D C:\FRST
2016-08-30 02:08 - 2016-08-31 16:55 - 02397696 _____ (Farbar) C:\Users\M**\Desktop\FRST64.exe
2016-08-29 17:24 - 2016-08-29 17:24 - 00002311 _____ C:\Users\Public\Desktop\Efuah Ster aufrufen.lnk
2016-08-29 12:18 - 2016-08-29 12:20 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-29 12:18 - 2016-08-29 12:18 - 00001108 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-08-29 12:18 - 2016-08-29 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-08-29 12:18 - 2016-08-29 12:18 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-08-29 12:18 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-08-29 12:18 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-29 12:18 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-08-29 12:06 - 2016-08-29 12:09 - 22851472 _____ (Malwarebytes ) C:\Users\M**\Desktop\mbam-setup-2.2.1.1043.exe
2016-08-17 08:03 - 2016-07-08 17:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-17 08:03 - 2016-07-08 17:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-08-10 14:04 - 2016-08-02 16:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-10 14:04 - 2016-08-02 16:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-10 14:04 - 2016-08-02 08:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-10 14:04 - 2016-08-02 08:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-10 14:04 - 2016-08-02 08:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-10 14:04 - 2016-08-02 08:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-10 14:04 - 2016-08-02 08:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-10 14:04 - 2016-08-02 08:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-10 14:04 - 2016-08-02 08:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-10 14:04 - 2016-08-02 08:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-10 14:04 - 2016-08-02 08:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-10 14:04 - 2016-08-02 08:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-10 14:04 - 2016-08-02 08:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-10 14:04 - 2016-08-02 08:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-10 14:04 - 2016-08-02 08:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-10 14:04 - 2016-08-02 08:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-10 14:04 - 2016-08-02 08:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-10 14:04 - 2016-08-02 08:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-10 14:04 - 2016-08-02 08:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-10 14:04 - 2016-08-02 08:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-10 14:04 - 2016-08-02 08:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-10 14:04 - 2016-08-02 08:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-10 14:04 - 2016-08-02 08:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-10 14:04 - 2016-08-02 07:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-10 14:04 - 2016-08-02 07:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-10 14:04 - 2016-08-02 07:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-10 14:04 - 2016-08-02 07:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-10 14:04 - 2016-08-02 07:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-10 14:04 - 2016-08-02 07:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-10 14:04 - 2016-08-02 07:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-10 14:04 - 2016-08-02 07:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-10 14:04 - 2016-08-02 07:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-10 14:04 - 2016-08-02 07:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-10 14:04 - 2016-08-02 07:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-10 14:04 - 2016-08-02 07:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-10 14:04 - 2016-08-02 07:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-10 14:04 - 2016-08-02 07:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-10 14:04 - 2016-08-02 07:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-10 14:04 - 2016-08-02 07:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-10 14:04 - 2016-08-02 07:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-10 14:04 - 2016-08-02 07:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-10 14:04 - 2016-08-02 07:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-10 14:04 - 2016-08-02 07:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-10 14:04 - 2016-08-02 07:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-10 14:04 - 2016-08-02 07:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-10 14:04 - 2016-08-02 07:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-10 14:04 - 2016-08-02 07:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-10 14:04 - 2016-08-02 07:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-10 14:04 - 2016-08-02 07:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-10 14:04 - 2016-08-02 07:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-10 14:04 - 2016-08-02 07:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-10 14:04 - 2016-08-02 07:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-10 14:04 - 2016-08-02 07:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-10 14:04 - 2016-08-02 07:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-10 14:04 - 2016-08-02 07:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-10 14:04 - 2016-08-02 07:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-10 14:04 - 2016-08-02 07:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-10 14:04 - 2016-08-02 07:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-10 14:04 - 2016-08-02 07:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-10 14:04 - 2016-08-02 07:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-10 14:04 - 2016-08-02 07:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-10 14:04 - 2016-08-02 07:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-10 14:04 - 2016-08-02 06:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-10 14:04 - 2016-08-02 06:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-10 14:04 - 2016-08-02 06:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-10 14:04 - 2016-08-02 06:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-10 14:00 - 2016-07-08 17:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 14:00 - 2016-07-08 17:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-10 14:00 - 2016-07-08 17:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-10 14:00 - 2016-07-08 17:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-10 14:00 - 2016-07-08 17:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-10 14:00 - 2016-07-08 17:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-10 14:00 - 2016-07-08 16:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-10 14:00 - 2016-07-08 16:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-10 14:00 - 2016-07-08 16:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-10 14:00 - 2016-07-08 16:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-10 14:00 - 2016-07-08 16:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-10 14:00 - 2016-07-08 16:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-08-10 13:50 - 2016-07-08 17:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-08-31 16:56 - 2015-08-27 08:27 - 00000000 ____D C:\ProgramData\G Data
2016-08-31 16:37 - 2012-01-03 10:47 - 00000128 _____ C:\Windows\system32\config\netlogon.ftl
2016-08-31 16:26 - 2013-07-22 11:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-31 16:02 - 2012-09-24 12:29 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-31 13:16 - 2015-08-26 17:10 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1D933CB6-A4A6-4298-AAB9-4BE18F150CFA}
2016-08-31 12:06 - 2009-07-14 06:45 - 00027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-31 12:06 - 2009-07-14 06:45 - 00027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-31 11:55 - 2015-08-27 08:30 - 00074824 _____ (G DATA Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2016-08-31 11:55 - 2015-08-27 08:30 - 00037448 _____ (G DATA Software AG) C:\Windows\system32\Drivers\GDKBB64.sys
2016-08-31 11:55 - 2015-08-27 08:29 - 00255048 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2016-08-31 11:55 - 2015-08-27 08:29 - 00136264 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2016-08-31 11:54 - 2015-08-27 08:26 - 00000000 ____D C:\Program Files (x86)\G DATA
2016-08-31 11:52 - 2015-08-26 17:09 - 00000000 ____D C:\Users\M**\AppData\LocalLow\AuthenTec
2016-08-31 11:52 - 2012-09-24 12:29 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-31 11:52 - 2011-12-09 01:20 - 00000000 ____D C:\ProgramData\Temp
2016-08-31 11:51 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-31 01:15 - 2015-08-26 17:56 - 00000000 ____D C:\Users\M**\Documents\PhraseExpress
2016-08-31 00:59 - 2012-11-22 12:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-31 00:58 - 2015-08-26 19:16 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-08-31 00:58 - 2013-10-28 01:05 - 00000000 ____D C:\AdwCleaner
2016-08-31 00:58 - 2012-01-03 10:48 - 00003086 __RSH C:\ProgramData\ntuser.pol
2016-08-30 11:29 - 2015-08-26 17:10 - 00120672 _____ C:\Users\M**\AppData\Local\GDIPFONTCACHEV1.DAT
2016-08-30 10:40 - 2009-07-14 06:45 - 00433752 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-29 17:25 - 2013-08-11 09:49 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-29 17:24 - 2012-01-04 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Efuah
2016-08-29 01:27 - 2012-03-08 08:53 - 00003210 _____ C:\Windows\System32\Tasks\HPCeeScheduleFor**$
2016-08-29 01:27 - 2012-03-08 08:53 - 00000334 _____ C:\Windows\Tasks\HPCeeScheduleFor**$.job
2016-08-23 20:41 - 2015-08-29 18:24 - 00005821 _____ C:\Users\M**\AppData\Local\EmptySettings.xml
2016-08-18 16:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-18 14:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-08-09 08:07 - 2012-09-24 12:30 - 00002189 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-09 08:07 - 2012-09-24 12:30 - 00002177 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-04 08:38 - 2015-06-20 18:01 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-08-29 18:24 - 2016-08-23 20:41 - 0005821 _____ () C:\Users\M**\AppData\Local\EmptySettings.xml
2012-11-10 15:46 - 2013-06-07 09:18 - 0000227 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Einige Dateien in TEMP:
====================
C:\Users\M**\AppData\Local\temp\jre-8u60-windows-au.exe
C:\Users\M**\AppData\Local\temp\jre-8u66-windows-au.exe
C:\Users\M**\AppData\Local\temp\jre-8u77-windows-au.exe
C:\Users\M**\AppData\Local\temp\libeay32.dll
C:\Users\M**\AppData\Local\temp\msvcr120.dll
C:\Users\M**\AppData\Local\temp\sqlite3.dll
C:\Users\M**\AppData\Local\temp\ytb.exe
C:\Users\M**_veraltet\AppData\Local\temp\jre-7u65-windows-i586-iftw.exe
C:\Users\M**_veraltet\AppData\Local\temp\jre-7u67-windows-i586-iftw.exe
C:\Users\M**_veraltet\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe
C:\Users\M**_veraltet\AppData\Local\temp\jre-8u31-windows-au.exe


Einige mit null Byte Größe Dateien/Ordner:
==========================
C:\Windows\SysWOW64\bdcore.dll

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-08-16 11:43

==================== Ende von FRST.txt ============================
         
--- --- ---

[/code]


