Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.03.2015, 15:58   #1
team
 
bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt - Standard

bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt



Hallo, ich brauche dringend Hilfe. Seit ein paar Tagen habe ich Probleme mit Mozilla Firefox.

Beim Öffnen einer Seite werden im Hintergrund noch andere Werbeseiten geöffnet. Es erscheinen auf dem Bildschirm oben, unten überall Werbebanner. Klickt man eins weg, kommen 2 neue dazu. Verschiedene Wörter sind verlinkt.

Ich habe schon versucht Mozilla zu deinstallieren und neu zu laden, bringt nichts. Auch Kaspersky sagt: "Alles in Ordnung"

Ich hoffe, es kann mir jemand helfen.

Ich arbeite mit Windows 7

Grüße von team

Alt 13.03.2015, 16:08   #2
schrauber
/// the machine
/// TB-Ausbilder
 

bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt - Standard

bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 13.03.2015, 16:41   #3
team
 
bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt - Standard

bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Zeeh (administrator) on ZEEH-PC on 13-03-2015 16:36:09
Running from C:\Users\Zeeh\Downloads
Loaded Profiles: Zeeh (Available profiles: Zeeh)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\stacsv64.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\lexware\Update Service\Hmg.InstallationService.Service.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(syncables, LLC) C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\lexware\Update Manager\LxUpdateManager.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVM Berlin) C:\Users\Zeeh\AppData\Local\Apps\2.0\5H6GP0O6.A8T\ODMZ84MY.LH2\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Zeeh\Downloads\FRST64 (1).exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-27] (IDT, Inc.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [391240 2010-12-06] (Acronis)
HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-08-10] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-11-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-27] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-20] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [SAOB Monitor] => C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2570688 2010-11-16] (Acronis)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5583056 2011-02-01] (Acronis)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [gmsd_de_100] => [X]
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [196648 2014-09-26] (Haufe-Lexware GmbH & Co. KG)
HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\Run: [Syncables] => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-04-05] (syncables, LLC)
HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\Run: [AVMUSBFernanschluss] => C:\Users\Zeeh\AppData\Local\Apps\2.0\5H6GP0O6.A8T\ODMZ84MY.LH2\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe [139264 2012-12-30] (AVM Berlin)
HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\MountPoints2: {57f77034-4961-11e0-a795-20cf3034dee3} - F:\pushinst.exe
HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\MountPoints2: {5e559f93-2703-11e4-a630-20cf3034dee3} - F:\AutoRun.exe
HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\MountPoints2: {5e559fa8-2703-11e4-a630-20cf3034dee3} - F:\AutoRun.exe
HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\MountPoints2: {96a42350-32ce-11e4-b766-20cf3034dee3} - F:\AutoRun.exe
HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\MountPoints2: {e545f6fa-82c3-11e0-9637-20cf3034dee3} - F:\unlock.exe autoplay=true
Startup: C:\Users\Zeeh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1571306010-3709694829-1092883663-1000 -> {393DB63D-0E30-47F8-9F47-71AA303F4DE0} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1571306010-3709694829-1092883663-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
Toolbar: HKU\S-1-5-21-1571306010-3709694829-1092883663-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{71D837ED-CC19-43D6-85CD-C31CF2544AFB}: [NameServer] 10.28.253.1
Tcpip\..\Interfaces\{7C558398-EC4A-4217-8340-B8175260889E}: [NameServer] 10.74.210.210 10.74.210.211
Tcpip\..\Interfaces\{EA51E0A4-6976-447B-9AFB-E271A9B20C96}: [NameServer] 10.74.210.210 10.74.210.211

FireFox:
========
FF ProfilePath: C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default
FF Homepage: google.de
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Windows\SysWOW64\npdeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-01] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-01] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-01] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Extension: Zoom It - C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default\Extensions\{0764a0ce-f1cd-bfde-f03f-927441535690} [2015-03-13]
FF Extension: PageRank Client - C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default\Extensions\pagerank-client@koeniglich.ch.xpi [2012-04-04]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-05-10]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-01]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-01]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-01]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR Profile: C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-12]
CHR Extension: (Google Docs) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-12]
CHR Extension: (Google Drive) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-12]
CHR Extension: (YouTube) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-12]
CHR Extension: (Google Search) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-12]
CHR Extension: (Kaspersky Protection) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-03-12]
CHR Extension: (Google Sheets) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-12]
CHR Extension: (Gmail) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-12]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S2 c4791e60; c:\Program Files (x86)\PragmaInit\PragmaInit.dll [1682944 2015-02-06] () [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 ICM_UpdaterService; C:\Program Files (x86)\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe [204883 2011-03-18] () [File not signed]
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [671744 2013-02-05] () [File not signed]
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [64552 2014-10-02] (Haufe-Lexware GmbH & Co. KG)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
R2 MSSQL$JTLWAWI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe [243712 2009-11-27] (IDT, Inc.)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116480 2012-12-30] (AVM Berlin)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [85048 2009-12-14] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66104 2009-12-14] (Infowatch)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [245248 2013-04-10] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-01-01] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-01-01] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-08-12] ()
S3 SoehnleComfort; C:\Windows\System32\Drivers\SoehnleComfort_x64.sys [38400 2011-04-20] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S3 cpuz134; \??\C:\Users\Zeeh\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-13 16:20 - 2015-03-13 16:20 - 02095616 _____ (Farbar) C:\Users\Zeeh\Downloads\FRST64 (1).exe
2015-03-13 16:19 - 2015-03-13 16:21 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-03-13 16:19 - 2015-03-13 16:19 - 28598072 _____ (TuneUp Software) C:\Users\Zeeh\Downloads\TuneUpUtilities2014_de-DE.exe
2015-03-13 16:19 - 2015-03-13 16:19 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-03-13 08:45 - 2015-03-13 08:45 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-13 08:45 - 2015-03-13 08:45 - 00001113 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-13 08:45 - 2015-03-13 08:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-13 08:44 - 2015-03-13 08:45 - 40824144 _____ () C:\Users\Zeeh\Downloads\Firefox_Setup_36.0.1.exe
2015-03-12 19:17 - 2015-03-12 19:17 - 00002213 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-12 19:15 - 2015-03-13 16:20 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-12 19:15 - 2015-03-13 07:37 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-12 19:15 - 2015-03-12 19:15 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-12 19:15 - 2015-03-12 19:15 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-12 19:11 - 2015-03-12 19:11 - 00880208 _____ (Google Inc.) C:\Users\Zeeh\Downloads\ChromeSetup (1).exe
2015-03-12 12:36 - 2015-03-12 12:36 - 02171392 _____ () C:\Users\Zeeh\Downloads\adwcleaner_4.112.exe
2015-03-11 20:23 - 2015-03-11 20:23 - 00032768 _____ () C:\Windows\SysWOW64\persistent_q.db-shm
2015-03-11 20:23 - 2015-03-11 20:23 - 00003176 _____ () C:\Windows\SysWOW64\persistent_q.db-wal
2015-03-11 20:23 - 2015-03-11 20:23 - 00001024 _____ () C:\Windows\SysWOW64\persistent_q.db
2015-03-11 15:12 - 2015-03-11 15:12 - 02367242 _____ () C:\Users\Zeeh\Desktop\froogle.txt
2015-03-11 08:17 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 08:17 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 08:17 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 08:17 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 08:17 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 08:17 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 08:17 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 08:17 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 08:17 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 08:17 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 08:17 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 08:17 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 08:17 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 08:17 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 08:17 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 08:17 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 08:17 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 08:17 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 08:17 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 08:17 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 08:17 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 08:17 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 08:17 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 08:17 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 08:17 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 08:17 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 08:17 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 08:17 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 08:17 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 08:17 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 08:17 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 08:17 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 08:16 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 08:16 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 08:15 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 08:15 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 08:15 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 08:15 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 08:15 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 08:15 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 08:15 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 08:15 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 08:15 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 08:15 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 08:15 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 08:15 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 08:15 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 08:15 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 08:15 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 08:15 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 08:15 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 08:15 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 08:15 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 08:15 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 08:15 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 08:15 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 08:15 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 08:15 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 08:15 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 08:15 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 08:15 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 08:15 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 08:15 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 08:15 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 08:15 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 08:15 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 08:15 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 08:15 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 08:15 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 08:15 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 08:15 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 08:15 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 08:15 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 08:15 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 08:15 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 08:15 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 08:15 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 08:15 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 08:15 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 08:15 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 08:15 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 08:15 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 08:15 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 08:15 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 08:15 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 08:15 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 08:15 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 08:15 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 08:15 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 08:15 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 08:15 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 08:15 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 08:15 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 08:15 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 08:15 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 08:15 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 08:15 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 08:15 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 08:15 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 08:15 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 08:15 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 08:15 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 08:15 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 08:15 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 08:15 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 08:15 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 08:15 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 08:15 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 08:15 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 08:15 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 08:15 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 08:15 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 08:15 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-08 16:25 - 2015-03-08 16:25 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-08 16:24 - 2015-03-08 16:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Zeeh\Downloads\revosetup95.exe
2015-03-08 16:20 - 2015-03-13 16:36 - 00023714 _____ () C:\Users\Zeeh\Downloads\FRST.txt
2015-03-08 16:19 - 2015-03-13 16:36 - 00000000 ____D () C:\FRST
2015-03-08 16:19 - 2015-03-08 16:19 - 02095104 _____ (Farbar) C:\Users\Zeeh\Downloads\FRST64.exe
2015-03-07 22:41 - 2015-03-07 22:41 - 00093359 _____ () C:\Users\Zeeh\Downloads\Invoice_Jan-16-15_Feb-15-15.csv
2015-03-06 17:33 - 2015-03-12 15:29 - 00000000 ____D () C:\AdwCleaner
2015-03-06 09:25 - 2015-03-13 08:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-02 11:58 - 2015-03-02 11:58 - 00029696 _____ () C:\Users\Zeeh\Documents\froogle.xls
2015-03-01 13:15 - 2015-03-13 09:02 - 00017869 _____ () C:\Users\Zeeh\Desktop\Artesano-Wollliste.xlsx
2015-03-01 13:15 - 2015-03-02 12:01 - 00018899 _____ () C:\Users\Zeeh\Documents\Artesano-Wollliste.xlsx
2015-02-26 07:40 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-26 07:40 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-26 07:40 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-26 07:40 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-26 07:36 - 2015-02-26 07:38 - 00000000 ____D () C:\Program Files (x86)\Bookmark Search
2015-02-25 19:50 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 19:50 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-16 08:35 - 2015-03-11 16:41 - 00000000 ____D () C:\Users\Zeeh\Documents\DHL-Reklamationen
2015-02-12 18:35 - 2015-02-19 11:15 - 00025921 _____ () C:\Windows\system32\ScanResults.xml
2015-02-12 18:31 - 2015-02-19 11:12 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2015-02-11 08:49 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 08:49 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 08:49 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 08:49 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 08:49 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 08:49 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 08:49 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 08:49 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 08:47 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 08:47 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 08:47 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 08:47 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 08:47 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 08:47 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 08:47 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-13 16:31 - 2015-01-20 14:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-13 15:42 - 2010-08-10 22:48 - 01479133 _____ () C:\Windows\WindowsUpdate.log
2015-03-13 11:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-03-13 10:23 - 2011-01-01 17:18 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-13 09:23 - 2011-01-03 04:41 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1B35FCC2-2D8D-4E4D-A77B-606E14FE5BEB}
2015-03-13 09:01 - 2014-01-14 14:21 - 00258149 _____ () C:\Users\Zeeh\Desktop\Bestandsliste Perfect Petzzz.xlsx
2015-03-13 08:21 - 2010-12-30 23:10 - 00000000 ____D () C:\Users\Zeeh\AppData\Roaming\SoftGrid Client
2015-03-13 08:16 - 2013-07-19 08:51 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine Kaden
2015-03-13 07:42 - 2009-07-14 05:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-13 07:42 - 2009-07-14 05:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-13 07:38 - 2015-01-23 08:59 - 00082910 _____ () C:\Windows\avmacc.log
2015-03-13 07:37 - 2011-01-01 14:23 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2015-03-13 07:33 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-13 07:32 - 2015-01-23 08:57 - 00005499 _____ () C:\Windows\setupact.log
2015-03-13 07:32 - 2015-01-23 08:56 - 00016406 _____ () C:\Windows\PFRO.log
2015-03-12 19:17 - 2010-08-10 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-12 19:17 - 2010-08-10 23:12 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-12 18:26 - 2010-12-31 14:43 - 00000000 ____D () C:\ProgramData\Lexware
2015-03-12 15:52 - 2010-12-30 22:33 - 00000000 ____D () C:\Users\Zeeh\AppData\Local\Google
2015-03-12 15:50 - 2011-03-09 08:42 - 00000000 ____D () C:\Users\Zeeh\AppData\Local\Deployment
2015-03-12 11:55 - 2010-08-10 23:45 - 00002476 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-03-12 11:49 - 2010-08-10 23:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-12 11:22 - 2010-12-31 14:44 - 00000000 ____D () C:\Program Files (x86)\lexware
2015-03-12 11:22 - 2010-12-31 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2015-03-12 11:15 - 2010-08-10 23:08 - 00000000 ____D () C:\ProgramData\CyberLink
2015-03-12 10:42 - 2010-08-10 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2015-03-12 10:42 - 2010-08-10 23:13 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-03-12 08:31 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-12 08:29 - 2015-01-23 08:56 - 00307104 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 08:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 08:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 20:17 - 2013-07-14 10:08 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 20:01 - 2011-01-09 17:52 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 15:23 - 2013-12-08 08:49 - 00017082 _____ () C:\Users\Zeeh\Desktop\monatliche Kosten.xlsx
2015-03-11 13:11 - 2014-05-26 10:47 - 00015671 _____ () C:\Users\Zeeh\Desktop\Bestellschein PerfectPetzzz EUR.xlsx
2015-03-11 13:07 - 2013-11-06 14:20 - 00036720 _____ () C:\Users\Zeeh\Desktop\Bestellformular Beleduc.xlsx
2015-03-11 07:55 - 2014-08-20 18:04 - 00819896 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-03-10 10:31 - 2009-08-04 10:51 - 00715658 _____ () C:\Windows\system32\perfh007.dat
2015-03-10 10:31 - 2009-08-04 10:51 - 00156312 _____ () C:\Windows\system32\perfc007.dat
2015-03-10 10:31 - 2009-07-14 06:13 - 01660372 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-10 10:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-09 18:41 - 2013-05-10 16:31 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine SUN
2015-03-08 16:40 - 2012-04-29 20:52 - 00000000 ____D () C:\Program Files (x86)\CEWE COLOR
2015-03-06 17:36 - 2011-01-01 15:11 - 00000000 ____D () C:\Windows\system32\log
2015-03-04 17:29 - 2015-01-22 11:05 - 00012247 _____ () C:\Users\Zeeh\Documents\Antje-Lohn.xlsx
2015-02-27 07:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-26 08:49 - 2011-01-01 17:17 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-02-26 08:30 - 2013-05-10 16:33 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine Rülke
2015-02-25 07:49 - 2013-05-10 16:33 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine SINA
2015-02-24 17:15 - 2013-03-16 21:20 - 00000000 ____D () C:\Users\Zeeh\Desktop\Bilder
2015-02-23 17:41 - 2011-05-20 21:20 - 00068744 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2015-02-23 13:47 - 2011-03-05 18:38 - 00017150 _____ () C:\Users\Zeeh\Documents\Darlehen.xlsx
2015-02-23 12:06 - 2011-02-14 08:52 - 00000000 __RSD () C:\Users\Zeeh\Documents\My Stationery
2015-02-23 08:56 - 2013-06-03 08:47 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine Uniwood
2015-02-18 16:06 - 2012-07-10 07:57 - 00000000 ____D () C:\Users\Zeeh\AppData\Roaming\FileZilla
2015-02-16 11:02 - 2010-08-10 23:45 - 00001728 _____ () C:\Windows\system32\ServiceFilter.ini
2015-02-16 11:01 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-13 21:05 - 2015-01-27 09:26 - 00032768 _____ () C:\Windows\system32\persistent_q.db-shm
2015-02-13 21:05 - 2015-01-27 09:26 - 00012608 _____ () C:\Windows\system32\persistent_q.db-wal
2015-02-12 10:03 - 2015-01-15 18:29 - 00262144 _____ () C:\Windows\system32\config\elam
2015-02-11 20:12 - 2014-12-11 05:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 20:12 - 2014-05-06 19:58 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== Files in the root of some directories =======