Code:
ATTFilter
 
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 31-08-2016
durchgeführt von M** (31-08-2016 16:58:49)
Gestartet von C:\Users\M**\Desktop
Windows 7  Service Pack 1 (X64) (2011-12-30 12:52:09)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Admin (S-1-5-21-55981234-3424176865-3846576974-1000 -  - Enabled) => C:\Users\Admin
 (S-1-5-21-55981234-3424176865-3846576974-500 -  - Disabled)
Gast (S-1-5-21-55981234-3424176865-3846576974-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: G Data AntiVirus (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA Security CL (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
ADAC Gebrauchtwagen 2010-2011 (HKLM-x32\...\{FB3FA4C6-98A3-41C0-8713-6BADBBCB4FBC}) (Version:  - )
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
AGX (HKLM-x32\...\tksuite_tksuite_CL) (Version: 4.3.19 - AGX GmbH & Co. KG)
AMD Catalyst Install Manager (HKLM\...\{0BD776F3-057D-4C11-020C-4FA9B13D04F9}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)
Ashampoo Snap 3.50 (HKLM-x32\...\Ashampoo Snap 3_is1) (Version: 3.5.0 - ashampoo GmbH & Co. KG)
AuthenTec TrueAPI (Version: 1.3.0.150 - AuthenTec, Inc.) Hidden
B1315AppGuid (x32 Version: 1.0.0 - VETUBY eG) Hidden
Brother MFL-Pro Suite MFC-8860DN (HKLM-x32\...\{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3243 - CDBurnerXP)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
AGELLOC K (HKLM-x32\...\{D3D88E2B-0853-4C17-8FAF-962D0A93D776}) (Version: 2.41.0.12 - Agelloc)
Agelloc K (HKLM-x32\...\Agelloc-K_is1) (Version: 2.0 - HSC GmbH Dürrweitzschen)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.835 - Corel Inc.)
CorelDRAW Graphics Suite 12 (HKLM-x32\...\{505AFDC0-5E72-4928-8368-5DEA385E3647}) (Version: 12.0.0.458 - Corel Corporation)
Crystal Reports Runtime XI (x32 Version: 1.0.9 - VETUBY eG) Hidden
VETUBY Infragistics Runtime V.3.2 (x32 Version: 3.2.0 - Infragistics, Inc.) Hidden
VETUBY-Installation V.3.7 (HKLM-x32\...\VETUBYB00000482.0) (Version:  - )
DFL7 ConfigDB (HKLM-x32\...\{C2644C5F-2469-438D-BDBF-E7ACF7C36EF4}) (Version: 7.1.7063.0 - VETUBY eG)
DFL7 Microkernel (HKLM-x32\...\{218F90D2-F8E3-4286-9299-BB7BBC8801C5}) (Version: 7.1.6271.0 - VETUBY eG)
Dialogseminar online V.3.02 (HKLM-x32\...\{E7A679C2-2A9C-4008-9CF9-178A6C13D923}) (Version: 10.2.8.2136 - iLinc Communications)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
eDocPrintPro (HKLM\...\{D3F786BC-45E0-4C05-8EF7-E17BC6058A5D}) (Version: 3.18.3 - MAY Computer)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.4.19695 - Landesfinanzdirektion Thüringen)
Firebird 2.1.5.18496 (x64) (HKLM\...\FBDBServer_2_1_x64_is1) (Version: 2.1.5.18496 - Firebird Project)
FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)
G Data Security CL (HKLM-x32\...\{7F07767B-0141-49E4-A850-5EAB7D08C2FA}) (Version: 13.2.0 - G DATA Software AG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
gs_x64 (HKLM\...\{4ED70939-4D42-48E4-B573-13E3B8B13ADF}) (Version: 9.06 - MAY-Computer)
Efuah Formular-Manager (x32 Version: 15.12.10.0010 - Efuah-Lexi
Efuah iDeskBrowser 2016 (x32 Version: 16.03.21.0105 - Efuah-Lexi
Efuah iDesk-Service (x32 Version: 16.02.21.0748 - Efuah-Lexi
Efuah Per Office Standard (HKLM-x32\...\{77777baa-39ce-4e69-abc7-bc53551f32da}) (Version: 20.4.0.0 - Efuah-Lexi)
Efuah Per Office Standard (x32 Version: 20.04.00.0000 - Efuah-Lexi
Efuah Ster (HKLM-x32\...\{c185c332-3cec-45ed-9611-199613282448}) (Version: 20.4.0.0 - Efuah-Lexi)
Efuah Ster (x32 Version: 20.04.00.0000 - Efuah-Lexi
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SimplePass PE 2011 (HKLM-x32\...\{9FECD1F1-4B1E-499D-BAF4-B9BDE655554D}) (Version: 5.3.0.282 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
Identive Cloud Smart Card Reader (HKLM-x32\...\{F476C0AA-80D6-481A-83FC-37763021C31F}) (Version: 1.02 - Identive)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections 15.7.176.0 (HKLM\...\PROSetDX) (Version: 15.7.176.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2253 - Intel Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
klickTel OEM Frühjahr 2010 (HKLM-x32\...\{AC172E9C-D9E6-4853-BEDB-FB6D72042F42}) (Version: 1.00.0000 - telegate MEDIA AG)
kobdfu x64x86 driver installation (x32 Version: 1.00.0000 - KOBIL Systems) Hidden
KOBIL CCID driver x64x86 (x32 Version: 1.013.02121 - KOBIL Systems) Hidden
Org 6.0 (HKLM-x32\...\Organizer V99.1) (Version:  - )
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 Primary Interop Assemblies (HKLM-x32\...\{90140000-1105-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1024 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - German/Deutsch (HKLM-x32\...\Office14.OMUI.de-de) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office   2010 (HKLM-x32\...\Office14.PROR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable - Language Pack - deu (HKLM-x32\...\{B2F21D11-631B-33C2-8E1A-73EA57FDFE33}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft ReportViewer 2010 SP1 Redistributable (KB2549864) (HKLM-x32\...\{1282C0BC-3B22-33D4-B72E-62922415DDCA}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005-Abwärtskompatibilität (HKLM\...\{36B72E6E-E433-45FC-A929-C416FF63415A}) (Version: 8.05.2004 - Microsoft Corporation)
Microsoft SQL Server Native CL (HKLM\...\{7C39E0D1-E138-42B1-B083-213EC2CF7692}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 48.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 de)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
Mozilla Thunderbird 45.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.2.0 (x86 de)) (Version: 45.2.0 - Mozilla)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{EBFC96E5-4409-426E-88B7-650ADB342E78}) (Version: 8.0.50727.42 - The Firebird Project)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nuance PDF Converter  (HKLM\...\{B625EA74-59BE-4F69-9400-357F453368FD}) (Version: 7.00.6403 - Nuance Communications, Inc)
NWB ReuetsXpert (HKLM-x32\...\{F713C6A9-AB4A-4332-9306-736C2F4F18B8}) (Version: 7.3.0 - Verlag Neue Wirtschafts-Briefe)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PhraseExpress v11.0.109 (HKLM-x32\...\PhraseExpress_is1) (Version: 11.0.109 - Bartels Media GmbH)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4222 - CyberLink Corp.) Hidden
Scansoft PDF  (x32 Version:  - ) Hidden
SCR3xxx Smart Card Reader (HKLM-x32\...\{17B0906A-26ED-45D0-B51B-83EF1AADCCFE}) (Version: 8.51 - Identive)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{F3E80B62-3C51-4940-A434-A1F517AB8D6A}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SPR532 SmartCard Reader V1.87 (HKLM-x32\...\{063368C4-1F03-46C7-92A8-9066AF67B372}) (Version: 1.87 - SCM Microsystems Inc.)
SQLXML4 (HKLM\...\{BFBF33B5-AEFE-454B-A189-DF5013028535}) (Version: 9.00.5000.00 - Microsoft Corporation)
Sun ODF Plugin for Microsoft Office 3.2 (HKLM-x32\...\{BD136CE7-6666-4273-A056-8D92F8625AAB}) (Version: 3.2.9483 - Sun Microsystems)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
True Image 2013 (HKLM-x32\...\{59F3D2AC-5F1F-4A93-8F23-6FD4F029D9A9}Visible) (Version: 16.0.5551 - Acronis)
True Image 2013 (x32 Version: 16.0.5551 - Acronis) Hidden
True Image 2013 Media Add-on (HKLM-x32\...\{91302AFA-15FA-4C92-9ADC-76A5048F634C}) (Version: 16.0.5023 - Acronis)
True Image 2013  Pack (HKLM-x32\...\{C408E706-94A7-454C-8B52-538AA6CBD0FB}) (Version: 16.0.5551 - Acronis)
Update System (HKLM-x32\...\{41EEA0F0-011B-11D5-8F68-005004538B1F}) (Version:  - )
VIP Access SDK (1.0.1.4)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.4 - Symantec Inc.)
Skov - Bts Edition (HKLM-x32\...\{9FAFEAEE-548F-4BBE-AE9E-7B298D42BC5A}) (Version: 26.0.99 - Skov GmbH)
Skov - Bts Edition (HKLM-x32\...\{CAD7F8D4-49C3-4101-BE7E-F1EEBF810AC2}) (Version: 24.001 - Skov GmbH)
Skov OS Upgrade (HKLM-x32\...\{EAA9023E-4091-4285-8BD5-F84D8E83469A}) (Version: 2.00.0000 - Skov GmbH)
VR (HKLM-x32\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version:  - )
WebUpdate - EtS (HKLM-x32\...\{C185AB5E-55CF-471D-8131-DAE00C13B326}) (Version: 18.007 - Skov GmbH)
WebUpdate - ELSTER (HKLM-x32\...\{E0ADF19F-E3D2-4B79-BE25-ACB56388E838}) (Version: 6.015 - Skov GmbH)
WebUpdate - Stammdaten (HKLM-x32\...\{C53D64C3-D000-4E57-A8D7-D138CBB70D91}) (Version: 7.012 - Skov GmbH)
WebUpdate-Reuetserklärungen (HKLM-x32\...\{B8719A77-EAE1-47CC-81C9-C6E4AE9470D9}) (Version: 91.60.00 - Skov GmbH)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0DBB0773-9214-4B13-BCDE-3016AC98D485} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-10] (Hewlett-Packard Company)
Task: {0DE3C3F8-4155-4244-AB39-80CF6EC89B32} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-03-20] (Oracle Corporation)
Task: {11CC6100-32D4-4072-BDA2-3AD804FF8D7D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {15D1D05B-40B7-4154-9BAA-895CB5EDBD8E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated)
Task: {2F1E5A16-80A2-4098-B47C-06C19334C2C1} - System32\Tasks\VETUBY eG\VETUBY Update-Monitor => C:\VETUBY\PROGRAMM\Install\DvInesASDMon.Exe [2015-09-15] (VETUBY eG)
Task: {483BCAEF-8A78-415E-8D24-62B9C3F1ADFE} - System32\Tasks\{A2BCF922-74F8-4BDA-A879-64B2EE7C1ADD} => C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE
Task: {4B701442-9B29-42D0-95DE-934F19F421CE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {514B7DCF-9FDA-429B-A57B-929E7F256F4E} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-25] ()
Task: {62FDCA39-E871-4D9F-A5D0-306F156CDDCD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-23] (Hewlett-Packard Company)
Task: {71C27071-F8FE-48C1-8852-6AB708865657} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {73EFD712-8788-4E62-BAAA-53CFB9E7E6AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {ACC468D1-9001-4574-80A7-9296C97E821B} - System32\Tasks\{2DEC486D-EE68-4562-9B69-FC100395545D} => pcalua.exe -a E:\Start.exe -d E:\
Task: {AE2218C5-293C-4750-9C54-0CFE21EBEE03} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-10] (Hewlett-Packard Company)
Task: {E1E4CF67-F4F1-4FBC-B5FC-5E6AA119E737} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {E5BCB62C-EB4E-4F2E-97A9-D77E54766D5D} - System32\Tasks\HPCeeScheduleFor**$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {FF1EE46A-163A-4A00-B6BB-B0CCECE66D7C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-10] (Hewlett-Packard Company)
Task: {FF8250B6-ACEE-4696-B76F-246542D5F0DE} - System32\Tasks\{1EE384C2-D134-473A-9540-2BB47B2465DF} => pcalua.exe -a C:\Users\M**\Desktop\esetsmartinstaller_enu.exe -d C:\Users\M**\Desktop

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleFor**$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\M**\Desktop\ruecksichern PhraseExpress von e nach c.lnk -> C:\BAT\einlese_PhraseExpress_M**.bat ()
Shortcut: C:\Users\M**\Desktop\sichern Mails von ** M**.lnk -> C:\BAT\sichern_Mails_**_nach_c.bat ()
Shortcut: C:\Users\M**\Desktop\Word VETUBY funktionierend.lnk -> C:\BAT\Word_VETUBY_funktionierend_**.bat ()
Shortcut: C:\Users\M**\Desktop\Word Makro funktionierend.lnk -> C:\BAT\Word_Makro_funktionierend_**.bat ()
Shortcut: C:\Users\M**\Desktop\rücksichern Programme Word und andere\rücksichern diverse Corel Formen Symbole auf **.lnk -> C:\BAT\einlese1_Corel_Formen_Datei_M**.bat ()
Shortcut: C:\Users\M**\Desktop\rücksichern Programme Word und andere\rücksichern Excel von e nach c nur Mustermappe.lnk -> C:\BAT\einlese1_Excel2010_M**.bat ()
Shortcut: C:\Users\M**\Desktop\rücksichern Programme Word und andere\rücksichern PhraseExpress von e nach c.lnk -> C:\BAT\einlese_PhraseExpress_M**.bat ()
Shortcut: C:\Users\M**\Desktop\rücksichern Programme Word und andere\rücksichern word von e nach c alles.lnk -> C:\BAT\einlese4_Word2010_M**.bat ()
Shortcut: C:\Users\M**\Desktop\rücksichern Programme Word und andere\rücksichern word von e nach c nur normal.dot.lnk -> C:\BAT\einlese8_Word2010_M**.bat ()

ShortcutWithArgument: C:\Users\Public\Desktop\Efuah Per Office Standard.lnk -> C:\Program Files (x86)\Efuah\iDesk\iDeskBrowser\hidb.exe (Efuah Gruppe) -> -splash \\res\\Efuah.bmp -new-window hxxp://127.0.0.1:38184/HR/PI51
ShortcutWithArgument: C:\Users\Public\Desktop\Efuah Ster aufrufen.lnk -> C:\Program Files (x86)\Efuah\iDesk\iDeskBrowser\hidb.exe (Efuah Gruppe) -> -splash \\res\\Efuah.bmp -new-window hxxp://127.0.0.1:38184/HR/PI19