2015-02-06 09:17 - 2015-02-06 09:17 - 0000020 _____ () C:\Users\Zeeh\AppData\Roaming\appdataFr3.bin
2012-12-30 13:11 - 2012-12-30 13:11 - 0017408 _____ () C:\Users\Zeeh\AppData\Local\WebpageIcons.db
2010-08-10 23:16 - 2009-12-24 13:38 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-08-10 23:09 - 2010-08-10 23:10 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-08-10 23:09 - 2010-08-10 23:09 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some content of TEMP:
====================
C:\Users\Zeeh\AppData\Local\Temp\Quarantine.exe
C:\Users\Zeeh\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Zeeh\AppData\Local\Temp\sqlite3.dll
C:\Users\Zeeh\AppData\Local\Temp\System.Data.SQLite.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 12:19

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Leider kann ich die addition.txt nicht finden
__________________

Alt 14.03.2015, 09:29   #4
schrauber
/// the machine
/// TB-Ausbilder
 

bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt - Standard

bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt



FRST öffnen, Haken setzen bei Addition und scannen, poste bitte nur die Addition.txt.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.03.2015, 19:05   #5
team
 
bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt - Standard

bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Zeeh at 2015-03-14 19:01:57
Running from C:\Users\Zeeh\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Acronis*True*Image*Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6696 - Acronis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\{1F5E5F2E-5E61-431D-B796-58CCC6B68E28}) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.27 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS USB2.0 UVC VGA WebCam (HKLM\...\ASUS USB2.0 UVC VGA WebCam) (Version: 5.8.53120.202 - Sonix)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ATI Catalyst Install Manager (HKLM\...\{80AB4395-42E3-D0B3-A310-6F0A6BD9709B}) (Version: 3.0.750.0 - ATI Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0001 - ASUS)
Body Balance Comfort Select Software (HKLM-x32\...\{74B92B80-C11A-4DD0-884C-A532B788C2D4}) (Version: 1.0.0 - Leifheit AG)
Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
Brother MFL-Pro Suite DCP-9055CDN (HKLM-x32\...\{979742CC-2CBB-49D8-9BEE-C2F7875F5393}) (Version: 1.1.5.0 - Brother Industries, Ltd.)
ccc-core-static (x32 Version: 2009.1111.1543.28169 - ATI) Hidden
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version:  - )
Express Rip (HKLM-x32\...\ExpressRip) (Version: 1.94 - NCH Software)
Fahrtenbuch.net 1.5.12 (HKLM-x32\...\Fahrtenbuch.net_is1) (Version:  - COMputer.INTernet.SOftware Tobias Schiek)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
FileZilla Client 3.2.7.1 (HKLM-x32\...\FileZilla Client) (Version: 3.2.7.1 - )
FRITZ!Box USB-Fernanschluss (HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\f018cf21c0452c64) (Version: 2.3.0.2 - AVM Berlin)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6259.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
Internet Manager (HKLM-x32\...\Internet Manager) (Version: 22.001.18.76.55 - Huawei Technologies Co.,Ltd)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version:  - )
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
Lexware Abschreibungsrechner (x32 Version: 14.00.00.0004 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware büro easy 2015 (x32 Version: 28.02.00.0197 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware büro easy plus 2015 (HKLM-x32\...\{3eadd447-88bd-45e6-8410-0b31dcad2556}) (Version: 28.0.0.132 - Haufe-Lexware GmbH & Co.KG)
Lexware Elster (x32 Version: 15.00.00.0056 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Info Service (x32 Version: 5.00.00.0044 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Installations Dienst (x32 Version: 4.00.00.0008 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware online banking (x32 Version: 22.02.00.0040 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware PDF-Export 5 (x32 Version: 5.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Sepa Check (x32 Version: 1.00.00.0003 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Zeiterfassung (x32 Version: 28.00.00.0003 - Haufe-Lexware GmbH & Co.KG) Hidden
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7C39E0D1-E138-42B1-B083-213EC2CF7692}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Samsung Networking Wizard (HKLM-x32\...\{0C485220-4029-48E7-9F27-965DA4A78D5E}) (Version: 1.1.11052.2 - Samsung Electronics Co., Ltd. )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2000.0 - SAMSUNG Electronics Co., Ltd.)
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SolidWorks eDrawings 2011 (HKLM-x32\...\{9402DAC1-447E-49C9-979D-BD5838E709D7}) (Version: 11.4.113 - Dassault Systèmes SolidWorks Corp.)
syncables desktop SE (HKLM-x32\...\{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}) (Version: 5.5.615.9518 - syncables)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM-x32\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Windows Live Anmelde-Assistent (HKLM-x32\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

06-03-2015 08:59:42 Geplanter Prüfpunkt
08-03-2015 16:28:02 Revo Uninstaller's restore point - Smileyville FREE
08-03-2015 16:31:40 Revo Uninstaller's restore point - Piggly FREE
08-03-2015 16:32:25 Revo Uninstaller's restore point - Alice Greenfingers
08-03-2015 16:33:20 Revo Uninstaller's restore point - Chicken Invaders 2
08-03-2015 16:34:25 Revo Uninstaller's restore point - Dream Day Wedding Married in Manhattan
08-03-2015 16:36:19 Revo Uninstaller's restore point - Game Park Console
08-03-2015 16:37:30 Revo Uninstaller's restore point - JTL-Wawi
08-03-2015 16:38:51 Revo Uninstaller's restore point - Mein CEWE FOTOBUCH
08-03-2015 16:41:01 Revo Uninstaller's restore point - Preispilot für Firefox
11-03-2015 19:59:02 Windows Update
12-03-2015 10:18:32 Revo Uninstaller's restore point - ASUS FancyStart
12-03-2015 10:42:26 Removed ASUS FancyStart
12-03-2015 10:46:59 Revo Uninstaller's restore point - Bing Bar
12-03-2015 11:07:01 Revo Uninstaller's restore point - CyberLink LabelPrint
12-03-2015 11:07:37 Konfiguriert LabelPrint
12-03-2015 11:13:30 Revo Uninstaller's restore point - CyberLink Power2Go
12-03-2015 11:13:53 Konfiguriert Power2Go
12-03-2015 11:16:10 Revo Uninstaller's restore point - Lexware lohnauskunft 2009
12-03-2015 11:16:25 Konfiguriert Lexware lohnauskunft 2009
12-03-2015 11:18:01 Revo Uninstaller's restore point - Lexware lohnauskunft 2009
12-03-2015 11:18:21 Revo Uninstaller's restore point - Lexware lohnauskunft 2014
12-03-2015 11:18:55 Removed Lexware lohnauskunft 2014.
12-03-2015 11:21:34 Revo Uninstaller's restore point - Lexware reisekosten 2009
12-03-2015 11:21:47 Konfiguriert Lexware reisekosten 2009
12-03-2015 11:23:13 Revo Uninstaller's restore point - Mozilla Firefox 36.0.1 (x86 de)
12-03-2015 11:27:02 Revo Uninstaller's restore point - Mozilla Firefox 36.0.1 (x86 de)
12-03-2015 11:48:31 Entfernt DELISprint
12-03-2015 11:52:20 Removed RENESIS® Player Browser Plugins
13-03-2015 16:19:53 TuneUp Utilities 2014 wird installiert
13-03-2015 16:20:57 TuneUp Utilities 2014 (de-DE) wird entfernt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {342CD102-1DE5-49AE-A53A-D33ABD85E7BC} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {3A775123-7BDC-4E16-A8B7-6845A96A4083} - System32\Tasks\{1EDF6135-BB20-413E-8288-BC728394B876} => pcalua.exe -a E:\LxSetup.exe -d E:\
Task: {40721C3F-0996-4274-98ED-E888934C6B43} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12] (Google Inc.)
Task: {429C9858-F46A-408D-87D6-64BC0F0C99B0} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] ()
Task: {474683AA-2C5B-46A0-9C72-919F9FB1CBE7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12] (Google Inc.)
Task: {53997FEA-15D2-4E30-B519-F00330284647} - System32\Tasks\{C4D39608-1BDD-4FDC-94D6-2EDA5B93ECA0} => pcalua.exe -a C:\Users\Zeeh\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs <==== ATTENTION
Task: {661E3F48-5794-4F49-9DDE-351E8CF265E6} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-18] (ASUS)
Task: {89E5C935-498B-489D-801A-3E66D5249F0A} - System32\Tasks\SQAKP => C:\ProgramData\9a57dd4bfbdc41d9a41d3b8b62f45107\9a57dd4bfbdc41d9a41d3b8b62f45107.exe
Task: {8EAA276A-C2F3-409E-8546-11C58E4FA00B} - System32\Tasks\{01B8A7C3-9EE9-4DFA-80E2-0171A0BB415D} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2013-07-23] (Microsoft Corporation)
Task: {8F20AF64-5623-47D4-84BD-6771C9B8432C} - System32\Tasks\{1EC1DF85-2F18-4E6E-98F2-7C1D92E46BBA} => pcalua.exe -a F:\aomwin200ea24.exe -d F:\
Task: {9C50DFC0-DC4F-4E99-B900-E921C5344D29} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A3D57154-76E9-41EB-B88A-431B82727931} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C2301F3D-2E4A-4C92-AF9D-A1600BCC6EA2} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-12-24] (ATK)
Task: {EBA787D0-3184-4EAB-9004-F21185C8620B} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {ECA98A70-61E5-4054-8BC5-BBC2BB7E9950} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {F4080C3B-FFD2-4ACA-852D-23B954EBF2C3} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-05] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\P4GIntlCtrl.job => C:\Program Files\P4G\IntlDPST.exe