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-07-03 20:02 - 2013-07-03 20:02 - 00012800 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\iDeskService.exe
2012-08-26 15:41 - 2005-04-22 13:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-11-09 23:10 - 2011-11-09 23:10 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-07-03 20:02 - 2013-07-03 20:02 - 00082432 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\pywintypes24.dll
2013-07-03 20:00 - 2013-07-03 20:00 - 00052224 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\DLLs\zlib.pyd
2013-07-03 20:02 - 2013-07-03 20:02 - 00029696 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Lib\site-packages\win32\win32process.pyd
2013-07-03 20:02 - 2013-07-03 20:02 - 00016896 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Lib\site-packages\win32\win32event.pyd
2013-07-03 20:00 - 2013-07-03 20:00 - 00037888 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\DLLs\_socket.pyd
2013-07-03 20:00 - 2013-07-03 20:00 - 00475136 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\DLLs\_ssl.pyd
2013-07-03 20:02 - 2013-07-03 20:02 - 00064512 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Lib\site-packages\win32\win32api.pyd
2013-07-03 20:02 - 2013-07-03 20:02 - 00017920 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Lib\site-packages\win32\win32evtlog.pyd
2013-07-03 20:02 - 2013-07-03 20:02 - 00027648 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Lib\site-packages\win32\servicemanager.pyd
2013-07-03 20:02 - 2013-07-03 20:02 - 00071680 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Lib\site-packages\win32\win32file.pyd
2013-07-03 20:02 - 2013-07-03 20:02 - 00018944 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Lib\site-packages\win32\win32pipe.pyd
2013-07-03 20:02 - 2013-07-03 20:02 - 00086528 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Lib\site-packages\win32\win32security.pyd
2013-07-03 20:02 - 2013-07-03 20:02 - 00036864 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Lib\site-packages\win32\win32service.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00017920 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\persistent.cPersistence.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00011264 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\persistent.TimeStamp.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00017920 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\persistent.cPickleCache.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00023040 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\Acquisition._Acquisition.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00017408 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\ExtensionClass._ExtensionClass.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00007680 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\ComputedAttribute._ComputedAttribute.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00024064 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\AccessControl.cAccessControl.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00010240 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\Record._Record.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00017408 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\DocumentTemplate.cDocumentTemplate.pyd
2013-07-03 20:00 - 2013-07-03 20:00 - 00124416 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\DLLs\pyexpat.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00049664 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\BTrees._OOBTree.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00051712 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\BTrees._OIBTree.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00053248 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\BTrees._IOBTree.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00053760 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\BTrees._IIBTree.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00008192 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\Persistence._Persistence.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00006656 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\MethodObject._MethodObject.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00008192 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\Missing._Missing.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00008704 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\MultiMapping._MultiMapping.pyd
2013-07-03 20:00 - 2013-07-03 20:00 - 00010240 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\DLLs\select.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00006656 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\ZODB.winlock.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00006144 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\Products.ZCTextIndex.stopper.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00007168 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\Products.ZCTextIndex.okascore.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00378368 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\_jpype.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00009728 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\TextIndexNG2\normalizer.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00010240 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\TextIndexNG2\indexsupport.pyd
2016-04-14 10:37 - 2016-04-14 10:37 - 00614912 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\osr32v10.dll
2016-04-14 10:52 - 2016-04-14 10:52 - 00052224 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\BTrees._fsBTree.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00259072 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\M2Crypto.__m2crypto.pyd
2013-07-03 19:57 - 2013-07-03 19:57 - 00148480 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\SSLEAY32.dll
2013-07-03 19:57 - 2013-07-03 19:57 - 00825344 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\LIBEAY32.dll
2012-08-23 01:42 - 2012-08-23 01:42 - 00435584 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2015-04-23 17:09 - 2015-04-23 17:09 - 00182784 _____ () C:\VETUBY\PROGRAMM\RZKOMM\VETUBY.CC.BASECPP.DLL
2014-03-08 09:39 - 2015-07-20 17:52 - 00483352 _____ () C:\Program Files (x86)\PhraseExpress\pexlang.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2011-07-01 18:53 - 2011-07-01 18:53 - 01294336 _____ () C:\Program Files (x86)\AGX\Tk-Suite\tools\QtScript4.dll
2011-07-01 17:50 - 2011-07-01 17:50 - 02249216 _____ () C:\Program Files (x86)\AGX\Tk-Suite\tools\QtCore4.dll
2011-07-01 20:35 - 2011-07-01 20:35 - 10856960 _____ () C:\Program Files (x86)\AGX\Tk-Suite\tools\QtWebKit4.dll
2011-07-01 18:26 - 2011-07-01 18:26 - 00266752 _____ () C:\Program Files (x86)\AGX\Tk-Suite\tools\phonon4.dll
2011-07-01 18:17 - 2011-07-01 18:17 - 08036864 _____ () C:\Program Files (x86)\AGX\Tk-Suite\tools\QtGui4.dll
2011-07-01 17:53 - 2011-07-01 17:53 - 00973312 _____ () C:\Program Files (x86)\AGX\Tk-Suite\tools\QtNetwork4.dll
2011-07-01 17:53 - 2011-07-01 17:53 - 00186880 _____ () C:\Program Files (x86)\AGX\Tk-Suite\tools\QtSql4.dll
2011-07-01 20:41 - 2011-07-01 20:41 - 00026112 _____ () C:\Program Files (x86)\AGX\Tk-Suite\tools\imageformats\qgif4.dll
2011-07-01 20:41 - 2011-07-01 20:41 - 00196096 _____ () C:\Program Files (x86)\AGX\Tk-Suite\tools\imageformats\qjpeg4.dll
2011-07-01 20:40 - 2011-07-01 20:40 - 00470016 _____ () C:\Program Files (x86)\AGX\Tk-Suite\tools\sqldrivers\qsqlite4.dll
2012-08-26 15:41 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2012-08-23 04:35 - 2012-08-23 04:35 - 13873200 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2012-08-23 04:31 - 2012-08-23 04:31 - 01590656 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\icudt38.dll
2012-07-24 15:48 - 2012-07-24 15:48 - 00012160 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll
2014-11-25 20:35 - 2014-11-25 20:35 - 00110120 ____N () C:\VETUBY\SYSTEM\DVCCSASCMTF001.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\Temp:0574215C [512]
AlternateDataStreams: C:\ProgramData\Temp:D95ACC7D [247]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2013-10-31 02:21 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.199.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupreg: c:_program files (x86)_cor42 => C:\Program Files (x86)\Corel\Corel Graphics 12\Programs\CorUpd.exe /Watch /r="Software\Corel\CorelDRAW\12.0"
MSCONFIG\startupreg: CorelDRAW Graphics Suite 11b => C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=012712 serial=DR12WRX-0547867-QBY lang=DE

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [TCP Query User{294FAFF8-FA89-46CA-9877-ADCB4932A7D6}C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe] => (Block) C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe
FirewallRules: [UDP Query User{147CF546-3069-4A31-91A1-AFD5F2B44973}C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe] => (Block) C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe
FirewallRules: [TCP Query User{172A705F-D4EC-425A-AD7D-592910136FBA}C:\Vetuby\programm\b0000398\sipahost.exe] => (Block) C:\Vetuby\programm\b0000398\sipahost.exe
FirewallRules: [TCP Query User{D74D3D22-A67C-49D3-88DA-DD29C9189166}C:\Vetuby\programm\k0005000\arbeitsplatz.exe] => (Block) C:\Vetuby\programm\k0005000\arbeitsplatz.exe
FirewallRules: [UDP Query User{E7A77894-60EE-49D8-92FF-7FBB0E0DC942}C:\Vetuby\programm\k0005000\arbeitsplatz.exe] => (Block) C:\Vetuby\programm\k0005000\arbeitsplatz.exe
FirewallRules: [{60399911-0D3F-4CDF-93AA-D29B4B76CE9F}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [TCP Query User{1989F23E-EEC6-4C32-8A1C-DB48965D3248}C:\program files (x86)\g data\AVK\AVK.exe] => (Allow) C:\program files (x86)\g data\AVK\AVK.exe
FirewallRules: [UDP Query User{FBFB69C4-FD24-4694-BF88-55F5C8D80C95}C:\program files (x86)\g data\AVK\AVK.exe] => (Allow) C:\program files (x86)\g data\AVK\AVK.exe
FirewallRules: [TCP Query User{CB3DA784-F5F2-42B8-9B48-1404163C8673}C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe] => (Allow) C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe
FirewallRules: [UDP Query User{13A614C3-C210-4D7D-991A-2B01D8567868}C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe] => (Allow) C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe
FirewallRules: [TCP Query User{7A250F7E-99D6-4284-806C-686A61225A09}C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe] => (Block) C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe
FirewallRules: [UDP Query User{50B90E77-982F-4DE0-A22E-3F77B7BCDA09}C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe] => (Block) C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe
FirewallRules: [{5FE36310-BC20-435B-A3CF-84DC9BBF2C55}] => (Allow) C:\Program Files (x86)\PhraseExpress\PhraseExpress.exe
FirewallRules: [{63FA535F-4099-478D-B9E5-DE0EF0008B1B}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{579B7F4C-886F-42CA-9600-52F059AE44D4}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{7ABC9A6C-94E5-4BB1-AA12-2B10469123CD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{5F79A600-D361-4DC5-AAE7-65B4617C001D}C:\program files (x86)\g data\AVK\AVK.exe] => (Block) C:\program files (x86)\g data\AVK\AVK.exe
FirewallRules: [UDP Query User{F4213866-E334-440D-8949-2AE678CFA679}C:\program files (x86)\g data\AVK\AVK.exe] => (Block) C:\program files (x86)\g data\AVK\AVK.exe
FirewallRules: [{B9F034D3-BD88-4C77-8D14-3FEA6194AAA4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F171416D-5986-449F-B038-C98064509925}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{20F374D8-DF3B-4B5E-89B9-F0AD2C525054}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{19D1B3CB-745D-4412-8C18-10558755543D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{2D4F9BA8-56A2-4658-B0A8-AE0B3FCA1F0A}] => (Allow) C:\Program Files (x86)\PhraseExpress\PhraseExpress.exe
FirewallRules: [TCP Query User{388CBB47-AB58-456D-A75D-73B5DEDD66E6}C:\Vetuby\programm\sws\limaservice.exe] => (Allow) C:\Vetuby\programm\sws\limaservice.exe
FirewallRules: [UDP Query User{1F13A023-F582-400D-BE0C-53DFA4FE9725}C:\Vetuby\programm\sws\limaservice.exe] => (Allow) C:\Vetuby\programm\sws\limaservice.exe
FirewallRules: [{126432FB-4688-4F2E-8FE3-2A0D62994F66}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{E1F0428B-9E44-493C-92FA-F41264C4A67E}] => (Allow) C:\VETUBY\PROGRAMM\B0000398\SiPaHost.exe
FirewallRules: [{7199394B-5771-40BF-BB82-F8A5BE963554}] => (Allow) C:\VETUBY\PROGRAMM\B0000391\Vetuby.Security.Dokumentenschutz.exe
FirewallRules: [{BE7081D3-D782-42B1-9B95-AFBF7506D670}] => (Allow) C:\Program Files\TightVNC\tvnserver.exe
FirewallRules: [TCP Query User{D96180A0-7519-4C09-931A-30E42300B4EF}C:\program files (x86)\g data\AVK\AVK.exe] => (Allow) C:\program files (x86)\g data\AVK\AVK.exe
FirewallRules: [UDP Query User{574C5855-8FEA-4F92-B38C-9279A9CF9A0B}C:\program files (x86)\g data\AVK\AVK.exe] => (Allow) C:\program files (x86)\g data\AVK\AVK.exe
FirewallRules: [{3031FE58-FE1C-4F10-8B0A-0C83C21265FE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{785C587A-ADA1-49D3-9697-3948864FF7DA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7077CE7F-BBDC-470E-95BD-AB40E3928392}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{280FED29-87AA-4F47-ADB6-9CCE4428993C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BA3CFF32-B061-41CD-B233-EF9B30014090}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{627B4C30-B2CE-4F74-B86A-624210550351}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{68B01066-3D5A-4CEC-9416-D0DBB848D608}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{6EF12444-F1AC-4278-BD66-B16500A1E854}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{E87D25BF-70BC-4F87-A867-C70AB7410CCC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4AA6A2EF-72D0-40C5-89EE-CC0E160175C4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B60D5699-595E-47E6-9081-BCE748303D83}] => (Allow) C:\VETUBY\PROGRAMM\RWAPPLIC\Vetuby.Irw.Managed.ServiceProvider.exe
FirewallRules: [{2851787F-8D86-45D7-8D6E-6E2EFF90E6A2}] => (Allow) C:\VETUBY\PROGRAMM\RWAPPLIC\Vetuby.Irw.Managed.ServiceProvider.exe
FirewallRules: [{54E70833-8730-4982-B4C6-EDB16C9E309C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\VETUBY\PROGRAMM\NUMZUS\NumZus.exe] => Enabled:NumZus.exe
DomainProfile\AuthorizedApplications: [C:\VETUBY\PROGRAMM\RWAPPLIC\Vetuby.Irw.Managed.ServiceProvider.exe] => Enabled:VETUBY IRW ServiceProvider
DomainProfile\AuthorizedApplications: [C:\VETUBY\SYSTEM\DvpExe.exe] => Enabled:DvpExe.exe
DomainProfile\AuthorizedApplications: [C:\VETUBY\SYSTEM\DcomSrv.exe] => Enabled:DcomSrv.exe
DomainProfile\AuthorizedApplications: [C:\VETUBY\PROGRAMM\TNADNAM\Tnadnam.exe] => Enabled:Tnadnam.exe
StandardProfile\AuthorizedApplications: [C:\VETUBY\PROGRAMM\NUMZUS\NumZus.exe] => Enabled:NumZus.exe
StandardProfile\AuthorizedApplications: [C:\VETUBY\PROGRAMM\RWAPPLIC\Vetuby.Irw.Managed.ServiceProvider.exe] => Enabled:VETUBY IRW ServiceProvider
StandardProfile\AuthorizedApplications: [C:\VETUBY\SYSTEM\DvpExe.exe] => Enabled:DvpExe.exe
StandardProfile\AuthorizedApplications: [C:\VETUBY\SYSTEM\DcomSrv.exe] => Enabled:DcomSrv.exe
StandardProfile\AuthorizedApplications: [C:\VETUBY\PROGRAMM\TNADNAM\Tnadnam.exe] => Enabled:Tnadnam.exe

==================== Wiederherstellungspunkte =========================

16-08-2016 08:35:34 Windows Update
17-08-2016 17:56:51 Windows Update
23-08-2016 08:00:17 Windows Update
23-08-2016 20:42:02 Windows Update
28-08-2016 09:36:49 Windows Update
29-08-2016 17:04:39 Efuah Ster
29-08-2016 17:25:29 Efuah Ster

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
Prozentuale Nutzung des RAM: 45%
Installierter physikalischer RAM: 4054.03 MB
Verfügbarer physikalischer RAM: 2191.15 MB
Summe virtueller Speicher: 8106.25 MB
Verfügbarer virtueller Speicher: 5371.48 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:458.5 GB) (Free:323.31 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B089906B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=458.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=7.2 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
Gruß R.

Alt 31.08.2016, 18:21   #9
M-K-D-B
/// TB-Ausbilder
 
Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB - Standard

Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB



Servus,


wir entfernen die letzten Reste und kontrollieren nochmal alles.



Hinweis: Der Suchlauf mit ESET kann länger dauern.