==================== Loaded Modules (whitelisted) ==============

2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-08-18 19:25 - 2013-02-05 08:24 - 00671744 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
2014-08-18 19:29 - 2013-02-05 08:25 - 01541120 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe
2010-03-16 02:48 - 2010-03-16 02:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2008-10-23 18:21 - 2008-10-23 18:21 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-10 23:32 - 2010-08-10 23:32 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-02-28 02:33 - 2010-02-28 02:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll
2014-08-18 19:25 - 2009-01-10 11:32 - 00011362 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll
2014-08-18 19:25 - 2009-06-22 19:42 - 00043008 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll
2014-08-18 19:25 - 2012-10-31 10:11 - 02417152 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll
2014-08-18 19:25 - 2012-10-31 10:14 - 01148416 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll
2014-08-18 19:25 - 2012-10-31 10:33 - 09562624 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtGui4.dll
2014-08-18 19:29 - 2012-10-31 12:14 - 00082944 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qgif4.dll
2014-08-18 19:29 - 2012-10-31 12:16 - 00081920 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qico4.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2011-02-01 20:52 - 2011-02-01 20:52 - 11195512 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll
2014-09-11 14:09 - 2014-09-11 14:09 - 00176168 _____ () C:\Program Files (x86)\lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2014-09-11 14:09 - 2014-09-11 14:09 - 00043048 _____ () C:\Program Files (x86)\lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll
2013-01-17 13:32 - 2013-01-17 13:32 - 01433600 _____ () C:\Program Files (x86)\lexware\bueroeasy\PrintEng.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:63F29B08

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-1571306010-3709694829-1092883663-500 - Administrator - Disabled)
Gast (S-1-5-21-1571306010-3709694829-1092883663-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1571306010-3709694829-1092883663-1009 - Limited - Enabled)
Zeeh (S-1-5-21-1571306010-3709694829-1092883663-1000 - Administrator - Enabled) => C:\Users\Zeeh

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/11/2015 08:32:55 AM) (Source: ESENT) (EventID: 215) (User: )
Description: wlmail (4312) WindowsLiveMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.

Error: (03/06/2015 06:15:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm QBW32.exe, Version 28.2.0.197 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 19f4

Startzeit: 01d0583040803f95

Endzeit: 16

Anwendungspfad: C:\Program Files (x86)\lexware\bueroeasy\QBW32.exe

Berichts-ID: 4963e47b-c424-11e4-bb04-20cf3034dee3

Error: (03/06/2015 05:46:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TrueImage.exe, Version: 14.0.0.6696, Zeitstempel: 0x4d4857e3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00038e19
ID des fehlerhaften Prozesses: 0x1bec
Startzeit der fehlerhaften Anwendung: 0xTrueImage.exe0
Pfad der fehlerhaften Anwendung: TrueImage.exe1
Pfad des fehlerhaften Moduls: TrueImage.exe2
Berichtskennung: TrueImage.exe3

Error: (02/26/2015 07:37:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1494
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (02/26/2015 07:37:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x850
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (02/26/2015 07:37:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0xc40
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (02/26/2015 07:37:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1e3c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (02/26/2015 07:33:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm QBW32.exe, Version 28.2.0.197 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: af0

Startzeit: 01d0518cfce5f097

Endzeit: 15

Anwendungspfad: C:\Program Files (x86)\lexware\bueroeasy\QBW32.exe

Berichts-ID: 51bfa22e-bd81-11e4-9a0d-20cf3034dee3

Error: (02/16/2015 11:32:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1534
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (02/16/2015 10:59:11 AM) (Source: Winlogon) (EventID: 4004) (User: )
Description: Fehler beim Beenden der Prozesse des aktuell angemeldeten Benutzers durch den Windows-Anmeldeprozess.


System errors:
=============
Error: (03/14/2015 01:42:53 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (03/14/2015 01:42:53 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (03/14/2015 01:41:54 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Server" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (03/14/2015 01:41:01 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/14/2015 01:40:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/14/2015 01:40:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/14/2015 01:40:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/14/2015 01:40:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/14/2015 01:40:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Aufgabenplanung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/14/2015 01:40:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerprofildienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (03/11/2015 08:32:55 AM) (Source: ESENT) (EventID: 215) (User: )
Description: wlmail4312WindowsLiveMail0:

Error: (03/06/2015 06:15:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: QBW32.exe28.2.0.19719f401d0583040803f9516C:\Program Files (x86)\lexware\bueroeasy\QBW32.exe4963e47b-c424-11e4-bb04-20cf3034dee3

Error: (03/06/2015 05:46:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrueImage.exe14.0.0.66964d4857e3ntdll.dll6.1.7601.18247521ea8e7c000000500038e191bec01d0582ccc67203cC:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exeC:\Windows\SysWOW64\ntdll.dll6285e87c-c420-11e4-bb04-20cf3034dee3

Error: (02/26/2015 07:37:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425149401d0518ea545a0b3C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllf1055d48-bd81-11e4-9a0d-20cf3034dee3

Error: (02/26/2015 07:37:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f224800000030000142585001d0518cfc22bfc1C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllf103d6a8-bd81-11e4-9a0d-20cf3034dee3

Error: (02/26/2015 07:37:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425c4001d0518cfba6f833C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllf1025008-bd81-11e4-9a0d-20cf3034dee3

Error: (02/26/2015 07:37:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f22480000003000014251e3c01d0518cfc4ff9e6C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllea190d9c-bd81-11e4-9a0d-20cf3034dee3

Error: (02/26/2015 07:33:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: QBW32.exe28.2.0.197af001d0518cfce5f09715C:\Program Files (x86)\lexware\bueroeasy\QBW32.exe51bfa22e-bd81-11e4-9a0d-20cf3034dee3

Error: (02/16/2015 11:32:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425153401d049d265298d50C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll0a3e9428-b5c7-11e4-bb73-20cf3034dee3

Error: (02/16/2015 10:59:11 AM) (Source: Winlogon) (EventID: 4004) (User: )
Description: 


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz
Percentage of memory in use: 54%
Total physical RAM: 3948.54 MB
Available physical RAM: 1791.26 MB
Total Pagefile: 9946.73 MB
Available Pagefile: 7128.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:149.04 GB) (Free:93.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:427.59 GB) (Free:427.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=427.6 GB) - (Type=OF Extended)

==================== End Of Log ============================
         


Alt 15.03.2015, 07:55   #6
schrauber
/// the machine
/// TB-Ausbilder
 

bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt - Standard

bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt

Alt 17.03.2015, 20:20   #7
team
 
bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt - Standard

bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt



Ich war jetzt "fleißig": Teil 1 ist hier:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.03.17.06
  rootkit: v2015.02.25.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17691
Zeeh :: ZEEH-PC [administrator]

17.03.2015 18:59:10
mbar-log-2015-03-17 (18-59-10).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 375417
Time elapsed: 28 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\2355320829 (Rogue.Multiple) -> Delete on reboot. [c7d361e5fb8f7bbba66e2d33e22138c8]

Files Detected: 1
C:\Users\Zeeh\Downloads\yet_another_cleaner_cdls_setup_19230.exe (FraudTool.YAC) -> Delete on reboot. [d9c15ee839510531c39958da39c97789]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
und hier Teil 2:

Code:
ATTFilter
20:15:29.0801 0x0ba0  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
20:15:37.0211 0x0ba0  ============================================================
20:15:37.0211 0x0ba0  Current date / time: 2015/03/17 20:15:37.0211
20:15:37.0211 0x0ba0  SystemInfo:
20:15:37.0212 0x0ba0  
20:15:37.0212 0x0ba0  OS Version: 6.1.7601 ServicePack: 1.0
20:15:37.0212 0x0ba0  Product type: Workstation
20:15:37.0212 0x0ba0  ComputerName: ZEEH-PC
20:15:37.0212 0x0ba0  UserName: Zeeh
20:15:37.0212 0x0ba0  Windows directory: C:\Windows
20:15:37.0212 0x0ba0  System windows directory: C:\Windows
20:15:37.0212 0x0ba0  Running under WOW64
20:15:37.0212 0x0ba0  Processor architecture: Intel x64
20:15:37.0212 0x0ba0  Number of processors: 4
20:15:37.0212 0x0ba0  Page size: 0x1000
20:15:37.0212 0x0ba0  Boot type: Normal boot
20:15:37.0212 0x0ba0  ============================================================
20:15:37.0835 0x0ba0  KLMD registered as C:\Windows\system32\drivers\98714250.sys
20:15:38.0938 0x0ba0  System UUID: {A12E0C5D-011C-B5E0-7139-F7C5D85CF17E}
20:15:41.0029 0x0ba0  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:15:41.0037 0x0ba0  Drive \Device\Harddisk1\DR1 - Size: 0xF0000000 ( 3.75 Gb ), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:15:41.0041 0x0ba0  ============================================================
20:15:41.0041 0x0ba0  \Device\Harddisk0\DR0:
20:15:41.0041 0x0ba0  MBR partitions:
20:15:41.0041 0x0ba0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x12A14A08
20:15:41.0058 0x0ba0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x15127000, BlocksNum 0x35730800
20:15:41.0059 0x0ba0  \Device\Harddisk1\DR1:
20:15:41.0060 0x0ba0  MBR partitions:
20:15:41.0060 0x0ba0  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x77E000
20:15:41.0060 0x0ba0  ============================================================
20:15:41.0119 0x0ba0  C: <-> \Device\Harddisk0\DR0\Partition1
20:15:41.0176 0x0ba0  D: <-> \Device\Harddisk0\DR0\Partition2
20:15:41.0176 0x0ba0  ============================================================
20:15:41.0176 0x0ba0  Initialize success
20:15:41.0176 0x0ba0  ============================================================
20:15:53.0796 0x067c  ============================================================
20:15:53.0796 0x067c  Scan started
20:15:53.0796 0x067c  Mode: Manual; SigCheck; TDLFS; 
20:15:53.0796 0x067c  ============================================================
20:15:53.0796 0x067c  KSN ping started
20:16:07.0115 0x067c  KSN ping finished: true
20:16:08.0600 0x067c  ================ Scan system memory ========================
20:16:08.0601 0x067c  System memory - ok
20:16:08.0601 0x067c  ================ Scan services =============================
20:16:08.0801 0x067c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:16:09.0036 0x067c  1394ohci - ok
20:16:09.0105 0x067c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:16:09.0126 0x067c  ACPI - ok
20:16:09.0181 0x067c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:16:09.0284 0x067c  AcpiPmi - ok
20:16:09.0463 0x067c  [ 3DD353A5BF7AF6DB7AFF1166435D4AE0, 8D9EE5369D8208BF6E37A2B1F54DE087F564812045B92309054CE89EA70D7600 ] AcrSch2Svc      C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
20:16:09.0500 0x067c  AcrSch2Svc - ok
20:16:09.0596 0x067c  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:16:09.0610 0x067c  AdobeARMservice - ok
20:16:09.0762 0x067c  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:16:09.0807 0x067c  AdobeFlashPlayerUpdateSvc - ok
20:16:09.0895 0x067c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:16:09.0961 0x067c  adp94xx - ok
20:16:10.0029 0x067c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:16:10.0066 0x067c  adpahci - ok
20:16:10.0128 0x067c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:16:10.0159 0x067c  adpu320 - ok
20:16:10.0205 0x067c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:16:10.0339 0x067c  AeLookupSvc - ok
20:16:10.0402 0x067c  [ 2D00D3DADC1D3326BA788EB071F2726E, 559048C0A15BBA83367D0F2969F48042FB1D11C9862A0BA4DF69FB15DECB8761 ] AFBAgent        C:\Windows\system32\FBAgent.exe
20:16:10.0429 0x067c  AFBAgent - ok
20:16:10.0485 0x067c  [ AE1FCE2CD1E99BEA89183BA8CD320872, 96F14BCA0C2479F39A5027A71922907D0F35CAD8E9A5037674DF7995BBDB2B51 ] afcdp           C:\Windows\system32\DRIVERS\afcdp.sys
20:16:10.0501 0x067c  afcdp - ok
20:16:10.0636 0x067c  [ AF44F7E027037628F1FAC3C13CDE73E6, 56A95EBF2241C275FD401487C5F0E86859F8637D8B1BD01B7157EE9BC22B1907 ] afcdpsrv        C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
20:16:10.0718 0x067c  afcdpsrv - ok
20:16:10.0800 0x067c  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
20:16:10.0866 0x067c  AFD - ok
20:16:10.0933 0x067c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
20:16:10.0955 0x067c  agp440 - ok
20:16:11.0000 0x067c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
20:16:11.0054 0x067c  ALG - ok
20:16:11.0122 0x067c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:16:11.0145 0x067c  aliide - ok
20:16:11.0192 0x067c  [ 46693222FCDB3175AAAED017EAA6FCC7, 901484FCD4C59BA2480EE6A26F5A9AA163DA2AA412B68FF7C97F4285F0DC593D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:16:11.0241 0x067c  AMD External Events Utility - ok
20:16:11.0304 0x067c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:16:11.0325 0x067c  amdide - ok
20:16:11.0361 0x067c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:16:11.0427 0x067c  AmdK8 - ok
20:16:11.0451 0x067c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:16:11.0504 0x067c  AmdPPM - ok
20:16:11.0551 0x067c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:16:11.0571 0x067c  amdsata - ok
20:16:11.0605 0x067c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:16:11.0621 0x067c  amdsbs - ok
20:16:11.0633 0x067c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:16:11.0644 0x067c  amdxata - ok
20:16:11.0678 0x067c  [ 9C7F164B49CADC658D1B3C575782F346, 7C5FD203735041B6AEB2E551A63CE5F46DB41044BC72E7E77A72F316197C80DA ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
20:16:11.0711 0x067c  AmUStor - ok
20:16:11.0751 0x067c  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
20:16:11.0783 0x067c  AppID - ok
20:16:11.0812 0x067c  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:16:11.0846 0x067c  AppIDSvc - ok
20:16:11.0907 0x067c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
20:16:11.0961 0x067c  Appinfo - ok
20:16:12.0003 0x067c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:16:12.0025 0x067c  arc - ok
20:16:12.0050 0x067c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:16:12.0071 0x067c  arcsas - ok
20:16:12.0134 0x067c  [ 18E5C2F937F9DEB8C282DF66A3761925, 30294C381F8C7DCB45EF9BCF572F410FF47630E12D5AA02259C6C80F07BEF495 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
20:16:12.0148 0x067c  ASLDRService - ok
20:16:12.0163 0x067c  [ 4C016FD76ED5C05E84CA8CAB77993961, 025E7BE9FCEFD6A83F4471BBA0C11F1C11BD5047047D26626DA24EE9A419CDC4 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
20:16:12.0173 0x067c  ASMMAP64 - ok
20:16:12.0195 0x067c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:16:12.0252 0x067c  AsyncMac - ok
20:16:12.0308 0x067c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:16:12.0320 0x067c  atapi - ok
20:16:12.0390 0x067c  [ 0ACC06FCF46F64ED4F11E57EE461C1F4, F2AB7198C7F7D36AB1D6D03C1FEFD929ED402002AC835B909FC14938BC0EE24B ] athr            C:\Windows\system32\DRIVERS\athrx.sys
20:16:12.0485 0x067c  athr - ok
20:16:12.0540 0x067c  [ FB7602C5C508BE281368AAE0B61B51C6, 81FB4ABFA006974C20CA0E9FEB279A51CC4A9F0C1DA67075AA0EAD13F43B3782 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
20:16:12.0553 0x067c  AtiHdmiService - ok
20:16:12.0782 0x067c  [ 99C262242A279976206ECE1D3C74DF27, B0E35CF7F9C820C4D7300183CC4401ABEB1AA439959563E8513DDE00947ABA23 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:16:13.0074 0x067c  atikmdag - ok
20:16:13.0117 0x067c  [ 63F1212FFE13E62CA1E8D8EE19ABD9A7, A552CAF830CD1D01C077EDDEC95832F5826631D2DFA8747E0E393E32ACED2A57 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
20:16:13.0127 0x067c  ATKGFNEXSrv - ok
20:16:13.0174 0x067c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:16:13.0238 0x067c  AudioEndpointBuilder - ok
20:16:13.0258 0x067c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:16:13.0285 0x067c  AudioSrv - ok
20:16:13.0328 0x067c  [ 6A300AD0E23A155B2C3A7FAB0D4AABD1, AD283CC530482C0C155727C3234BFA4773C8C80B4C9912448196F83407C3CFD4 ] avmaudio        C:\Windows\system32\DRIVERS\avmaudio.sys
20:16:13.0370 0x067c  avmaudio - ok
20:16:13.0464 0x067c  [ AB1AF0BA03DCB6A879BC22F472EACEEA, A75B73D0B1FE885F6DC2C7A0B755A6E12F9DC54CE702A1FFC3F283196793627A ] AVP15.0.1       C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
20:16:13.0492 0x067c  AVP15.0.1 - ok
20:16:13.0549 0x067c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:16:13.0619 0x067c  AxInstSV - ok
20:16:13.0689 0x067c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:16:13.0756 0x067c  b06bdrv - ok
20:16:13.0830 0x067c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:16:13.0880 0x067c  b57nd60a - ok
20:16:13.0933 0x067c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:16:13.0976 0x067c  BDESVC - ok
20:16:14.0006 0x067c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:16:14.0112 0x067c  Beep - ok
20:16:14.0203 0x067c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
20:16:14.0285 0x067c  BFE - ok
20:16:14.0338 0x067c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
20:16:14.0445 0x067c  BITS - ok
20:16:14.0477 0x067c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:16:14.0510 0x067c  blbdrive - ok
20:16:14.0559 0x067c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:16:14.0602 0x067c  bowser - ok
20:16:14.0654 0x067c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:16:14.0693 0x067c  BrFiltLo - ok
20:16:14.0713 0x067c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:16:14.0788 0x067c  BrFiltUp - ok
20:16:14.0851 0x067c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
20:16:14.0885 0x067c  Browser - ok
20:16:14.0926 0x067c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:16:15.0005 0x067c  Brserid - ok
20:16:15.0042 0x067c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:16:15.0079 0x067c  BrSerWdm - ok
20:16:15.0114 0x067c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:16:15.0191 0x067c  BrUsbMdm - ok
20:16:15.0228 0x067c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:16:15.0259 0x067c  BrUsbSer - ok
20:16:15.0313 0x067c  [ DB109DA005B6FE2A350C5DD7CA768DFD, 241A0BFAEFB1B165C00EE75E8CA382B5935F5DF447DAD5AE9022B2B78317668E ] BrYNSvc         C:\Program Files (x86)\Browny02\BrYNSvc.exe
20:16:15.0338 0x067c  BrYNSvc - detected UnsignedFile.Multi.Generic ( 1 )
20:16:25.0416 0x067c  BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
20:16:25.0416 0x067c  Force sending object to P2P due to detect: BrYNSvc
20:16:37.0796 0x067c  Object send P2P result: true
20:16:57.0039 0x067c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:16:57.0088 0x067c  BTHMODEM - ok
20:16:57.0133 0x067c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
20:16:57.0216 0x067c  bthserv - ok
20:16:57.0257 0x067c  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] c4791e60        C:\Windows\system32\rundll32.exe
20:16:57.0319 0x067c  c4791e60 - ok
20:16:57.0358 0x067c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:16:57.0435 0x067c  cdfs - ok
20:16:57.0517 0x067c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:16:57.0550 0x067c  cdrom - ok
20:16:57.0602 0x067c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:16:57.0655 0x067c  CertPropSvc - ok
20:16:57.0693 0x067c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:16:57.0720 0x067c  circlass - ok
20:16:57.0856 0x067c  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
20:16:57.0908 0x067c  CLFS - ok
20:16:57.0995 0x067c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:16:58.0022 0x067c  clr_optimization_v2.0.50727_32 - ok
20:16:58.0118 0x067c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:16:58.0144 0x067c  clr_optimization_v2.0.50727_64 - ok
20:16:58.0275 0x067c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:16:58.0307 0x067c  clr_optimization_v4.0.30319_32 - ok
20:16:58.0432 0x067c  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:16:58.0547 0x067c  clr_optimization_v4.0.30319_64 - ok
20:16:58.0579 0x067c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:16:58.0630 0x067c  CmBatt - ok
20:16:58.0670 0x067c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:16:58.0693 0x067c  cmdide - ok
20:16:58.0736 0x067c  [ AFA1BFF926592FD0C3AB97D838652EF9, C38BC4BBD4EDF779993B2FECF96C1FD55B085F3FBEB3E1AE3C892DFD369D611D ] cm_km_w         C:\Windows\system32\DRIVERS\cm_km_w.sys
20:16:58.0756 0x067c  cm_km_w - ok
20:16:58.0816 0x067c  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
20:16:58.0908 0x067c  CNG - ok
20:16:58.0941 0x067c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:16:58.0960 0x067c  Compbatt - ok
20:16:59.0008 0x067c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:16:59.0066 0x067c  CompositeBus - ok
20:16:59.0080 0x067c  COMSysApp - ok
20:16:59.0198 0x067c  cpuz134 - ok
20:16:59.0260 0x067c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:16:59.0284 0x067c  crcdisk - ok
20:16:59.0351 0x067c  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:16:59.0425 0x067c  CryptSvc - ok
20:16:59.0480 0x067c  [ AB1201F8DE199E764DA9A32ABF71049C, 63961E0B7DC449CAD080E6566A643D682C92125649724DCFB18D4BD9C924DEAA ] CSCrySec        C:\Windows\system32\DRIVERS\CSCrySec.sys
20:16:59.0501 0x067c  CSCrySec - ok
20:16:59.0543 0x067c  [ A6EED705BB510FA6B0F9F097165A3395, 2393B8ED240373F836C6C9053BFC0D3B7AC2AE4B9D5B4C35B8BADAC9ED78991C ] CSVirtualDiskDrv C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys
20:16:59.0556 0x067c  CSVirtualDiskDrv - ok
20:16:59.0811 0x067c  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:16:59.0846 0x067c  cvhsvc - ok
20:16:59.0924 0x067c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:17:00.0010 0x067c  DcomLaunch - ok
20:17:00.0051 0x067c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
20:17:00.0120 0x067c  defragsvc - ok
20:17:00.0165 0x067c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:17:00.0240 0x067c  DfsC - ok
20:17:00.0302 0x067c  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
20:17:00.0323 0x067c  dg_ssudbus - ok
20:17:00.0394 0x067c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:17:00.0449 0x067c  Dhcp - ok
20:17:00.0478 0x067c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
20:17:00.0545 0x067c  discache - ok
20:17:00.0584 0x067c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:17:00.0596 0x067c  Disk - ok
20:17:00.0700 0x067c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:17:00.0765 0x067c  Dnscache - ok
20:17:00.0823 0x067c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:17:00.0915 0x067c  dot3svc - ok
20:17:01.0008 0x067c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
20:17:01.0107 0x067c  DPS - ok
20:17:01.0160 0x067c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:17:01.0201 0x067c  drmkaud - ok
20:17:01.0302 0x067c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:17:01.0374 0x067c  DXGKrnl - ok
20:17:01.0415 0x067c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
20:17:01.0470 0x067c  EapHost - ok
20:17:01.0671 0x067c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:17:01.0833 0x067c  ebdrv - ok
20:17:01.0876 0x067c  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] EFS             C:\Windows\System32\lsass.exe
20:17:01.0910 0x067c  EFS - ok
20:17:02.0041 0x067c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:17:02.0128 0x067c  ehRecvr - ok
20:17:02.0157 0x067c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
20:17:02.0198 0x067c  ehSched - ok
20:17:02.0271 0x067c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:17:02.0320 0x067c  elxstor - ok
20:17:02.0361 0x067c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:17:02.0426 0x067c  ErrDev - ok
20:17:02.0475 0x067c  [ 3C38648375B7F3988691F53A7AAE10A9, 2423EE67C8E9ACEA3526E5221177F5C63665820ED8A82F6DE0A9997389687C03 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
20:17:02.0492 0x067c  ETD - ok
20:17:02.0543 0x067c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
20:17:02.0632 0x067c  EventSystem - ok
20:17:02.0703 0x067c  [ 7230F4CF9F20DCD1DBF4BB3296EEED68, 0B9EAA411271AAB9C84680AAF8910854124D8A318A7388E0E356869126BE533D ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
20:17:02.0765 0x067c  ew_hwusbdev - ok
20:17:02.0803 0x067c  [ 5222D99C7E3245882E864D2EA7011387, 184E36074C765243783F69B7073FB2FAFC53BB18209ECD5030514CC513A47C8B ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
20:17:02.0862 0x067c  ew_usbenumfilter - ok
20:17:02.0896 0x067c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:17:02.0991 0x067c  exfat - ok
20:17:03.0018 0x067c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:17:03.0092 0x067c  fastfat - ok
20:17:03.0165 0x067c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
20:17:03.0275 0x067c  Fax - ok
20:17:03.0296 0x067c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:17:03.0313 0x067c  fdc - ok
20:17:03.0358 0x067c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
20:17:03.0422 0x067c  fdPHost - ok
20:17:03.0463 0x067c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:17:03.0529 0x067c  FDResPub - ok
20:17:03.0575 0x067c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:17:03.0589 0x067c  FileInfo - ok
20:17:03.0604 0x067c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:17:03.0661 0x067c  Filetrace - ok
20:17:03.0683 0x067c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:17:03.0729 0x067c  flpydisk - ok
20:17:03.0778 0x067c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:17:03.0801 0x067c  FltMgr - ok
20:17:03.0869 0x067c  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
20:17:03.0979 0x067c  FontCache - ok
20:17:04.0042 0x067c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:17:04.0064 0x067c  FontCache3.0.0.0 - ok
20:17:04.0091 0x067c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:17:04.0103 0x067c  FsDepends - ok
20:17:04.0163 0x067c  [ 5814011B2F6E088E29D689B5FCD49B8F, 15C09FB9A80FDDB65FB831944BEC1B81743E0B7E4469F35E9FD4142FBB673C0E ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
20:17:04.0184 0x067c  fssfltr - ok
20:17:04.0271 0x067c  [ F6717211C1EC2CDDAA81B97B0727C2E9, C1FD5A389167A826C002E28339BFCF7DC8851652647016D0DCF8585EB0B8FB28 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
20:17:04.0295 0x067c  fsssvc - ok
20:17:04.0326 0x067c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:17:04.0337 0x067c  Fs_Rec - ok
20:17:04.0370 0x067c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:17:04.0392 0x067c  fvevol - ok
20:17:04.0435 0x067c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:17:04.0460 0x067c  gagp30kx - ok
20:17:04.0519 0x067c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:17:04.0641 0x067c  gpsvc - ok
20:17:04.0754 0x067c  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:17:04.0778 0x067c  gupdate - ok
20:17:04.0826 0x067c  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:17:04.0847 0x067c  gupdatem - ok
20:17:04.0871 0x067c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:17:04.0891 0x067c  hcw85cir - ok
20:17:04.0952 0x067c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:17:04.0998 0x067c  HdAudAddService - ok
20:17:05.0050 0x067c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:17:05.0087 0x067c  HDAudBus - ok
20:17:05.0133 0x067c  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
20:17:05.0145 0x067c  HECIx64 - ok
20:17:05.0168 0x067c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:17:05.0197 0x067c  HidBatt - ok
20:17:05.0233 0x067c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:17:05.0265 0x067c  HidBth - ok
20:17:05.0306 0x067c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:17:05.0349 0x067c  HidIr - ok
20:17:05.0399 0x067c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
20:17:05.0476 0x067c  hidserv - ok
20:17:05.0534 0x067c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
20:17:05.0549 0x067c  HidUsb - ok
20:17:05.0594 0x067c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:17:05.0645 0x067c  hkmsvc - ok
20:17:05.0687 0x067c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:17:05.0736 0x067c  HomeGroupListener - ok
20:17:05.0791 0x067c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:17:05.0832 0x067c  HomeGroupProvider - ok
20:17:05.0888 0x067c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:17:05.0904 0x067c  HpSAMD - ok
20:17:05.0969 0x067c  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:17:06.0096 0x067c  HTTP - ok
20:17:06.0149 0x067c  [ 73E0BB3F22FD486458D89DC469225DD0, 5431D33D33D54D3045B307C16C3DF7BAEED5EDB10F1C426CAF2CE24837562577 ] huawei_cdcacm   C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
20:17:06.0188 0x067c  huawei_cdcacm - ok
20:17:06.0217 0x067c  [ 6196072AB259D45261619FA1230D6E1A, 22ABE79B3A2C05BB90531B4BD4230CEC313D8B1D12B790C87741526E41EACDAB ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
20:17:06.0262 0x067c  huawei_enumerator - ok
20:17:06.0342 0x067c  [ 4565D7B2738BA36D7B723A9E46D5C32E, BB5B43429B9A0A5A3E813A5D6101139F8B1E63E006EBAB9001D4B2E406769C41 ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
20:17:06.0388 0x067c  huawei_ext_ctrl - ok
20:17:06.0444 0x067c  [ 7C46C0A04634F3059B9729EADB62FA15, 980C2D1CF187E20A9F92D18B64EA28330A0E983E2D48F4A6EC33ADCF288D7874 ] huawei_wwanecm  C:\Windows\system32\DRIVERS\ew_juwwanecm.sys
20:17:06.0492 0x067c  huawei_wwanecm - ok
20:17:06.0621 0x067c  [ E90DA42B87D684DEBFB73B38A718A006, BB18C63C1982F5CB99C9B65D2B801E8C1909AD7CD0171326DC0015D6B781B451 ] HWDeviceService64.exe C:\ProgramData\DatacardService\HWDeviceService64.exe
20:17:06.0638 0x067c  HWDeviceService64.exe - ok
20:17:06.0671 0x067c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:17:06.0682 0x067c  hwpolicy - ok
20:17:06.0742 0x067c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:17:06.0794 0x067c  i8042prt - ok
20:17:06.0842 0x067c  [ BBB3B6DF1ABB0FE35802EDE85CC1C011, 6E1FA8519A7D417969244E807D2863B39656169A925966045036A989A5EB611D ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
20:17:06.0865 0x067c  iaStor - ok
20:17:06.0932 0x067c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:17:06.0983 0x067c  iaStorV - ok
20:17:07.0056 0x067c  [ 99730C456C8FF7A544D23445C7EEDA4A, C04EFDB14018B362146EDD74A429A088DFB7836E5EF315AF7521BEBEF538B192 ] ICM_UpdaterService C:\Program Files (x86)\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe
20:17:07.0073 0x067c  ICM_UpdaterService - detected UnsignedFile.Multi.Generic ( 1 )
20:17:17.0075 0x067c  ICM_UpdaterService ( UnsignedFile.Multi.Generic ) - warning
20:17:27.0397 0x067c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:17:27.0447 0x067c  idsvc - ok
20:17:27.0486 0x067c  IEEtwCollectorService - ok
20:17:27.0524 0x067c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:17:27.0538 0x067c  iirsp - ok
20:17:27.0588 0x067c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
20:17:27.0670 0x067c  IKEEXT - ok
20:17:27.0715 0x067c  [ 36FDF367A1DABFF903E2214023D71368, 60468692C1D048428AF25ED87DE23DAE756C7BA2B6CF6AF5EFD2E53C80F5FC68 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
20:17:27.0756 0x067c  Impcd - ok
20:17:27.0796 0x067c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:17:27.0816 0x067c  intelide - ok
20:17:27.0847 0x067c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:17:27.0891 0x067c  intelppm - ok
20:17:28.0014 0x067c  [ C5678CCEB3E9E03639C0A0E67B132E92, 3997C2F0410C7211C32730D3D80CDE18EABAAC9F244282008490351B9A4057EB ] Internet Manager. RunOuc C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe
20:17:28.0051 0x067c  Internet Manager. RunOuc - detected UnsignedFile.Multi.Generic ( 1 )
20:17:28.0051 0x067c  Internet Manager. RunOuc ( UnsignedFile.Multi.Generic ) - warning
20:17:28.0051 0x067c  Force sending object to P2P due to detect: Internet Manager. RunOuc
20:17:28.0056 0x067c  Object send P2P result: false
20:17:28.0111 0x067c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:17:28.0155 0x067c  IPBusEnum - ok
20:17:28.0194 0x067c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:17:28.0242 0x067c  IpFilterDriver - ok
20:17:28.0486 0x067c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:17:28.0528 0x067c  iphlpsvc - ok
20:17:28.0572 0x067c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:17:28.0614 0x067c  IPMIDRV - ok
20:17:28.0638 0x067c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:17:28.0689 0x067c  IPNAT - ok
20:17:28.0733 0x067c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:17:28.0778 0x067c  IRENUM - ok
20:17:28.0822 0x067c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:17:28.0845 0x067c  isapnp - ok
20:17:28.0883 0x067c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:17:28.0905 0x067c  iScsiPrt - ok
20:17:28.0921 0x067c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
20:17:28.0934 0x067c  kbdclass - ok
20:17:28.0982 0x067c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
20:17:29.0036 0x067c  kbdhid - ok