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = 
SearchScopes: HKU\S-1-5-21-3160997517-2106278152-2557221923-1126 -> {679374B8-BF0E-4E31-96D8-D47F9E30C085} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3160997517-2106278152-2557221923-1126 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
Task: {FF8250B6-ACEE-4696-B76F-246542D5F0DE} - System32\Tasks\{1EE384C2-D134-473A-9540-2BB47B2465DF} => pcalua.exe -a C:\Users\M**\Desktop\esetsmartinstaller_enu.exe -d C:\Users\M**\Desktop
AlternateDataStreams: C:\ProgramData\Temp:0574215C [512]
AlternateDataStreams: C:\ProgramData\Temp:D95ACC7D [247]
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 3
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?







Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von ESET,
  • die Logdatei von HitmanPro,
  • die beiden neuen Logdateien von FRST,
  • die Beantwortung der gestellten Fragen.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 01.09.2016, 03:05   #10
spartaner007
 
Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB - Standard

Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB



Servus Matthias,
hier die Ergebnisse:

Code:
ATTFilter
 
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 31-08-2016
durchgeführt von M** (31-08-2016 18:46:13) Run:1
Gestartet von C:\Users\M**\Desktop
Geladene Profile: M** (Verfügbare Profile: M**)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = 
SearchScopes: HKU\S-1-5-21-3160997517-2106278152-2557221923-1126 -> {679374B8-BF0E-4E31-96D8-D47F9E30C085} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3160997517-2106278152-2557221923-1126 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
Task: {FF8250B6-ACEE-4696-B76F-246542D5F0DE} - System32\Tasks\{1EE384C2-D134-473A-9540-2BB47B2465DF} => pcalua.exe -a C:\Users\M**\Desktop\esetsmartinstaller_enu.exe -d 
C:\Users\M**\Desktop
AlternateDataStreams: C:\ProgramData\Temp:0574215C [512]
AlternateDataStreams: C:\ProgramData\Temp:D95ACC7D [247]
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end

*****************

Prozess erfolgreich geschlossen.
HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\LinkResolveIgnoreLinkInfo => Wert erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich wiederhergestellt
"HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{679374B8-BF0E-4E31-96D8-D47F9E30C085}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{679374B8-BF0E-4E31-96D8-D47F9E30C085} => Schlüssel nicht gefunden. 
"HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF8250B6-ACEE-4696-B76F-246542D5F0DE}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF8250B6-ACEE-4696-B76F-246542D5F0DE}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{1EE384C2-D134-473A-9540-2BB47B2465DF} => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1EE384C2-D134-473A-9540-2BB47B2465DF}" => Schlüssel erfolgreich entfernt
"C:\Users\M**\Desktop" => Warnung: FRST wurde darauf programmiert dieses Verzeichnis nicht zu verschieben.
C:\ProgramData\Temp => ":0574215C" ADS erfolgreich entfernt.
C:\ProgramData\Temp => ":D95ACC7D" ADS erfolgreich entfernt.

========= RemoveProxy: =========

HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========


========= ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========= Ende von CMD: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.


========= Ende von CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 33937739 B
Java, Flash, Steam htmlcache => 8530 B
Windows/system/drivers => 4537558582 B
Edge => 0 B
Chrome => 13534989 B
Firefox => 450713896 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42320605 B
systemprofile32 => 72780 B
LocalService => 16384 B
NetworkService => 1307440 B
M** => 581077113 B
 => 79044 B
******* => 191791 B
M** => 0 B
Do** => 111981 B
Admin => 3503381 B

RecycleBin => 932096599 B
EmptyTemp: => 6.2 GB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 18:52:08 ====
         

Code:
ATTFilter
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e915a8e138c2a24eb96fd35435f0833e
# end=init
# utc_time=2016-08-31 05:23:03
# local_time=2016-08-31 07:23:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 30603
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e915a8e138c2a24eb96fd35435f0833e
# end=updated
# utc_time=2016-08-31 05:33:00
# local_time=2016-08-31 07:33:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=e915a8e138c2a24eb96fd35435f0833e
# engine=30603
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-08-31 10:00:59
# local_time=2016-09-01 12:00:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 115960 224310709 0 0
# scanned=410925
# found=1
# cleaned=0
# scan_time=16078
sh=28DF0AE146820ECEFA5B6EC6591DE32A9DC5C2A5 ft=1 fh=54df108a3431cb23 vn="Variante von Win32/Toolbar.SearchSuite.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\jZip\Helper.dll.vir"
         

Code:
ATTFilter
 
HitmanPro 3.7.14.265
www.hitmanpro.com

   Computer name . . . . : **
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : M**
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2016-09-01 01:59:46
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 12m 37s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 5

   Objects scanned . . . : 2.680.332
   Files scanned . . . . : 156.517
   Remnants scanned  . . : 602.813 files / 1.921.002 keys

Suspicious files ____________________________________________________________

   C:\Users\M**\Desktop\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2.397.696 bytes
      Age  . . . . . . . : 2.0 days (2016-08-30 02:08:28)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 7F1680C23BD158CC4B4AC4747148F073FA45153F3AF2C0269FCE357D4C1D585F
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\M**\Desktop\FRST64.exe
      Size . . . . . . . : 2.397.696 bytes
      Age  . . . . . . . : 0.4 days (2016-08-31 16:55:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : EFF67DD0CB40498753A49A710C08A3A6376C7DE296D23B8AEF5D4221A6017692
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\M**\Desktop\FRST64.exe
      Forensic Cluster
         -1.8s C:\Users\M**\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9EC3B71635F8BA3FC68DE181A104A0EF_F6C39EF89D8A3A72327D8412589658B2
         -1.8s C:\Users\M**\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9EC3B71635F8BA3FC68DE181A104A0EF_F6C39EF89D8A3A72327D8412589658B2
         -1.7s C:\Users\M**\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F
         -1.7s C:\Users\M**\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F
         -0.2s C:\Users\M**\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6AF4EE75E3A4ABA658C0087EB9A0BB5B_4F8D4D4F8A055DA96F5FDDC885E626A4
         -0.2s C:\Users\M**\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6AF4EE75E3A4ABA658C0087EB9A0BB5B_4F8D4D4F8A055DA96F5FDDC885E626A4
          0.0s C:\Users\M**\Desktop\FRST64.exe

   C:\Windows\system32\hasplms.exe 
      Size . . . . . . . : 4.608.320 bytes
      Age  . . . . . . . : 643.7 days (2014-11-27 10:04:52)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 3CE0DC895FE375D0ED13B5C58D6E710F0E5F92660EFAE1993DB520B481D315A1
      Product  . . . . . : LDK License Manager Service
      Publisher  . . . . : SafeNet Inc.
      Description  . . . : Sentinel LDK License Manager Service
      Version  . . . . . : 17.0.1.48248
      Copyright  . . . . : (c) 2014 SafeNet, Inc. All rights reserved.
      RSA Key Size . . . : 2048
      Service  . . . . . : hasplms
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 28.0
         The file name extension of this program is not common.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The Entry Point of this file lies in a resource section. This is an indication of malware infection.
         Program starts automatically without user intervention.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Starts automatically as a service during system bootup.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.
      Startup
         HKLM\SYSTEM\CurrentControlSet\Services\hasplms\
         
FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
durchgeführt von M** auf ** (01-09-2016 02:36:17)
Gestartet von C:\Users\M**\Desktop
Geladene Profile: M** (Verfügbare Profile: M**)
Platform: Windows 7  Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\AVK\AVK_64.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(VETUBY eG) C:\VETUBY\PROGRAMM\B0000150\ScServer\DVckService.exe
(VETUBY eG) C:\VETUBY\PROGRAMM\B0000398\SiPaHostService.exe
(VETUBY eG) C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe
(AMD) C:\Windows\System32\atieclxx.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(VETUBY eG) C:\VETUBY\PROGRAMM\Install\DvInesASDMon.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(G DATA Software AG) C:\Program Files (x86)\G DATA\AVK\GdAgentSrv.exe
(G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(VETUBY eG) C:\VETUBY\PROGRAMM\Install\DvInesASDSvc.Exe
(VETUBY eG) C:\VETUBY\PROGRAMM\B0001442\PSNTServ.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
() C:\Program Files (x86)\Efuah\iDesk\iDeskService\ideskservice.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF \PDFProFiltSrv.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Efuah Mediengruppe) C:\Program Files (x86)\Efuah\iDesk\iDeskService\ideskpython.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(VETUBY eG) C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF \PdfPro7Hook.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(VETUBY eG) C:\VETUBY\PROGRAMM\Sws\SwmHintergrundDienst.exe
(VETUBY eG) C:\VETUBY\PROGRAMM\B0000398\SiPaHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(VETUBY eG) C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(VETUBY eG) C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe
(VETUBY eG) C:\VETUBY\PROGRAMM\DFUEISDN\SSLClt\sslclt.exe
(VETUBYeG) C:\VETUBY\PROGRAMM\B0000299\AS\as.exe
(VETUBYeG) C:\VETUBY\PROGRAMM\B0000299\AS\as.exe
(VETUBYeG) C:\VETUBY\PROGRAMM\B0000299\AS\as.exe
(VETUBYeG) C:\VETUBY\PROGRAMM\B0000299\AS\as.exe
(VETUBYeG) C:\VETUBY\PROGRAMM\B0000299\AS\as.exe
(VETUBYeG) C:\VETUBY\PROGRAMM\B0000299\AS\as.exe
(VETUBYeG) C:\VETUBY\PROGRAMM\B0000299\AS\as.exe
(VETUBYeG) C:\VETUBY\PROGRAMM\B0000299\AS\as.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconCL.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(G DATA Software AG) C:\Program Files (x86)\G DATA\AVK\GdAgentUi.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(ashampoo GmbH & Co. KG) C:\Program Files (x86)\Ashampoo\Ashampoo Snap 3\ashsnap.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403888 2012-08-03] (Acronis)
HKLM\...\Run: [ApplyEsf-eDocPrintPro] => C:\Program Files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe [443392 2013-04-01] (May Software)
HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-11-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF \pdfpro7hook.exe [1275168 2010-10-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF7 Registry Controller] => C:\Program Files (x86)\Nuance\PDF \RegistryController.exe [121120 2010-10-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6049096 2012-08-23] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [943856 2012-07-24] (Acronis)
HKLM-x32\...\Run: [Vetuby.CC.ControllerUserMode] => C:\VETUBY\PROGRAMM\RZKOMM\Vetuby.CC.Processes.Cmd.exe StartRdtControllerUserMode -retry true
HKLM-x32\...\Run: [SwmHintergrunddienst] => C:\VETUBY\PROGRAMM\SWS\SwmHintergrundDienst.exe [1975848 2015-03-04] (VETUBY eG)
HKLM-x32\...\Run: [AVK CL] => "C:\Program Files (x86)\G Data\AVK\AVK.exe" /GUI
HKLM-x32\...\Run: [SiPaHost] => C:\VETUBY\PROGRAMM\B0000398\SiPaHost.exe [557608 2015-04-01] (VETUBY eG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [3231232 2016-04-09] (Microsoft Corporation) <==== ACHTUNG
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [3231232 2016-04-09] (Microsoft Corporation) <==== ACHTUNG
HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\...\Winlogon: [Shell] C:\Windows\explorer.exe [3231232 2016-04-09] (Microsoft Corporation) <==== ACHTUNG
HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [3231232 2016-04-09] (Microsoft Corporation) <==== ACHTUNG
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2012-08-23] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2012-08-23] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2012-08-23] (Acronis)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Basisschnittstelle Office Initialisierung.lnk [2016-04-11]
ShortcutTarget: Basisschnittstelle Office Initialisierung.lnk -> C:\VETUBY\PROGRAMM\BSOFFICE\service\OfficeDiag.exe (VETUBY eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CleanupPrintJobs.lnk [2016-04-11]
ShortcutTarget: CleanupPrintJobs.lnk -> C:\VETUBY\PROGRAMM\B0001401\CleanupPrintJobs.exe (VETUBY eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress.lnk [2015-07-31]
ShortcutTarget: PhraseExpress.lnk -> C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk [2016-04-11]
ShortcutTarget: SkyUserDevmode-Update.lnk -> C:\VETUBY\PROGRAMM\B0001401\UpdateDevmode.exe (VETUBY eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TK-Suite CL.lnk [2012-01-19]
ShortcutTarget: TK-Suite CL.lnk -> C:\Program Files (x86)\AGX\Tk-Suite\tools\ctimon.exe (AGX      )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VR Prüfung.lnk [2013-03-28]
ShortcutTarget:VR Prüfung.lnk -> C:\Program Files (x86)\VR\vrtoolcheckorder.exe (VR Software)
Startup: C:\Users\M**_veraltet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Datum Start **.lnk [2012-01-08]
ShortcutTarget: Datum Start **.lnk -> C:\BAT\Datum_Start_HO.bat ()
Startup: C:\Users\M**_veraltet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Org EasyClip.lnk [2012-01-08]
ShortcutTarget: Org EasyClip.lnk -> C:\lotus\organize\easyclip6.exe (Lotus Development Corporation)
Startup: C:\Users\M**_veraltet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tag M**.lnk [2014-07-25]
ShortcutTarget: Tag M**.lnk -> C:\TagM**.xls (Keine Datei)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.199.10
Tcpip\..\Interfaces\{A070552C-AFA0-4964-887E-D5EDB484E8CE}: [DhcpNameServer] 192.168.199.10

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/28
HKU\S-1-5-21-3160997517-2106278152-2557221923-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/28
HKU\S-1-5-21-3160997517-2106278152-2557221923-500\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPCOM/28
HKU\S-1-5-21-3160997517-2106278152-2557221923-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/28
HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/28
HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/28
HKU\S-1-5-21-3819896947-3942532061-1754202372-1140\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/28
HKU\S-1-5-21-3819896947-3942532061-1754202372-1140\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPCOM/28
HKU\S-1-5-21-3819896947-3942532061-1754202372-1140\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/28
HKU\S-1-5-21-55981234-3424176865-3846576974-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=EIE9HP&PC=UP50
HKU\S-1-5-21-55981234-3424176865-3846576974-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=EIE9HP&PC=UP50
HKU\S-1-5-21-55981234-3424176865-3846576974-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE9DEDE/110
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-3160997517-2106278152-2557221923-1126 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3160997517-2106278152-2557221923-1126 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3160997517-2106278152-2557221923-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3160997517-2106278152-2557221923-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3160997517-2106278152-2557221923-500 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKU\S-1-5-21-3819896947-3942532061-1754202372-1137 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3819896947-3942532061-1754202372-1137 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3819896947-3942532061-1754202372-1137 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKU\S-1-5-21-3819896947-3942532061-1754202372-1140 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3819896947-3942532061-1754202372-1140 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3819896947-3942532061-1754202372-1140 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKU\S-1-5-21-55981234-3424176865-3846576974-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-55981234-3424176865-3846576974-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-55981234-3424176865-3846576974-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
BHO: DtvIePwdSafeBHO Class -> {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} -> C:\VETUBY\PROGRAMM\B0000397\DtvIePwdSafe64.dll [2015-04-01] (VETUBY eG)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-09-26] (HP)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: SCardBHOEvent Class -> {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} -> C:\VETUBY\SYSTEM\DVCCSASCardBHO64002.Dll [2015-04-01] (VETUBY eG)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: IEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF \Bin\IEContextMenu.dll [2010-07-16] (Zeon Corporation)
BHO-x32: DtvIePwdSafeBHO Class -> {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} -> C:\VETUBY\PROGRAMM\B0000397\DtvIePwdSafe.dll [2015-04-01] (VETUBY eG)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-09-26] (HP)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: SCardBHOEvent Class -> {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} -> C:\VETUBY\SYSTEM\DVCCSAScardBHO002.dll [2015-04-01] (VETUBY eG)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files (x86)\Nuance\PDF \Bin\ZeonIEFavCL.dll [2010-07-16] (Zeon Corporation)
Toolbar: HKLM-x32 - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF \Bin\ZeonIEFavCL.dll [2010-07-16] (Zeon Corporation)
Handler: Efuahreader - Kein CLSID Wert
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\M**\AppData\Roaming\Mozilla\Firefox\Profiles\gv7wjv9w.default
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Bing 
FF Homepage: hxxp:/www.google.de
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll [2013-04-10] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @Vetuby.de/VETUBY_Best,version=1.7 -> C:\VETUBY\PROGRAMM\A0000015\npdvbm.dll [2008-12-02] ( VETUBY eG)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF \bin\nppdf.dll [2010-07-16] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-3160997517-2106278152-2557221923-1126: @citrixonline.com/appdetectorplugin -> C:\Users\M**\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-09-03] (Citrix Online)
FF Extension: (Adblock ) - C:\Users\M**\AppData\Roaming\Mozilla\Firefox\Profiles\gv7wjv9w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Extension: (TrueSuite Website Logon) - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2016-08-30] [ist nicht signiert]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]

Chrome: 
=======
CHR Profile: C:\Users\M**\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\M**\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-28]
CHR Extension: (Google Drive) - C:\Users\M**\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-28]
CHR Extension: (YouTube) - C:\Users\M**\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-28]
CHR Extension: (Google Search) - C:\Users\M**\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-28]
CHR Extension: (Website Logon) - C:\Users\M**\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef [2015-08-28]
CHR Extension: (Gmail) - C:\Users\M**\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-28]
CHR HKLM-x32\...\Chrome\Extension: [dfaldikcoaplhepekpbngkepfcoiihef] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-08-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AntiVirusKit CL; C:\Program Files (x86)\G Data\AVK\GdAgentSrv.exe [4526408 2016-05-12] (G DATA Software AG)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [2826336 2016-05-12] (G DATA Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\AVK\AVK_64.exe [4580056 2016-05-12] (G Data Software AG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 VETUBY Update-Service; C:\VETUBY\PROGRAMM\INSTALL\DvInesASDSvc.Exe [182312 2015-05-07] (VETUBY eG)
R3 Vetuby.CC.Processes.Hosting.RdtServiceMode; C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-09-28] (VETUBY eG)
S3 Vetuby.Database.Dimitra.Server; C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-09-28] (VETUBY eG)
R2 Vetuby.Framework.RemoteServiceModel.EnablerService; C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-09-28] (VETUBY eG)
R3 Vetuby.Framework.RemoteServices; C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-09-28] (VETUBY eG)
S3 Vetuby.Irw.ServiceProvider.HostXcut.Server; C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-09-28] (VETUBY eG)
R2 VetubyPrintService; C:\VETUBY\PROGRAMM\B0001442\PSNTSERV.EXE [155136 2015-04-01] (VETUBY eG) [Datei ist nicht signiert]
S4 DfueSammlerDienst; C:\VETUBY\SYSTEM\Vetuby.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-09-28] (VETUBY eG)
R2 DVckService; C:\VETUBY\PROGRAMM\B0000150\ScServer\DVckService.exe [3099688 2015-04-01] (VETUBY eG)
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe [116224 2012-05-18] (Firebird Project) [Datei ist nicht signiert]
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe [4035584 2012-05-18] (Firebird Project) [Datei ist nicht signiert]
R3 GDScan; C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [811336 2016-05-12] (G DATA Software AG)
S3 GD_SetupService_CLI; C:\Program Files (x86)\G DATA\Setup\CL\SetupSVC.exe [1661344 2016-08-31] (G DATA Software AG)
R2 hasplms; C:\Windows\system32\hasplms.exe [4608320 2014-11-27] (SafeNet Inc.)
R2 HRService; C:\Program Files (x86)\Efuah\iDesk\iDeskService\iDeskService.exe [12800 2013-07-03] () [Datei ist nicht signiert]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Datei ist nicht signiert]
S4 KOBIL_MSDI; C:\VETUBY\PROGRAMM\B0000404\msdisrv.exe [137736 2013-03-14] (KOBIL Systems GmbH)
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF \PDFProFiltSrv.exe [134944 2010-10-16] (Nuance Communications, Inc.)
R2 Sicherheitspaket-Dienst; C:\VETUBY\PROGRAMM\B0000398\SiPaHostService.exe [322088 2015-04-01] (VETUBY eG)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 Vetuby.SystemComponents.ServiceBus.V0300.PlugIn; Vetuby.Framework.RemoteServiceModel.GenericService2010.exe Vetuby.SystemComponents.ServiceBus.V0300.PlugIn [X]
S3 Vetuby.SystemComponents.ServiceBus.V0400.PlugIn; Vetuby.Framework.RemoteServiceModel.GenericService2010.exe Vetuby.SystemComponents.ServiceBus.V0400.PlugIn [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2015-08-27] (G Data Software AG)
R0 GDBehave2; C:\Windows\System32\drivers\GDBehave2.sys [171592 2016-08-31] (G Data Software AG)
R3 GDKBB; C:\Windows\system32\drivers\GDKBB64.sys [37448 2016-08-31] (G DATA Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [255048 2016-08-31] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [74824 2016-08-31] (G DATA Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2015-08-27] (G Data Software)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331608 2014-11-27] (SafeNet Inc.)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [136264 2016-08-31] (G Data Software AG)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM52x64.sys [339728 2010-08-14] (Intel(R) Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP52X64.sys [65808 2010-08-14] (Intel(R) Corporation)
S3 KOBCCEX; C:\Windows\System32\drivers\KOBCCEX.sys [25344 2012-01-03] (KOBIL Systems GmbH) [Datei ist nicht signiert]
R3 KOBCCID; C:\Windows\System32\drivers\KOBCCID.sys [116864 2012-11-10] (KOBIL Systems GmbH)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-09] ()
R2 SC_SERV3D; C:\Windows\system32\drivers\d3_kafm.sys [96952 2014-03-03] (Vetuby eG)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [1093256 2013-03-24] (Acronis)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [166024 2013-03-24] (Acronis)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [33048 2006-11-30] (X10 Wireless Technology, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U0 dmboot; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-09-01 01:58 - 2016-09-01 02:25 - 00000000 ____D C:\ProgramData\HitmanPro
2016-09-01 01:56 - 2016-09-01 01:57 - 11438608 _____ (SurfRight B.V.) C:\Users\M**\Desktop\HitmanPro_x64.exe
2016-08-31 19:21 - 2016-08-31 19:21 - 02870984 _____ (ESET) C:\Users\M**\Desktop\esetsmartinstaller_deu.exe
2016-08-31 18:46 - 2016-08-31 18:52 - 00004693 _____ C:\Users\M**\Desktop\Fixlog.txt
2016-08-31 16:55 - 2016-08-31 16:55 - 00000000 ____D C:\Users\M**\Desktop\FRST-OlderVersion
2016-08-31 11:55 - 2016-08-31 11:55 - 00171592 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave2.sys
2016-08-31 00:39 - 2016-08-31 00:40 - 03826240 _____ C:\Users\M**\Desktop\AdwCleaner_6.010.exe
2016-08-30 15:33 - 2016-08-31 00:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-30 12:30 - 2016-08-30 14:48 - 00229488 _____ C:\TDSSKiller.3.1.0.11_30.08.2016_12.30.44_log.txt
2016-08-30 12:27 - 2016-08-30 12:27 - 04747704 _____ (AO Kaspersky Lab) C:\Users\M**\Desktop\tdsskiller.exe
2016-08-30 02:21 - 2016-08-31 17:01 - 00058600 _____ C:\Users\M**\Desktop\Addition.txt
2016-08-30 02:20 - 2016-09-01 02:36 - 00032536 _____ C:\Users\M**\Desktop\FRST.txt
2016-08-30 02:20 - 2016-09-01 02:36 - 00000000 ____D C:\FRST
2016-08-30 02:08 - 2016-08-31 16:55 - 02397696 _____ (Farbar) C:\Users\M**\Desktop\FRST64.exe
2016-08-29 17:24 - 2016-08-29 17:24 - 00002311 _____ C:\Users\Public\Desktop\Efuah Ster aufrufen.lnk
2016-08-29 12:18 - 2016-08-29 12:20 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-29 12:18 - 2016-08-29 12:18 - 00001108 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-08-29 12:18 - 2016-08-29 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-08-29 12:18 - 2016-08-29 12:18 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-08-29 12:18 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-08-29 12:18 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-29 12:18 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-08-29 12:06 - 2016-08-29 12:09 - 22851472 _____ (Malwarebytes ) C:\Users\M**\Desktop\mbam-setup-2.2.1.1043.exe
2016-08-17 08:03 - 2016-07-08 17:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-17 08:03 - 2016-07-08 17:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-08-10 14:04 - 2016-08-02 16:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-10 14:04 - 2016-08-02 16:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-10 14:04 - 2016-08-02 08:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-10 14:04 - 2016-08-02 08:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-10 14:04 - 2016-08-02 08:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-10 14:04 - 2016-08-02 08:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-10 14:04 - 2016-08-02 08:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-10 14:04 - 2016-08-02 08:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-10 14:04 - 2016-08-02 08:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-10 14:04 - 2016-08-02 08:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-10 14:04 - 2016-08-02 08:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-10 14:04 - 2016-08-02 08:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-10 14:04 - 2016-08-02 08:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-10 14:04 - 2016-08-02 08:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-10 14:04 - 2016-08-02 08:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-10 14:04 - 2016-08-02 08:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-10 14:04 - 2016-08-02 08:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-10 14:04 - 2016-08-02 08:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-10 14:04 - 2016-08-02 08:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-10 14:04 - 2016-08-02 08:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-10 14:04 - 2016-08-02 08:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-10 14:04 - 2016-08-02 08:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-10 14:04 - 2016-08-02 08:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-10 14:04 - 2016-08-02 07:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-10 14:04 - 2016-08-02 07:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-10 14:04 - 2016-08-02 07:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-10 14:04 - 2016-08-02 07:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-10 14:04 - 2016-08-02 07:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-10 14:04 - 2016-08-02 07:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-10 14:04 - 2016-08-02 07:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-10 14:04 - 2016-08-02 07:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-10 14:04 - 2016-08-02 07:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-10 14:04 - 2016-08-02 07:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-10 14:04 - 2016-08-02 07:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-10 14:04 - 2016-08-02 07:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-10 14:04 - 2016-08-02 07:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-10 14:04 - 2016-08-02 07:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-10 14:04 - 2016-08-02 07:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-10 14:04 - 2016-08-02 07:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-10 14:04 - 2016-08-02 07:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-10 14:04 - 2016-08-02 07:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-10 14:04 - 2016-08-02 07:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-10 14:04 - 2016-08-02 07:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-10 14:04 - 2016-08-02 07:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-10 14:04 - 2016-08-02 07:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-10 14:04 - 2016-08-02 07:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-10 14:04 - 2016-08-02 07:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-10 14:04 - 2016-08-02 07:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-10 14:04 - 2016-08-02 07:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-10 14:04 - 2016-08-02 07:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-10 14:04 - 2016-08-02 07:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-10 14:04 - 2016-08-02 07:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-10 14:04 - 2016-08-02 07:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-10 14:04 - 2016-08-02 07:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-10 14:04 - 2016-08-02 07:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-10 14:04 - 2016-08-02 07:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-10 14:04 - 2016-08-02 07:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-10 14:04 - 2016-08-02 07:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-10 14:04 - 2016-08-02 07:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-10 14:04 - 2016-08-02 07:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-10 14:04 - 2016-08-02 07:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-10 14:04 - 2016-08-02 07:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-10 14:04 - 2016-08-02 06:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-10 14:04 - 2016-08-02 06:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-10 14:04 - 2016-08-02 06:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-10 14:04 - 2016-08-02 06:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-10 14:00 - 2016-07-08 17:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 14:00 - 2016-07-08 17:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-10 14:00 - 2016-07-08 17:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-10 14:00 - 2016-07-08 17:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-10 14:00 - 2016-07-08 17:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-10 14:00 - 2016-07-08 17:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-10 14:00 - 2016-07-08 17:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-10 14:00 - 2016-07-08 17:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-10 14:00 - 2016-07-08 16:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-10 14:00 - 2016-07-08 16:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-10 14:00 - 2016-07-08 16:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-10 14:00 - 2016-07-08 16:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-10 14:00 - 2016-07-08 16:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-10 14:00 - 2016-07-08 16:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-08-10 13:50 - 2016-07-08 17:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-09-01 02:35 - 2015-08-27 08:27 - 00000000 ____D C:\ProgramData\G Data
2016-09-01 02:26 - 2013-07-22 11:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-01 02:02 - 2012-09-24 12:29 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-01 01:31 - 2012-01-03 10:47 - 00000128 _____ C:\Windows\system32\config\netlogon.ftl
2016-08-31 22:22 - 2009-07-14 06:45 - 00027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-31 22:22 - 2009-07-14 06:45 - 00027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-31 19:26 - 2015-08-26 17:56 - 00000000 ____D C:\Users\M**\Documents\PhraseExpress
2016-08-31 18:56 - 2015-08-26 17:09 - 00000000 ____D C:\Users\M**\AppData\LocalLow\AuthenTec
2016-08-31 18:56 - 2011-12-09 01:20 - 00000000 ____D C:\ProgramData\Temp
2016-08-31 18:55 - 2012-09-24 12:29 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-31 18:55 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-31 13:16 - 2015-08-26 17:10 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1D933CB6-A4A6-4298-AAB9-4BE18F150CFA}
2016-08-31 11:55 - 2015-08-27 08:30 - 00074824 _____ (G DATA Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2016-08-31 11:55 - 2015-08-27 08:30 - 00037448 _____ (G DATA Software AG) C:\Windows\system32\Drivers\GDKBB64.sys
2016-08-31 11:55 - 2015-08-27 08:29 - 00255048 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2016-08-31 11:55 - 2015-08-27 08:29 - 00136264 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2016-08-31 11:54 - 2015-08-27 08:26 - 00000000 ____D C:\Program Files (x86)\G DATA
2016-08-31 00:59 - 2012-11-22 12:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-31 00:58 - 2015-08-26 19:16 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-08-31 00:58 - 2013-10-28 01:05 - 00000000 ____D C:\AdwCleaner
2016-08-31 00:58 - 2012-01-03 10:48 - 00003086 __RSH C:\ProgramData\ntuser.pol
2016-08-30 11:29 - 2015-08-26 17:10 - 00120672 _____ C:\Users\M**\AppData\Local\GDIPFONTCACHEV1.DAT
2016-08-30 10:40 - 2009-07-14 06:45 - 00433752 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-29 17:25 - 2013-08-11 09:49 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-29 17:24 - 2012-01-04 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Efuah
2016-08-29 01:27 - 2012-03-08 08:53 - 00003210 _____ C:\Windows\System32\Tasks\HPCeeScheduleFor**$
2016-08-29 01:27 - 2012-03-08 08:53 - 00000334 _____ C:\Windows\Tasks\HPCeeScheduleFor**$.job
2016-08-23 20:41 - 2015-08-29 18:24 - 00005821 _____ C:\Users\M**\AppData\Local\EmptySettings.xml
2016-08-18 16:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-18 14:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-08-09 08:07 - 2012-09-24 12:30 - 00002189 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-09 08:07 - 2012-09-24 12:30 - 00002177 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-04 08:38 - 2015-06-20 18:01 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-08-29 18:24 - 2016-08-23 20:41 - 0005821 _____ () C:\Users\M**\AppData\Local\EmptySettings.xml
2012-11-10 15:46 - 2013-06-07 09:18 - 0000227 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Einige Dateien in TEMP:
====================
C:\Users\M**_veraltet\AppData\Local\temp\jre-7u65-windows-i586-iftw.exe
C:\Users\M**_veraltet\AppData\Local\temp\jre-7u67-windows-i586-iftw.exe
C:\Users\M**_veraltet\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe
C:\Users\M**_veraltet\AppData\Local\temp\jre-8u31-windows-au.exe