20:17:29.0077 0x067c  [ E63EF8C3271D014F14E2469CE75FECB4, 3A8DFA4B446AFDC35F01FD5218D0BEBC510A1E3DE9976210F00D19767D0F9069 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
20:17:29.0090 0x067c  kbfiltr - ok
20:17:29.0099 0x067c  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] KeyIso          C:\Windows\system32\lsass.exe
20:17:29.0118 0x067c  KeyIso - ok
20:17:29.0198 0x067c  [ D93E72DCC2A99E67931BB79485563146, 7EF496A82E69A53465ED7D45E890275E44C979AD5E9C5E482E0DBE5DC9AD9AD3 ] KL1             C:\Windows\system32\DRIVERS\kl1.sys
20:17:29.0241 0x067c  KL1 - ok
20:17:29.0263 0x067c  [ CEF0410B784E8CEB0175103CDE52E7FA, 729A45D76D1886E5ECDF23F96925CEBB90A31EFA5A798D69D9C5A684380B6E36 ] kldisk          C:\Windows\system32\DRIVERS\kldisk.sys
20:17:29.0274 0x067c  kldisk - ok
20:17:29.0306 0x067c  [ 09F851161CB4B3D92CDE85B3845DCECC, C86EE26F13DB904CD0CB92BEE282188D5E56ECE071F4D6E53F9AAB6D911C5DE0 ] klflt           C:\Windows\system32\DRIVERS\klflt.sys
20:17:29.0320 0x067c  klflt - ok
20:17:29.0381 0x067c  [ 7A64190934B66C17F41D3921353BAEDD, D212A6ECB1CBCC665336DF982B5061A72CD88CB5BF6B2EB14B11B8BE756A670E ] klhk            C:\Windows\system32\DRIVERS\klhk.sys
20:17:29.0399 0x067c  klhk - ok
20:17:29.0502 0x067c  [ B8B20727DD8B9753614E089682473563, CA39E9A517CC8B1E04860E0AFB03B0CD7FBDE66143B6CA26FB9DC0EBF80F8F48 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
20:17:29.0547 0x067c  KLIF - ok
20:17:29.0596 0x067c  [ FEAD1F401CBE9383A642877A6EA1398F, 0529A96D406DAB1C0715692441BDBC1C05123EB62005B806A8EFF5B0B6DCD5DB ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
20:17:29.0606 0x067c  KLIM6 - ok
20:17:29.0636 0x067c  [ 3FAE739F2AFEA18BCBB9C5E7DC6E889D, 5990C074BCB8E2172AE0A2AC0A31E6636B3C3EF0A5BB1F593E62D22D53FC5BF0 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
20:17:29.0646 0x067c  klkbdflt - ok
20:17:29.0685 0x067c  [ 72CF64FBF38CD681FA7F37176047E967, BE5683C119DCEF7E678EE477D6CADF873E32D42372A253B7E86B8C335DF28E1C ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
20:17:29.0696 0x067c  klmouflt - ok
20:17:29.0713 0x067c  [ 8C0EC95AD65A0DE3D6C040591D02BF02, 272FB83752B73684FA7BDBE256FAFD56138E4755AAEFED9E7EF8F0E3D0ACFAF2 ] klpd            C:\Windows\system32\DRIVERS\klpd.sys
20:17:29.0724 0x067c  klpd - ok
20:17:29.0740 0x067c  [ 43957361D346A4263873932D572613F2, 719E61CADF6FB49C24370899329BDE198E55DEB175F5701382EE16311D8576D9 ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
20:17:29.0752 0x067c  kltdi - ok
20:17:29.0784 0x067c  [ 926BA68DA79545EB6D99BB009B781E5E, EB1DB801044EB4228D38D85A8B6853EFE887B7D4E1EA1F0B8F75DD4886C96467 ] Klwtp           C:\Windows\system32\DRIVERS\klwtp.sys
20:17:29.0798 0x067c  Klwtp - ok
20:17:29.0813 0x067c  [ D4CEEAC11C65F49D0F42E74440E829BF, 7E289BB5E400326BADDD61CBB99CB268A3E99103CF16968E1D9141C205EE309C ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
20:17:29.0829 0x067c  kneps - ok
20:17:29.0857 0x067c  [ 56ED3EE5FED6BF2FC1305CF872042868, 44F77AE3CD83284800FF106156ABCB63047327855E2535EE278289AF6F05579C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:17:29.0872 0x067c  KSecDD - ok
20:17:29.0962 0x067c  [ 8BA90F480705D7153AD0060CCA62222A, B3E610DFAB382368114D026947084A72AFC4F5BF9C28317F411D4ED91E0B3192 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:17:29.0988 0x067c  KSecPkg - ok
20:17:30.0047 0x067c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:17:30.0099 0x067c  ksthunk - ok
20:17:30.0139 0x067c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:17:30.0208 0x067c  KtmRm - ok
20:17:30.0251 0x067c  [ 9C46A5421DE9D116C47155317CABB522, 276ECDAA08EADF2F2B572415637A58FC33097ED6A026580DAA1868AAC90064A7 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
20:17:30.0291 0x067c  L1C - ok
20:17:30.0350 0x067c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:17:30.0420 0x067c  LanmanServer - ok
20:17:30.0466 0x067c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:17:30.0529 0x067c  LanmanWorkstation - ok
20:17:30.0615 0x067c  [ 466DB8076C33774745AC04FA55F875E1, 861FB68ABB273C81AC3FBE00843A6CD830187DC8E4B3A7C3E3C7EFE589628A60 ] Lexware_Update_Service C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
20:17:30.0625 0x067c  Lexware_Update_Service - ok
20:17:30.0660 0x067c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:17:30.0721 0x067c  lltdio - ok
20:17:30.0770 0x067c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:17:30.0854 0x067c  lltdsvc - ok
20:17:30.0885 0x067c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:17:30.0924 0x067c  lmhosts - ok
20:17:30.0999 0x067c  [ A1C148801B4AF64847AEB9F3AD9594EF, FF6ED89EA47DF74C33CD8BFAC48FAED1B979348ABA6B6D94EE07CBD21810F37B ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:17:31.0037 0x067c  LMS - detected UnsignedFile.Multi.Generic ( 1 )
20:17:31.0037 0x067c  LMS ( UnsignedFile.Multi.Generic ) - warning
20:17:31.0037 0x067c  Force sending object to P2P due to detect: LMS
20:17:31.0041 0x067c  Object send P2P result: false
20:17:31.0089 0x067c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:17:31.0108 0x067c  LSI_FC - ok
20:17:31.0126 0x067c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:17:31.0145 0x067c  LSI_SAS - ok
20:17:31.0155 0x067c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:17:31.0169 0x067c  LSI_SAS2 - ok
20:17:31.0192 0x067c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:17:31.0206 0x067c  LSI_SCSI - ok
20:17:31.0227 0x067c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
20:17:31.0267 0x067c  luafv - ok
20:17:31.0311 0x067c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:17:31.0329 0x067c  Mcx2Svc - ok
20:17:31.0339 0x067c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:17:31.0352 0x067c  megasas - ok
20:17:31.0376 0x067c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:17:31.0396 0x067c  MegaSR - ok
20:17:31.0433 0x067c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
20:17:31.0512 0x067c  MMCSS - ok
20:17:31.0559 0x067c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
20:17:31.0625 0x067c  Modem - ok
20:17:31.0659 0x067c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:17:31.0690 0x067c  monitor - ok
20:17:31.0722 0x067c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:17:31.0736 0x067c  mouclass - ok
20:17:31.0769 0x067c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:17:31.0806 0x067c  mouhid - ok
20:17:31.0843 0x067c  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:17:31.0860 0x067c  mountmgr - ok
20:17:31.0909 0x067c  [ 81E8AF6407EC3F41908FE37F054353EA, 756C7656ED68AEAE4225E952ED1CED0717264D3378DB8DF0B2D70B6EBC67C62F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:17:31.0931 0x067c  MozillaMaintenance - ok
20:17:32.0006 0x067c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:17:32.0033 0x067c  mpio - ok
20:17:32.0072 0x067c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:17:32.0150 0x067c  mpsdrv - ok
20:17:32.0241 0x067c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:17:32.0366 0x067c  MpsSvc - ok
20:17:32.0397 0x067c  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:17:32.0440 0x067c  MRxDAV - ok
20:17:32.0502 0x067c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:17:32.0558 0x067c  mrxsmb - ok
20:17:32.0591 0x067c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:17:32.0627 0x067c  mrxsmb10 - ok
20:17:32.0655 0x067c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:17:32.0682 0x067c  mrxsmb20 - ok
20:17:32.0715 0x067c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:17:32.0727 0x067c  msahci - ok
20:17:32.0787 0x067c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:17:32.0814 0x067c  msdsm - ok
20:17:32.0869 0x067c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
20:17:32.0903 0x067c  MSDTC - ok
20:17:32.0937 0x067c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:17:32.0998 0x067c  Msfs - ok
20:17:33.0005 0x067c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:17:33.0059 0x067c  mshidkmdf - ok
20:17:33.0098 0x067c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:17:33.0109 0x067c  msisadrv - ok
20:17:33.0162 0x067c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:17:33.0247 0x067c  MSiSCSI - ok
20:17:33.0251 0x067c  msiserver - ok
20:17:33.0289 0x067c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:17:33.0329 0x067c  MSKSSRV - ok
20:17:33.0361 0x067c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:17:33.0427 0x067c  MSPCLOCK - ok
20:17:33.0459 0x067c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:17:33.0541 0x067c  MSPQM - ok
20:17:33.0591 0x067c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:17:33.0612 0x067c  MsRPC - ok
20:17:33.0644 0x067c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:17:33.0657 0x067c  mssmbios - ok
20:17:33.0750 0x067c  MSSQL$JTLWAWI - ok
20:17:33.0794 0x067c  [ 1D89EB4E2A99CABD4E81225F4F4C4B25, B9C4D956E3F74CB463A1A14287F4B550381FBB3E4B2DF9418E041E02A159E31E ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
20:17:33.0813 0x067c  MSSQLServerADHelper - ok
20:17:33.0840 0x067c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:17:33.0880 0x067c  MSTEE - ok
20:17:33.0897 0x067c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:17:33.0925 0x067c  MTConfig - ok
20:17:33.0975 0x067c  [ 032D35C996F21D19A205A7C8F0B76F3C, 1A1C5BD7204BB937A05E201BCC0840B2C8E4B273D8E1D6D9407264FB4C57F014 ] MTsensor        C:\Windows\system32\DRIVERS\ATK64AMD.sys
20:17:33.0986 0x067c  MTsensor - ok
20:17:34.0030 0x067c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
20:17:34.0046 0x067c  Mup - ok
20:17:34.0099 0x067c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
20:17:34.0205 0x067c  napagent - ok
20:17:34.0257 0x067c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:17:34.0301 0x067c  NativeWifiP - ok
20:17:34.0403 0x067c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:17:34.0475 0x067c  NDIS - ok
20:17:34.0525 0x067c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:17:34.0587 0x067c  NdisCap - ok
20:17:34.0624 0x067c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:17:34.0678 0x067c  NdisTapi - ok
20:17:34.0722 0x067c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:17:34.0776 0x067c  Ndisuio - ok
20:17:34.0826 0x067c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:17:34.0883 0x067c  NdisWan - ok
20:17:34.0908 0x067c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:17:34.0956 0x067c  NDProxy - ok
20:17:34.0992 0x067c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:17:35.0082 0x067c  NetBIOS - ok
20:17:35.0133 0x067c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:17:35.0187 0x067c  NetBT - ok
20:17:35.0199 0x067c  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] Netlogon        C:\Windows\system32\lsass.exe
20:17:35.0211 0x067c  Netlogon - ok
20:17:35.0244 0x067c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
20:17:35.0306 0x067c  Netman - ok
20:17:35.0360 0x067c  [ 9D0157074866FCF3EA2A07185D93FC72, C4107EE60ADA7E326DF7B27602166E9D57CB9982717605730BF7C7D2401E30A9 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:17:35.0377 0x067c  NetMsmqActivator - ok
20:17:35.0407 0x067c  [ 9D0157074866FCF3EA2A07185D93FC72, C4107EE60ADA7E326DF7B27602166E9D57CB9982717605730BF7C7D2401E30A9 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:17:35.0421 0x067c  NetPipeActivator - ok
20:17:35.0463 0x067c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
20:17:35.0545 0x067c  netprofm - ok
20:17:35.0593 0x067c  [ 9D0157074866FCF3EA2A07185D93FC72, C4107EE60ADA7E326DF7B27602166E9D57CB9982717605730BF7C7D2401E30A9 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:17:35.0606 0x067c  NetTcpActivator - ok
20:17:35.0611 0x067c  [ 9D0157074866FCF3EA2A07185D93FC72, C4107EE60ADA7E326DF7B27602166E9D57CB9982717605730BF7C7D2401E30A9 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:17:35.0624 0x067c  NetTcpPortSharing - ok
20:17:35.0652 0x067c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:17:35.0664 0x067c  nfrd960 - ok
20:17:35.0702 0x067c  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:17:35.0767 0x067c  NlaSvc - ok
20:17:35.0792 0x067c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:17:35.0871 0x067c  Npfs - ok
20:17:35.0902 0x067c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
20:17:35.0966 0x067c  nsi - ok
20:17:35.0989 0x067c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:17:36.0045 0x067c  nsiproxy - ok
20:17:36.0149 0x067c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:17:36.0241 0x067c  Ntfs - ok
20:17:36.0259 0x067c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
20:17:36.0341 0x067c  Null - ok
20:17:36.0391 0x067c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:17:36.0408 0x067c  nvraid - ok