Einige mit null Byte Größe Dateien/Ordner:
==========================
C:\Windows\SysWOW64\bdcore.dll

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-08-16 11:43

==================== Ende von FRST.txt ============================
         
--- --- ---

[/code]


Code:
ATTFilter
 
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 31-08-2016
durchgeführt von M** (01-09-2016 02:37:28)
Gestartet von C:\Users\M**\Desktop
Windows 7  Service Pack 1 (X64) (2011-12-30 12:52:09)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Admin (S-1-5-21-55981234-3424176865-3846576974-1000 -  - Enabled) => C:\Users\Admin
 (S-1-5-21-55981234-3424176865-3846576974-500 -  - Disabled)
Gast (S-1-5-21-55981234-3424176865-3846576974-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: G DATA Security CL (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA Security CL (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
ADAC Gebrauchtwagen 2010-2011 (HKLM-x32\...\{FB3FA4C6-98A3-41C0-8713-6BADBBCB4FBC}) (Version:  - )
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
AGX (HKLM-x32\...\tksuite_tksuite_CL) (Version: 4.3.19 - AGX GmbH & Co. KG)
AMD Catalyst Install Manager (HKLM\...\{0BD776F3-057D-4C11-020C-4FA9B13D04F9}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)
Ashampoo Snap 3.50 (HKLM-x32\...\Ashampoo Snap 3_is1) (Version: 3.5.0 - ashampoo GmbH & Co. KG)
AuthenTec TrueAPI (Version: 1.3.0.150 - AuthenTec, Inc.) Hidden
B1315AppGuid (x32 Version: 1.0.0 - VETUBY eG) Hidden
Brother MFL-Pro Suite MFC-8860DN (HKLM-x32\...\{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3243 - CDBurnerXP)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
AGELLOC K (HKLM-x32\...\{D3D88E2B-0853-4C17-8FAF-962D0A93D776}) (Version: 2.41.0.12 - Agelloc)
Agelloc K (HKLM-x32\...\Agelloc-K_is1) (Version: 2.0 - HSC GmbH Dürrweitzschen)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.835 - Corel Inc.)
CorelDRAW Graphics Suite 12 (HKLM-x32\...\{505AFDC0-5E72-4928-8368-5DEA385E3647}) (Version: 12.0.0.458 - Corel Corporation)
Crystal Reports Runtime XI (x32 Version: 1.0.9 - VETUBY eG) Hidden
VETUBY Infragistics Runtime V.3.2 (x32 Version: 3.2.0 - Infragistics, Inc.) Hidden
VETUBY-Installation V.3.7 (HKLM-x32\...\VETUBYB00000482.0) (Version:  - )
DFL7 ConfigDB (HKLM-x32\...\{C2644C5F-2469-438D-BDBF-E7ACF7C36EF4}) (Version: 7.1.7063.0 - VETUBY eG)
DFL7 Microkernel (HKLM-x32\...\{218F90D2-F8E3-4286-9299-BB7BBC8801C5}) (Version: 7.1.6271.0 - VETUBY eG)
Dialogseminar online V.3.02 (HKLM-x32\...\{E7A679C2-2A9C-4008-9CF9-178A6C13D923}) (Version: 10.2.8.2136 - iLinc Communications)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
eDocPrintPro (HKLM\...\{D3F786BC-45E0-4C05-8EF7-E17BC6058A5D}) (Version: 3.18.3 - MAY Computer)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.4.19695 - Landesfinanzdirektion Thüringen)
Firebird 2.1.5.18496 (x64) (HKLM\...\FBDBServer_2_1_x64_is1) (Version: 2.1.5.18496 - Firebird Project)
FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)
G Data Security CL (HKLM-x32\...\{7F07767B-0141-49E4-A850-5EAB7D08C2FA}) (Version: 13.2.0 - G DATA Software AG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
gs_x64 (HKLM\...\{4ED70939-4D42-48E4-B573-13E3B8B13ADF}) (Version: 9.06 - MAY-Computer)
Efuah Formular-Manager (x32 Version: 15.12.10.0010 - Efuah-Lexi
Efuah iDeskBrowser 2016 (x32 Version: 16.03.21.0105 - Efuah-Lexi
Efuah iDesk-Service (x32 Version: 16.02.21.0748 - Efuah-Lexi
Efuah Per Office Standard (HKLM-x32\...\{77777baa-39ce-4e69-abc7-bc53551f32da}) (Version: 20.4.0.0 - Efuah-Lexi)
Efuah Per Office Standard (x32 Version: 20.04.00.0000 - Efuah-Lexi
Efuah Ster (HKLM-x32\...\{c185c332-3cec-45ed-9611-199613282448}) (Version: 20.4.0.0 - Efuah-Lexi)
Efuah Ster (x32 Version: 20.04.00.0000 - Efuah-Lexi
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SimplePass PE 2011 (HKLM-x32\...\{9FECD1F1-4B1E-499D-BAF4-B9BDE655554D}) (Version: 5.3.0.282 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
Identive Cloud Smart Card Reader (HKLM-x32\...\{F476C0AA-80D6-481A-83FC-37763021C31F}) (Version: 1.02 - Identive)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections 15.7.176.0 (HKLM\...\PROSetDX) (Version: 15.7.176.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2253 - Intel Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
klickTel OEM Frühjahr 2010 (HKLM-x32\...\{AC172E9C-D9E6-4853-BEDB-FB6D72042F42}) (Version: 1.00.0000 - telegate MEDIA AG)
kobdfu x64x86 driver installation (x32 Version: 1.00.0000 - KOBIL Systems) Hidden
KOBIL CCID driver x64x86 (x32 Version: 1.013.02121 - KOBIL Systems) Hidden
Org 6.0 (HKLM-x32\...\Organizer V99.1) (Version:  - )
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 Primary Interop Assemblies (HKLM-x32\...\{90140000-1105-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1024 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - German/Deutsch (HKLM-x32\...\Office14.OMUI.de-de) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office   2010 (HKLM-x32\...\Office14.PROR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable - Language Pack - deu (HKLM-x32\...\{B2F21D11-631B-33C2-8E1A-73EA57FDFE33}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft ReportViewer 2010 SP1 Redistributable (KB2549864) (HKLM-x32\...\{1282C0BC-3B22-33D4-B72E-62922415DDCA}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005-Abwärtskompatibilität (HKLM\...\{36B72E6E-E433-45FC-A929-C416FF63415A}) (Version: 8.05.2004 - Microsoft Corporation)
Microsoft SQL Server Native CL (HKLM\...\{7C39E0D1-E138-42B1-B083-213EC2CF7692}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 48.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 de)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
Mozilla Thunderbird 45.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.2.0 (x86 de)) (Version: 45.2.0 - Mozilla)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{EBFC96E5-4409-426E-88B7-650ADB342E78}) (Version: 8.0.50727.42 - The Firebird Project)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nuance PDF Converter  (HKLM\...\{B625EA74-59BE-4F69-9400-357F453368FD}) (Version: 7.00.6403 - Nuance Communications, Inc)
NWB ReuetsXpert (HKLM-x32\...\{F713C6A9-AB4A-4332-9306-736C2F4F18B8}) (Version: 7.3.0 - Verlag Neue Wirtschafts-Briefe)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PhraseExpress v11.0.109 (HKLM-x32\...\PhraseExpress_is1) (Version: 11.0.109 - Bartels Media GmbH)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4222 - CyberLink Corp.) Hidden
Scansoft PDF  (x32 Version:  - ) Hidden
SCR3xxx Smart Card Reader (HKLM-x32\...\{17B0906A-26ED-45D0-B51B-83EF1AADCCFE}) (Version: 8.51 - Identive)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{F3E80B62-3C51-4940-A434-A1F517AB8D6A}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SPR532 SmartCard Reader V1.87 (HKLM-x32\...\{063368C4-1F03-46C7-92A8-9066AF67B372}) (Version: 1.87 - SCM Microsystems Inc.)
SQLXML4 (HKLM\...\{BFBF33B5-AEFE-454B-A189-DF5013028535}) (Version: 9.00.5000.00 - Microsoft Corporation)
Sun ODF Plugin for Microsoft Office 3.2 (HKLM-x32\...\{BD136CE7-6666-4273-A056-8D92F8625AAB}) (Version: 3.2.9483 - Sun Microsystems)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
True Image 2013 (HKLM-x32\...\{59F3D2AC-5F1F-4A93-8F23-6FD4F029D9A9}Visible) (Version: 16.0.5551 - Acronis)
True Image 2013 (x32 Version: 16.0.5551 - Acronis) Hidden
True Image 2013 Media Add-on (HKLM-x32\...\{91302AFA-15FA-4C92-9ADC-76A5048F634C}) (Version: 16.0.5023 - Acronis)
True Image 2013  Pack (HKLM-x32\...\{C408E706-94A7-454C-8B52-538AA6CBD0FB}) (Version: 16.0.5551 - Acronis)
Update System (HKLM-x32\...\{41EEA0F0-011B-11D5-8F68-005004538B1F}) (Version:  - )
VIP Access SDK (1.0.1.4)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.4 - Symantec Inc.)
Skov - Bts Edition (HKLM-x32\...\{9FAFEAEE-548F-4BBE-AE9E-7B298D42BC5A}) (Version: 26.0.99 - Skov GmbH)
Skov - Bts Edition (HKLM-x32\...\{CAD7F8D4-49C3-4101-BE7E-F1EEBF810AC2}) (Version: 24.001 - Skov GmbH)
Skov OS Upgrade (HKLM-x32\...\{EAA9023E-4091-4285-8BD5-F84D8E83469A}) (Version: 2.00.0000 - Skov GmbH)
VR (HKLM-x32\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version:  - )
WebUpdate - EtS (HKLM-x32\...\{C185AB5E-55CF-471D-8131-DAE00C13B326}) (Version: 18.007 - Skov GmbH)
WebUpdate - ELSTER (HKLM-x32\...\{E0ADF19F-E3D2-4B79-BE25-ACB56388E838}) (Version: 6.015 - Skov GmbH)
WebUpdate - Stammdaten (HKLM-x32\...\{C53D64C3-D000-4E57-A8D7-D138CBB70D91}) (Version: 7.012 - Skov GmbH)
WebUpdate-Reuetserklärungen (HKLM-x32\...\{B8719A77-EAE1-47CC-81C9-C6E4AE9470D9}) (Version: 91.60.00 - Skov GmbH)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0DBB0773-9214-4B13-BCDE-3016AC98D485} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-10] (Hewlett-Packard Company)
Task: {0DE3C3F8-4155-4244-AB39-80CF6EC89B32} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-03-20] (Oracle Corporation)
Task: {11CC6100-32D4-4072-BDA2-3AD804FF8D7D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {15D1D05B-40B7-4154-9BAA-895CB5EDBD8E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated)
Task: {2F1E5A16-80A2-4098-B47C-06C19334C2C1} - System32\Tasks\VETUBY eG\VETUBY Update-Monitor => C:\VETUBY\PROGRAMM\Install\DvInesASDMon.Exe [2015-09-15] (VETUBY eG)
Task: {483BCAEF-8A78-415E-8D24-62B9C3F1ADFE} - System32\Tasks\{A2BCF922-74F8-4BDA-A879-64B2EE7C1ADD} => C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE
Task: {4B701442-9B29-42D0-95DE-934F19F421CE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {514B7DCF-9FDA-429B-A57B-929E7F256F4E} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-25] ()
Task: {62FDCA39-E871-4D9F-A5D0-306F156CDDCD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-23] (Hewlett-Packard Company)
Task: {71C27071-F8FE-48C1-8852-6AB708865657} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {73EFD712-8788-4E62-BAAA-53CFB9E7E6AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {ACC468D1-9001-4574-80A7-9296C97E821B} - System32\Tasks\{2DEC486D-EE68-4562-9B69-FC100395545D} => pcalua.exe -a E:\Start.exe -d E:\
Task: {AE2218C5-293C-4750-9C54-0CFE21EBEE03} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-10] (Hewlett-Packard Company)
Task: {E1E4CF67-F4F1-4FBC-B5FC-5E6AA119E737} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {E5BCB62C-EB4E-4F2E-97A9-D77E54766D5D} - System32\Tasks\HPCeeScheduleFor**$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {FF1EE46A-163A-4A00-B6BB-B0CCECE66D7C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-10] (Hewlett-Packard Company)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleFor**$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\M**\Desktop\ruecksichern PhraseExpress von e nach c.lnk -> C:\BAT\einlese_PhraseExpress_M**.bat ()
Shortcut: C:\Users\M**\Desktop\sichern Mails von ** M**.lnk -> C:\BAT\sichern_Mails_**_nach_c.bat ()
Shortcut: C:\Users\M**\Desktop\Word VETUBY funktionierend.lnk -> C:\BAT\Word_VETUBY_funktionierend_**.bat ()
Shortcut: C:\Users\M**\Desktop\Word Makro funktionierend.lnk -> C:\BAT\Word_Makro_funktionierend_**.bat ()
Shortcut: C:\Users\M**\Desktop\rücksichern Programme Word und andere\rücksichern diverse Corel Formen Symbole auf **.lnk -> C:\BAT\einlese1_Corel_Formen_Datei_M**.bat ()
Shortcut: C:\Users\M**\Desktop\rücksichern Programme Word und andere\rücksichern Excel von e nach c nur Mustermappe.lnk -> C:\BAT\einlese1_Excel2010_M**.bat ()
Shortcut: C:\Users\M**\Desktop\rücksichern Programme Word und andere\rücksichern PhraseExpress von e nach c.lnk -> C:\BAT\einlese_PhraseExpress_M**.bat ()
Shortcut: C:\Users\M**\Desktop\rücksichern Programme Word und andere\rücksichern word von e nach c alles.lnk -> C:\BAT\einlese4_Word2010_M**.bat ()
Shortcut: C:\Users\M**\Desktop\rücksichern Programme Word und andere\rücksichern word von e nach c nur normal.dot.lnk -> C:\BAT\einlese8_Word2010_M**.bat ()

ShortcutWithArgument: C:\Users\Public\Desktop\Efuah Per Office Standard.lnk -> C:\Program Files (x86)\Efuah\iDesk\iDeskBrowser\hidb.exe (Efuah Gruppe) -> -splash \\res\\Efuah.bmp -new-window hxxp://127.0.0.1:38184/HR/PI51
ShortcutWithArgument: C:\Users\Public\Desktop\Efuah Ster aufrufen.lnk -> C:\Program Files (x86)\Efuah\iDesk\iDeskBrowser\hidb.exe (Efuah Gruppe) -> -splash \\res\\Efuah.bmp -new-window hxxp://127.0.0.1:38184/HR/PI19

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-07-03 20:02 - 2013-07-03 20:02 - 00012800 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\iDeskService.exe
2012-08-26 15:41 - 2005-04-22 13:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2011-11-09 23:10 - 2011-11-09 23:10 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-07-03 20:02 - 2013-07-03 20:02 - 00082432 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\pywintypes24.dll
2013-07-03 20:00 - 2013-07-03 20:00 - 00052224 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\DLLs\zlib.pyd
2013-07-03 20:02 - 2013-07-03 20:02 - 00029696 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Lib\site-packages\win32\win32process.pyd
2013-07-03 20:02 - 2013-07-03 20:02 - 00016896 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Lib\site-packages\win32\win32event.pyd
2013-07-03 20:00 - 2013-07-03 20:00 - 00037888 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\DLLs\_socket.pyd
2013-07-03 20:00 - 2013-07-03 20:00 - 00475136 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\DLLs\_ssl.pyd
2013-07-03 20:02 - 2013-07-03 20:02 - 00064512 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Lib\site-packages\win32\win32api.pyd
2013-07-03 20:02 - 2013-07-03 20:02 - 00017920 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Lib\site-packages\win32\win32evtlog.pyd
2013-07-03 20:02 - 2013-07-03 20:02 - 00027648 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Lib\site-packages\win32\servicemanager.pyd
2013-07-03 20:02 - 2013-07-03 20:02 - 00071680 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Lib\site-packages\win32\win32file.pyd
2013-07-03 20:02 - 2013-07-03 20:02 - 00018944 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Lib\site-packages\win32\win32pipe.pyd
2013-07-03 20:02 - 2013-07-03 20:02 - 00086528 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Lib\site-packages\win32\win32security.pyd
2013-07-03 20:02 - 2013-07-03 20:02 - 00036864 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Lib\site-packages\win32\win32service.pyd
2012-08-23 01:42 - 2012-08-23 01:42 - 00435584 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2016-04-14 10:52 - 2016-04-14 10:52 - 00017920 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\persistent.cPersistence.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00011264 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\persistent.TimeStamp.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00017920 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\persistent.cPickleCache.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00023040 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\Acquisition._Acquisition.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00017408 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\ExtensionClass._ExtensionClass.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00007680 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\ComputedAttribute._ComputedAttribute.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00024064 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\AccessControl.cAccessControl.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00010240 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\Record._Record.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00017408 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\DocumentTemplate.cDocumentTemplate.pyd
2013-07-03 20:00 - 2013-07-03 20:00 - 00124416 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\DLLs\pyexpat.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00049664 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\BTrees._OOBTree.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00051712 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\BTrees._OIBTree.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00053248 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\BTrees._IOBTree.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00053760 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\BTrees._IIBTree.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00008192 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\Persistence._Persistence.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00006656 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\MethodObject._MethodObject.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00008192 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\Missing._Missing.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00008704 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\MultiMapping._MultiMapping.pyd
2013-07-03 20:00 - 2013-07-03 20:00 - 00010240 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\DLLs\select.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00006656 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\ZODB.winlock.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00006144 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\Products.ZCTextIndex.stopper.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00007168 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\Products.ZCTextIndex.okascore.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00378368 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\_jpype.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00009728 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\TextIndexNG2\normalizer.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00010240 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\TextIndexNG2\indexsupport.pyd
2016-04-14 10:37 - 2016-04-14 10:37 - 00614912 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\osr32v10.dll
2016-04-14 10:52 - 2016-04-14 10:52 - 00052224 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\BTrees._fsBTree.pyd
2016-04-14 10:52 - 2016-04-14 10:52 - 00259072 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\M2Crypto.__m2crypto.pyd
2013-07-03 19:57 - 2013-07-03 19:57 - 00148480 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\SSLEAY32.dll
2013-07-03 19:57 - 2013-07-03 19:57 - 00825344 _____ () C:\Program Files (x86)\Efuah\iDesk\iDeskService\Zope\lib\python\LIBEAY32.dll
2015-04-23 17:09 - 2015-04-23 17:09 - 00182784 _____ () C:\VETUBY\PROGRAMM\RZKOMM\VETUBY.CC.BASECPP.DLL
2012-08-23 04:35 - 2012-08-23 04:35 - 13873200 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2012-08-23 04:31 - 2012-08-23 04:31 - 01590656 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\icudt38.dll
2012-07-24 15:48 - 2012-07-24 15:48 - 00012160 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll
2014-11-25 20:35 - 2014-11-25 20:35 - 00110120 ____N () C:\VETUBY\SYSTEM\DVCCSASCMTF001.dll
2012-01-03 23:34 - 2010-07-01 12:00 - 00050512 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo Snap 3\MouseHook.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\Temp:0574215C [512]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2013-10-31 02:21 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-3160997517-2106278152-2557221923-500\Control Panel\Desktop\\Wallpaper -> C:\Users\\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\Control Panel\Desktop\\Wallpaper -> C:\Users\*******\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3819896947-3942532061-1754202372-1140\Control Panel\Desktop\\Wallpaper -> C:\Users\Do**\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-55981234-3424176865-3846576974-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.199.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupreg: c:_program files (x86)_cor42 => C:\Program Files (x86)\Corel\Corel Graphics 12\Programs\CorUpd.exe /Watch /r="Software\Corel\CorelDRAW\12.0"
MSCONFIG\startupreg: CorelDRAW Graphics Suite 11b => C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=012712 serial=DR12WRX-0547867-QBY lang=DE