20:17:36.0448 0x067c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:17:36.0467 0x067c  nvstor - ok
20:17:36.0515 0x067c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:17:36.0531 0x067c  nv_agp - ok
20:17:36.0581 0x067c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:17:36.0618 0x067c  ohci1394 - ok
20:17:36.0668 0x067c  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:17:36.0682 0x067c  ose - ok
20:17:36.0898 0x067c  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:17:37.0114 0x067c  osppsvc - ok
20:17:37.0172 0x067c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:17:37.0264 0x067c  p2pimsvc - ok
20:17:37.0311 0x067c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
20:17:37.0374 0x067c  p2psvc - ok
20:17:37.0419 0x067c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:17:37.0463 0x067c  Parport - ok
20:17:37.0497 0x067c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:17:37.0513 0x067c  partmgr - ok
20:17:37.0564 0x067c  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:17:37.0594 0x067c  PcaSvc - ok
20:17:37.0638 0x067c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
20:17:37.0654 0x067c  pci - ok
20:17:37.0684 0x067c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:17:37.0695 0x067c  pciide - ok
20:17:37.0729 0x067c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:17:37.0747 0x067c  pcmcia - ok
20:17:37.0775 0x067c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:17:37.0788 0x067c  pcw - ok
20:17:37.0919 0x067c  [ 20372BE109FEE1C37E2D5216680DB9EB, 2C3737FB3C6BCF81D0A7293667412DDEA649A8AEA40B7ADCFCB9893E8B3C4AF3 ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
20:17:37.0959 0x067c  PDF Architect Helper Service - ok
20:17:38.0005 0x067c  [ B90A279073A815A4AA2C45A09EE004FA, 9EA27630C47F5FF99CBBE513C113F3ED01FABA0D59B9D9637764027BCC6EA24A ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
20:17:38.0032 0x067c  PDF Architect Service - ok
20:17:38.0083 0x067c  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:17:38.0142 0x067c  PEAUTH - ok
20:17:38.0225 0x067c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:17:38.0264 0x067c  PerfHost - ok
20:17:38.0348 0x067c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
20:17:38.0469 0x067c  pla - ok
20:17:38.0509 0x067c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:17:38.0545 0x067c  PlugPlay - ok
20:17:38.0569 0x067c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:17:38.0603 0x067c  PNRPAutoReg - ok
20:17:38.0631 0x067c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:17:38.0650 0x067c  PNRPsvc - ok
20:17:38.0713 0x067c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:17:38.0795 0x067c  PolicyAgent - ok
20:17:38.0826 0x067c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
20:17:38.0882 0x067c  Power - ok
20:17:38.0921 0x067c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:17:38.0974 0x067c  PptpMiniport - ok
20:17:39.0005 0x067c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:17:39.0031 0x067c  Processor - ok
20:17:39.0059 0x067c  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:17:39.0080 0x067c  ProfSvc - ok
20:17:39.0087 0x067c  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:17:39.0101 0x067c  ProtectedStorage - ok
20:17:39.0153 0x067c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:17:39.0200 0x067c  Psched - ok
20:17:39.0259 0x067c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:17:39.0344 0x067c  ql2300 - ok
20:17:39.0372 0x067c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:17:39.0386 0x067c  ql40xx - ok
20:17:39.0425 0x067c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
20:17:39.0451 0x067c  QWAVE - ok
20:17:39.0468 0x067c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:17:39.0505 0x067c  QWAVEdrv - ok
20:17:39.0556 0x067c  [ A55E7D0D873B2C97585B3B5926AC6ADE, 3BE3895DA7F0888E85B1941525878BA0846A8F215AD39ED8138BB39615468E32 ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
20:17:39.0574 0x067c  RapiMgr - ok
20:17:39.0597 0x067c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:17:39.0647 0x067c  RasAcd - ok
20:17:39.0687 0x067c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:17:39.0742 0x067c  RasAgileVpn - ok
20:17:39.0781 0x067c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
20:17:39.0837 0x067c  RasAuto - ok
20:17:39.0885 0x067c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:17:39.0928 0x067c  Rasl2tp - ok
20:17:39.0977 0x067c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
20:17:40.0038 0x067c  RasMan - ok
20:17:40.0088 0x067c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:17:40.0173 0x067c  RasPppoe - ok
20:17:40.0202 0x067c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:17:40.0265 0x067c  RasSstp - ok
20:17:40.0323 0x067c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:17:40.0404 0x067c  rdbss - ok
20:17:40.0429 0x067c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:17:40.0463 0x067c  rdpbus - ok
20:17:40.0502 0x067c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:17:40.0540 0x067c  RDPCDD - ok
20:17:40.0554 0x067c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:17:40.0591 0x067c  RDPENCDD - ok
20:17:40.0624 0x067c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:17:40.0675 0x067c  RDPREFMP - ok
20:17:40.0711 0x067c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:17:40.0742 0x067c  RDPWD - ok
20:17:40.0794 0x067c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:17:40.0825 0x067c  rdyboost - ok
20:17:40.0849 0x067c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:17:40.0892 0x067c  RemoteAccess - ok
20:17:40.0939 0x067c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:17:41.0010 0x067c  RemoteRegistry - ok
20:17:41.0071 0x067c  [ CAF88D6573D21CD2AA27001DDBFDC74D, 8256B93E586953F1B594BFFA1F005DB08325CAF1729A93820B09F60DAA998C97 ] RMCAST          C:\Windows\system32\DRIVERS\RMCAST.sys
20:17:41.0139 0x067c  RMCAST - ok
20:17:41.0171 0x067c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:17:41.0234 0x067c  RpcEptMapper - ok
20:17:41.0273 0x067c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
20:17:41.0286 0x067c  RpcLocator - ok
20:17:41.0324 0x067c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
20:17:41.0375 0x067c  RpcSs - ok
20:17:41.0407 0x067c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:17:41.0462 0x067c  rspndr - ok
20:17:41.0487 0x067c  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] SamSs           C:\Windows\system32\lsass.exe
20:17:41.0499 0x067c  SamSs - ok
20:17:41.0549 0x067c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:17:41.0573 0x067c  sbp2port - ok
20:17:41.0593 0x067c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:17:41.0652 0x067c  SCardSvr - ok
20:17:41.0675 0x067c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:17:41.0740 0x067c  scfilter - ok
20:17:41.0803 0x067c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
20:17:41.0930 0x067c  Schedule - ok
20:17:41.0967 0x067c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:17:42.0005 0x067c  SCPolicySvc - ok
20:17:42.0060 0x067c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:17:42.0120 0x067c  SDRSVC - ok
20:17:42.0163 0x067c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:17:42.0220 0x067c  secdrv - ok
20:17:42.0250 0x067c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
20:17:42.0317 0x067c  seclogon - ok
20:17:42.0349 0x067c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
20:17:42.0415 0x067c  SENS - ok
20:17:42.0420 0x067c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:17:42.0433 0x067c  SensrSvc - ok
20:17:42.0463 0x067c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:17:42.0494 0x067c  Serenum - ok
20:17:42.0542 0x067c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:17:42.0582 0x067c  Serial - ok
20:17:42.0638 0x067c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:17:42.0678 0x067c  sermouse - ok
20:17:42.0713 0x067c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
20:17:42.0773 0x067c  SessionEnv - ok
20:17:42.0810 0x067c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:17:42.0847 0x067c  sffdisk - ok
20:17:42.0867 0x067c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:17:42.0912 0x067c  sffp_mmc - ok
20:17:42.0934 0x067c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:17:42.0953 0x067c  sffp_sd - ok
20:17:42.0982 0x067c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:17:42.0998 0x067c  sfloppy - ok
20:17:43.0095 0x067c  [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
20:17:43.0129 0x067c  Sftfs - ok
20:17:43.0235 0x067c  [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
20:17:43.0266 0x067c  sftlist - ok
20:17:43.0309 0x067c  [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:17:43.0327 0x067c  Sftplay - ok
20:17:43.0364 0x067c  [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:17:43.0377 0x067c  Sftredir - ok
20:17:43.0395 0x067c  [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
20:17:43.0416 0x067c  Sftvol - ok
20:17:43.0461 0x067c  [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
20:17:43.0491 0x067c  sftvsa - ok
20:17:43.0540 0x067c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:17:43.0588 0x067c  SharedAccess - ok
20:17:43.0624 0x067c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:17:43.0712 0x067c  ShellHWDetection - ok
20:17:43.0738 0x067c  [ 1BC348CF6BAA90EC8E533EF6E6A69933, 2B26F6EB701F48E092DED6A7B888F24736F2899EE81D54DD4B1E9DF7CFD36E7A ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
20:17:43.0753 0x067c  SiSGbeLH - ok
20:17:43.0793 0x067c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:17:43.0806 0x067c  SiSRaid2 - ok
20:17:43.0823 0x067c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:17:43.0837 0x067c  SiSRaid4 - ok
20:17:43.0880 0x067c  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:17:43.0913 0x067c  SkypeUpdate - ok
20:17:43.0942 0x067c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:17:43.0981 0x067c  Smb - ok
20:17:44.0050 0x067c  [ 10450F432811D7FDA60A97FCC674D7B2, FD6245B06DD81C6E287DA47173D622357D86D84E3A5444CD34645973FE2E8BF5 ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
20:17:44.0066 0x067c  snapman - ok
20:17:44.0085 0x067c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:17:44.0100 0x067c  SNMPTRAP - ok
20:17:44.0197 0x067c  [ F06A6DE8438F7446BFF9E61F31356521, 6F8819013B4362A83793914282878047B3C3A42D2E978438AF47A7E9F12AA81C ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
20:17:44.0304 0x067c  SNP2UVC - ok
20:17:44.0349 0x067c  [ B785BC959F7B0514971A317CA86A2628, A282E67035D024D08C9F70D19B17A3CA5FC0424AD37C8FA0912DEFBF340A8FB0 ] SoehnleComfort  C:\Windows\system32\Drivers\SoehnleComfort_x64.sys
20:17:44.0378 0x067c  SoehnleComfort - ok
20:17:44.0402 0x067c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:17:44.0416 0x067c  spldr - ok
20:17:44.0468 0x067c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
20:17:44.0531 0x067c  Spooler - ok
20:17:44.0672 0x067c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
20:17:44.0916 0x067c  sppsvc - ok
20:17:44.0956 0x067c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:17:45.0042 0x067c  sppuinotify - ok
20:17:45.0115 0x067c  [ 86EBD8B1F23E743AAD21F4D5B4D40985, 8FA4DFDAE15712266B878C364FEFDB63CB30A3DCC25F83CDFE8C8AB3AE864BE6 ] SQLBrowser      C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
20:17:45.0142 0x067c  SQLBrowser - ok
20:17:45.0216 0x067c  [ 3C432A96363097870995E2A3C8B66ABD, AA0AE0935FC5317FE93D7D3C3B9A6B2E026915D07704AF3E36F14FEA8595F4A6 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:17:45.0236 0x067c  SQLWriter - ok
20:17:45.0290 0x067c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:17:45.0347 0x067c  srv - ok
20:17:45.0387 0x067c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:17:45.0436 0x067c  srv2 - ok
20:17:45.0490 0x067c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:17:45.0508 0x067c  srvnet - ok
20:17:45.0542 0x067c  [ F74634F46692C8315E7F37F698AF3225, 9518BC2A330B1908C4EE9762A91AD40B7A38F8A048ED966D40129479FE1D4080 ] sscebus         C:\Windows\system32\DRIVERS\sscebus.sys
20:17:45.0557 0x067c  sscebus - ok
20:17:45.0569 0x067c  [ 82732B391EFD69B0548044BE9CB37BFC, 047E7C3420434D778C20194742F52E9CCAA6D680426F66757C6465CB8BF4DC3C ] sscemdfl        C:\Windows\system32\DRIVERS\sscemdfl.sys
20:17:45.0580 0x067c  sscemdfl - ok
20:17:45.0616 0x067c  [ 43D56ACE4469D90F9790E8352D87D9B5, 946DA7F37197B9AFA2369E21583F1E554613C8D035AC98A03B5E72E253D7C21A ] sscemdm         C:\Windows\system32\DRIVERS\sscemdm.sys
20:17:45.0629 0x067c  sscemdm - ok
20:17:45.0659 0x067c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:17:45.0711 0x067c  SSDPSRV - ok