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [TCP Query User{294FAFF8-FA89-46CA-9877-ADCB4932A7D6}C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe] => (Block) C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe
FirewallRules: [UDP Query User{147CF546-3069-4A31-91A1-AFD5F2B44973}C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe] => (Block) C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe
FirewallRules: [TCP Query User{172A705F-D4EC-425A-AD7D-592910136FBA}C:\Vetuby\programm\b0000398\sipahost.exe] => (Block) C:\Vetuby\programm\b0000398\sipahost.exe
FirewallRules: [TCP Query User{D74D3D22-A67C-49D3-88DA-DD29C9189166}C:\Vetuby\programm\k0005000\arbeitsplatz.exe] => (Block) C:\Vetuby\programm\k0005000\arbeitsplatz.exe
FirewallRules: [UDP Query User{E7A77894-60EE-49D8-92FF-7FBB0E0DC942}C:\Vetuby\programm\k0005000\arbeitsplatz.exe] => (Block) C:\Vetuby\programm\k0005000\arbeitsplatz.exe
FirewallRules: [{60399911-0D3F-4CDF-93AA-D29B4B76CE9F}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [TCP Query User{1989F23E-EEC6-4C32-8A1C-DB48965D3248}C:\program files (x86)\g data\AVK\AVK.exe] => (Allow) C:\program files (x86)\g data\AVK\AVK.exe
FirewallRules: [UDP Query User{FBFB69C4-FD24-4694-BF88-55F5C8D80C95}C:\program files (x86)\g data\AVK\AVK.exe] => (Allow) C:\program files (x86)\g data\AVK\AVK.exe
FirewallRules: [TCP Query User{CB3DA784-F5F2-42B8-9B48-1404163C8673}C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe] => (Allow) C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe
FirewallRules: [UDP Query User{13A614C3-C210-4D7D-991A-2B01D8567868}C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe] => (Allow) C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe
FirewallRules: [TCP Query User{7A250F7E-99D6-4284-806C-686A61225A09}C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe] => (Block) C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe
FirewallRules: [UDP Query User{50B90E77-982F-4DE0-A22E-3F77B7BCDA09}C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe] => (Block) C:\Vetuby\programm\dfueisdn\sslclt\sslclt.exe
FirewallRules: [{5FE36310-BC20-435B-A3CF-84DC9BBF2C55}] => (Allow) C:\Program Files (x86)\PhraseExpress\PhraseExpress.exe
FirewallRules: [{63FA535F-4099-478D-B9E5-DE0EF0008B1B}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{579B7F4C-886F-42CA-9600-52F059AE44D4}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{7ABC9A6C-94E5-4BB1-AA12-2B10469123CD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{5F79A600-D361-4DC5-AAE7-65B4617C001D}C:\program files (x86)\g data\AVK\AVK.exe] => (Block) C:\program files (x86)\g data\AVK\AVK.exe
FirewallRules: [UDP Query User{F4213866-E334-440D-8949-2AE678CFA679}C:\program files (x86)\g data\AVK\AVK.exe] => (Block) C:\program files (x86)\g data\AVK\AVK.exe
FirewallRules: [{B9F034D3-BD88-4C77-8D14-3FEA6194AAA4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F171416D-5986-449F-B038-C98064509925}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{20F374D8-DF3B-4B5E-89B9-F0AD2C525054}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{19D1B3CB-745D-4412-8C18-10558755543D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{2D4F9BA8-56A2-4658-B0A8-AE0B3FCA1F0A}] => (Allow) C:\Program Files (x86)\PhraseExpress\PhraseExpress.exe
FirewallRules: [TCP Query User{388CBB47-AB58-456D-A75D-73B5DEDD66E6}C:\Vetuby\programm\sws\limaservice.exe] => (Allow) C:\Vetuby\programm\sws\limaservice.exe
FirewallRules: [UDP Query User{1F13A023-F582-400D-BE0C-53DFA4FE9725}C:\Vetuby\programm\sws\limaservice.exe] => (Allow) C:\Vetuby\programm\sws\limaservice.exe
FirewallRules: [{126432FB-4688-4F2E-8FE3-2A0D62994F66}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{E1F0428B-9E44-493C-92FA-F41264C4A67E}] => (Allow) C:\VETUBY\PROGRAMM\B0000398\SiPaHost.exe
FirewallRules: [{7199394B-5771-40BF-BB82-F8A5BE963554}] => (Allow) C:\VETUBY\PROGRAMM\B0000391\Vetuby.Security.Dokumentenschutz.exe
FirewallRules: [{BE7081D3-D782-42B1-9B95-AFBF7506D670}] => (Allow) C:\Program Files\TightVNC\tvnserver.exe
FirewallRules: [TCP Query User{D96180A0-7519-4C09-931A-30E42300B4EF}C:\program files (x86)\g data\AVK\AVK.exe] => (Allow) C:\program files (x86)\g data\AVK\AVK.exe
FirewallRules: [UDP Query User{574C5855-8FEA-4F92-B38C-9279A9CF9A0B}C:\program files (x86)\g data\AVK\AVK.exe] => (Allow) C:\program files (x86)\g data\AVK\AVK.exe
FirewallRules: [{3031FE58-FE1C-4F10-8B0A-0C83C21265FE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{785C587A-ADA1-49D3-9697-3948864FF7DA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7077CE7F-BBDC-470E-95BD-AB40E3928392}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{280FED29-87AA-4F47-ADB6-9CCE4428993C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BA3CFF32-B061-41CD-B233-EF9B30014090}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{627B4C30-B2CE-4F74-B86A-624210550351}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{68B01066-3D5A-4CEC-9416-D0DBB848D608}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{6EF12444-F1AC-4278-BD66-B16500A1E854}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{E87D25BF-70BC-4F87-A867-C70AB7410CCC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4AA6A2EF-72D0-40C5-89EE-CC0E160175C4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B60D5699-595E-47E6-9081-BCE748303D83}] => (Allow) C:\VETUBY\PROGRAMM\RWAPPLIC\Vetuby.Irw.Managed.ServiceProvider.exe
FirewallRules: [{2851787F-8D86-45D7-8D6E-6E2EFF90E6A2}] => (Allow) C:\VETUBY\PROGRAMM\RWAPPLIC\Vetuby.Irw.Managed.ServiceProvider.exe
FirewallRules: [{54E70833-8730-4982-B4C6-EDB16C9E309C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\VETUBY\PROGRAMM\NUMZUS\NumZus.exe] => Enabled:NumZus.exe
DomainProfile\AuthorizedApplications: [C:\VETUBY\PROGRAMM\RWAPPLIC\Vetuby.Irw.Managed.ServiceProvider.exe] => Enabled:VETUBY IRW ServiceProvider
DomainProfile\AuthorizedApplications: [C:\VETUBY\SYSTEM\DvpExe.exe] => Enabled:DvpExe.exe
DomainProfile\AuthorizedApplications: [C:\VETUBY\SYSTEM\DcomSrv.exe] => Enabled:DcomSrv.exe
DomainProfile\AuthorizedApplications: [C:\VETUBY\PROGRAMM\TNADNAM\Tnadnam.exe] => Enabled:Tnadnam.exe
StandardProfile\AuthorizedApplications: [C:\VETUBY\PROGRAMM\NUMZUS\NumZus.exe] => Enabled:NumZus.exe
StandardProfile\AuthorizedApplications: [C:\VETUBY\PROGRAMM\RWAPPLIC\Vetuby.Irw.Managed.ServiceProvider.exe] => Enabled:VETUBY IRW ServiceProvider
StandardProfile\AuthorizedApplications: [C:\VETUBY\SYSTEM\DvpExe.exe] => Enabled:DvpExe.exe
StandardProfile\AuthorizedApplications: [C:\VETUBY\SYSTEM\DcomSrv.exe] => Enabled:DcomSrv.exe
StandardProfile\AuthorizedApplications: [C:\VETUBY\PROGRAMM\TNADNAM\Tnadnam.exe] => Enabled:Tnadnam.exe

==================== Wiederherstellungspunkte =========================

16-08-2016 08:35:34 Windows Update
17-08-2016 17:56:51 Windows Update
23-08-2016 08:00:17 Windows Update
23-08-2016 20:42:02 Windows Update
28-08-2016 09:36:49 Windows Update
29-08-2016 17:04:39 Efuah Ster
29-08-2016 17:25:29 Efuah Ster

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
Prozentuale Nutzung des RAM: 55%
Installierter physikalischer RAM: 4054.03 MB
Verfügbarer physikalischer RAM: 1817.32 MB
Summe virtueller Speicher: 8106.25 MB
Verfügbarer virtueller Speicher: 5123.63 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:458.5 GB) (Free:328.35 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B089906B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=458.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=7.2 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         

Gruß R.

Alt 01.09.2016, 14:07   #11
M-K-D-B
/// TB-Ausbilder
 
Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB - Standard

Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB



Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.





Cleanup:
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
Hinweis:
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.





Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:
Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.





Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.




Optional:
Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.
NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .




Abschließend noch ein paar grundsätzliche Bemerkungen:
  • Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
  • Lade keine Software von Chip, Softonic oder SourceForge. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software oder Adware installiert.
  • Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Selbst Microsoft unterstützt sog. Registry-Cleaner nicht. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.




Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 03.09.2016, 14:06   #12
spartaner007
 
Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB - Standard

Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB



Servus Matthias,
es hat alles ausgezeichnet geklappt. Vielen Dank für Deine Hilfe und Deine wertvollen Hinweise.
Gruß R.

Alt 03.09.2016, 17:34   #13
M-K-D-B
/// TB-Ausbilder
 
Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB - Standard

Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB



Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Antwort

Themen zu Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB
appdata, cmd, code, datei, erkannt, explorer, festgestellt, file, internet, internet explorer, mail, mbam, microsoft, programm, quarantäne, roaming, scan, scanner, service, software, version, virus, websites, windows, windows 7



Ähnliche Themen: Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB


  1. Trojan.GenericKD.303283 und TeslaCrypt 3 - besteht ein Zusammenhang?
    Plagegeister aller Art und deren Bekämpfung - 11.02.2016 (1)
  2. Win 7: Trojaner entdeckt: trojan.genericKD.2180047 (B)
    Log-Analyse und Auswertung - 03.02.2016 (23)
  3. Windows 7: Trojan.GenericKD.2460578 (B) gefunden
    Log-Analyse und Auswertung - 05.06.2015 (10)
  4. Trojan.GenericKD.2269178 (B) + Trojan.Generic.13051484 (B) + Trojan.Generic.12905642 (B)
    Log-Analyse und Auswertung - 10.04.2015 (12)
  5. Trojan.GenericKD.1991409
    Plagegeister aller Art und deren Bekämpfung - 11.12.2014 (3)
  6. Win 8.1: Virusfund Trojan.GenericKD.2011851 (Engine A)
    Plagegeister aller Art und deren Bekämpfung - 07.12.2014 (4)
  7. Viren : Trojan.GenericKD.1843822 - Gen:Variant.Adware.BHO.Agent.4 - Trojan.Ciusky.Gen.13
    Plagegeister aller Art und deren Bekämpfung - 08.09.2014 (3)
  8. W 8.1,Trojaner kann von mir nicht entfernt werden.Virus: Trojan.GenericKD.1673711 (Engine A),Virus: Win32.Trojan.Pirpi.A (Engine B)
    Plagegeister aller Art und deren Bekämpfung - 21.08.2014 (3)
  9. Trojan.GenericKD.942439 / Trojan.GenericKD.1305731 u.a.
    Log-Analyse und Auswertung - 11.07.2014 (19)
  10. Win 8: Virusfund Trojan.GenericKD 1687892 (Engine A)
    Plagegeister aller Art und deren Bekämpfung - 03.06.2014 (3)
  11. WIN 7: Virusfund Trojan.GenericKD.1631929 (Engine A)
    Plagegeister aller Art und deren Bekämpfung - 08.04.2014 (3)
  12. Bitdefender meldet Trojan.GenericKD.1440205
    Log-Analyse und Auswertung - 16.01.2014 (12)
  13. Desinfizierung durch Kaspersky nicht möglich: Trojan.Win32.Bromngr.k, HEUR:Trojan.Win32.Generic, Trojan-Downloader.Win32.MultiDL.I
    Plagegeister aller Art und deren Bekämpfung - 28.11.2013 (1)
  14. Trojan.Downloader, Trojan.Agent.VGENX, Trojan.Agent, PUP.Pantsoff.PasswordFinder, TR/spy.banker.gen5
    Log-Analyse und Auswertung - 27.10.2012 (1)
  15. Trojan.Dropper & Trojan.FakeAlert & Trojan.Downloader
    Plagegeister aller Art und deren Bekämpfung - 14.10.2012 (17)
  16. Trojan.Vundo/Trojan.Downloader/Trojan.Agent/Malware.Trace
    Plagegeister aller Art und deren Bekämpfung - 02.08.2008 (2)
  17. HILFEEEE!!!trojan-downloader-ruin, trojan-downloader-wareout
    Log-Analyse und Auswertung - 16.09.2005 (1)

Zum Thema Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB - Hallo ..., mein Virenprogramm hat o.g. Virus und andere Viren festgestellt und in die Quarantäne verlagert. GData-Protokoll: Code: Alles auswählen Aufklappen ATTFilter <?xml version="1.0" encoding="utf-8" ?> - <report> - <row> - Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB...
Archiv
Du betrachtest: Trojan.GenericKD.3400292, Trojan.JS.Downloader.DRB auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.