20:17:45.0732 0x067c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:17:45.0791 0x067c  SstpSvc - ok
20:17:45.0847 0x067c  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
20:17:45.0863 0x067c  ssudmdm - ok
20:17:46.0006 0x067c  [ 94A6522AC9F3E05FD039AD105ADE96D0, 50E62BDE650B55980F9166E4A1555D61E4652BF7C442A402A39F4DAD9119B0EE ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe
20:17:46.0055 0x067c  STacSV - ok
20:17:46.0085 0x067c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:17:46.0101 0x067c  stexstor - ok
20:17:46.0154 0x067c  [ DDB811B13D827081E7C1DDFF302AB334, D2C86644ECD6DC20815766874FF15CAF3DEEBBD2E452E146492719518CECC5CE ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
20:17:46.0206 0x067c  STHDA - ok
20:17:46.0269 0x067c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
20:17:46.0342 0x067c  stisvc - ok
20:17:46.0381 0x067c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:17:46.0392 0x067c  swenum - ok
20:17:46.0430 0x067c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
20:17:46.0532 0x067c  swprv - ok
20:17:46.0616 0x067c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
20:17:46.0714 0x067c  SysMain - ok
20:17:46.0752 0x067c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:17:46.0794 0x067c  TabletInputService - ok
20:17:46.0836 0x067c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:17:46.0894 0x067c  TapiSrv - ok
20:17:46.0923 0x067c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
20:17:46.0989 0x067c  TBS - ok
20:17:47.0082 0x067c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:17:47.0191 0x067c  Tcpip - ok
20:17:47.0249 0x067c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:17:47.0304 0x067c  TCPIP6 - ok
20:17:47.0344 0x067c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:17:47.0375 0x067c  tcpipreg - ok
20:17:47.0417 0x067c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:17:47.0453 0x067c  TDPIPE - ok
20:17:47.0553 0x067c  [ 99527D49EE0A96FC25537C61B270A372, 519E23F86EC86349F92C4A88DBD19C097AEE0A6E152776B32B45D293ED14946B ] tdrpman273      C:\Windows\system32\DRIVERS\tdrpm273.sys
20:17:47.0624 0x067c  tdrpman273 - ok
20:17:47.0659 0x067c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:17:47.0688 0x067c  TDTCP - ok
20:17:47.0729 0x067c  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:17:47.0761 0x067c  tdx - ok
20:17:47.0814 0x067c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:17:47.0830 0x067c  TermDD - ok
20:17:47.0898 0x067c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
20:17:47.0972 0x067c  TermService - ok
20:17:47.0994 0x067c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
20:17:48.0026 0x067c  Themes - ok
20:17:48.0055 0x067c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
20:17:48.0100 0x067c  THREADORDER - ok
20:17:48.0174 0x067c  [ EBBAEA02F0095A798000C7E06B16D41B, CBEAC6CBF0F8D5B72ACCBADA6BD1DF1EB31F84B0D973DA955337991D4DBBDF7E ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
20:17:48.0243 0x067c  timounter - ok
20:17:48.0292 0x067c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
20:17:48.0355 0x067c  TrkWks - ok
20:17:48.0429 0x067c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:17:48.0482 0x067c  TrustedInstaller - ok
20:17:48.0516 0x067c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:17:48.0570 0x067c  tssecsrv - ok
20:17:48.0630 0x067c  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:17:48.0658 0x067c  TsUsbFlt - ok
20:17:48.0722 0x067c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:17:48.0781 0x067c  tunnel - ok
20:17:48.0836 0x067c  [ C45A3E051C65106A28982CAED125F855, 9164708ABC6B1BA804B8297AA4EEBC65C4BDD4D399AD6CBAB9C66BB7AA9020E8 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
20:17:48.0848 0x067c  TurboB - ok
20:17:48.0885 0x067c  [ BAEF86EBEAECE76573FA822DEA256F6C, B845AB0AACCCF4C2D4A8DD152C57C52416C5938FB3FEB670DB5434FA95620F3B ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
20:17:48.0906 0x067c  TurboBoost - ok
20:17:48.0928 0x067c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:17:48.0943 0x067c  uagp35 - ok
20:17:48.0994 0x067c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:17:49.0081 0x067c  udfs - ok
20:17:49.0117 0x067c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:17:49.0159 0x067c  UI0Detect - ok
20:17:49.0228 0x067c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:17:49.0246 0x067c  uliagpkx - ok
20:17:49.0291 0x067c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:17:49.0318 0x067c  umbus - ok
20:17:49.0349 0x067c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:17:49.0394 0x067c  UmPass - ok
20:17:49.0533 0x067c  [ 41118D920B2B268C0ADC36421248CDCF, 4F99C4913DCFE02B0783FD97F02558E4DD4D7C98553D95A8E26FAAA0C0D67616 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:17:49.0659 0x067c  UNS - detected UnsignedFile.Multi.Generic ( 1 )
20:17:49.0659 0x067c  UNS ( UnsignedFile.Multi.Generic ) - warning
20:17:49.0705 0x067c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
20:17:49.0789 0x067c  upnphost - ok
20:17:49.0855 0x067c  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:17:49.0910 0x067c  usbaudio - ok
20:17:49.0943 0x067c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:17:49.0975 0x067c  usbccgp - ok
20:17:50.0020 0x067c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:17:50.0057 0x067c  usbcir - ok
20:17:50.0085 0x067c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
20:17:50.0104 0x067c  usbehci - ok
20:17:50.0134 0x067c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:17:50.0160 0x067c  usbhub - ok
20:17:50.0192 0x067c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:17:50.0232 0x067c  usbohci - ok
20:17:50.0279 0x067c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:17:50.0300 0x067c  usbprint - ok
20:17:50.0341 0x067c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:17:50.0359 0x067c  USBSTOR - ok
20:17:50.0398 0x067c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:17:50.0434 0x067c  usbuhci - ok
20:17:50.0476 0x067c  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:17:50.0513 0x067c  usbvideo - ok
20:17:50.0562 0x067c  [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
20:17:50.0596 0x067c  usb_rndisx - ok
20:17:50.0624 0x067c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
20:17:50.0689 0x067c  UxSms - ok
20:17:50.0710 0x067c  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] VaultSvc        C:\Windows\system32\lsass.exe
20:17:50.0722 0x067c  VaultSvc - ok
20:17:50.0797 0x067c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:17:50.0811 0x067c  vdrvroot - ok
20:17:50.0853 0x067c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
20:17:50.0948 0x067c  vds - ok
20:17:50.0991 0x067c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:17:51.0020 0x067c  vga - ok
20:17:51.0032 0x067c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:17:51.0071 0x067c  VgaSave - ok
20:17:51.0099 0x067c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:17:51.0115 0x067c  vhdmp - ok
20:17:51.0138 0x067c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:17:51.0149 0x067c  viaide - ok
20:17:51.0200 0x067c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:17:51.0215 0x067c  volmgr - ok
20:17:51.0255 0x067c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:17:51.0279 0x067c  volmgrx - ok
20:17:51.0329 0x067c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:17:51.0358 0x067c  volsnap - ok
20:17:51.0388 0x067c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:17:51.0403 0x067c  vsmraid - ok
20:17:51.0508 0x067c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
20:17:51.0637 0x067c  VSS - ok
20:17:51.0658 0x067c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:17:51.0692 0x067c  vwifibus - ok
20:17:51.0713 0x067c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:17:51.0756 0x067c  vwififlt - ok
20:17:51.0795 0x067c  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
20:17:51.0831 0x067c  vwifimp - ok
20:17:51.0869 0x067c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
20:17:51.0920 0x067c  W32Time - ok
20:17:51.0940 0x067c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:17:52.0059 0x067c  WacomPen - ok
20:17:52.0132 0x067c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:17:52.0181 0x067c  WANARP - ok
20:17:52.0212 0x067c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:17:52.0252 0x067c  Wanarpv6 - ok
20:17:52.0324 0x067c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:17:52.0398 0x067c  WatAdminSvc - ok
20:17:52.0500 0x067c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
20:17:52.0588 0x067c  wbengine - ok
20:17:52.0620 0x067c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:17:52.0668 0x067c  WbioSrvc - ok
20:17:52.0697 0x067c  [ 8BDA6DB43AA54E8BB5E0794541DDC209, 8753C507BE77B019A3403AF5252434A01DB9F9332E58AC3783ABCE3D21AD9DD4 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
20:17:52.0720 0x067c  WcesComm - ok
20:17:52.0782 0x067c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:17:52.0879 0x067c  wcncsvc - ok
20:17:52.0909 0x067c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:17:52.0940 0x067c  WcsPlugInService - ok
20:17:52.0981 0x067c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:17:52.0993 0x067c  Wd - ok
20:17:53.0022 0x067c  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
20:17:53.0062 0x067c  WDC_SAM - ok
20:17:53.0133 0x067c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:17:53.0175 0x067c  Wdf01000 - ok
20:17:53.0217 0x067c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:17:53.0248 0x067c  WdiServiceHost - ok
20:17:53.0253 0x067c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:17:53.0268 0x067c  WdiSystemHost - ok
20:17:53.0332 0x067c  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
20:17:53.0370 0x067c  WebClient - ok
20:17:53.0417 0x067c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:17:53.0468 0x067c  Wecsvc - ok
20:17:53.0488 0x067c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:17:53.0529 0x067c  wercplsupport - ok
20:17:53.0562 0x067c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:17:53.0615 0x067c  WerSvc - ok
20:17:53.0643 0x067c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:17:53.0680 0x067c  WfpLwf - ok
20:17:53.0720 0x067c  [ 52DED146E4797E6CCF94799E8E22BB2A, 57A29260D81AA3AD3F8C29E9CFA7CE3970D7A8BF673ADD9B256EE76C7DEC080E ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
20:17:53.0736 0x067c  WimFltr - ok
20:17:53.0772 0x067c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:17:53.0785 0x067c  WIMMount - ok
20:17:53.0800 0x067c  WinDefend - ok
20:17:53.0807 0x067c  WinHttpAutoProxySvc - ok
20:17:53.0874 0x067c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:17:53.0929 0x067c  Winmgmt - ok
20:17:54.0039 0x067c  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
20:17:54.0131 0x067c  WinRM - ok
20:17:54.0192 0x067c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:17:54.0209 0x067c  WinUsb - ok
20:17:54.0267 0x067c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:17:54.0354 0x067c  Wlansvc - ok
20:17:54.0384 0x067c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:17:54.0430 0x067c  WmiAcpi - ok
20:17:54.0464 0x067c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:17:54.0508 0x067c  wmiApSrv - ok
20:17:54.0547 0x067c  WMPNetworkSvc - ok
20:17:54.0572 0x067c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:17:54.0589 0x067c  WPCSvc - ok
20:17:54.0634 0x067c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:17:54.0651 0x067c  WPDBusEnum - ok
20:17:54.0680 0x067c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:17:54.0727 0x067c  ws2ifsl - ok
20:17:54.0744 0x067c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
20:17:54.0787 0x067c  wscsvc - ok
20:17:54.0836 0x067c  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
20:17:54.0865 0x067c  WSDPrintDevice - ok
20:17:54.0869 0x067c  WSearch - ok
20:17:54.0989 0x067c  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:17:55.0129 0x067c  wuauserv - ok
20:17:55.0165 0x067c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:17:55.0179 0x067c  WudfPf - ok
20:17:55.0238 0x067c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:17:55.0274 0x067c  WUDFRd - ok
20:17:55.0312 0x067c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:17:55.0361 0x067c  wudfsvc - ok
20:17:55.0414 0x067c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:17:55.0477 0x067c  WwanSvc - ok
20:17:55.0530 0x067c  ================ Scan global ===============================
20:17:55.0552 0x067c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
20:17:55.0601 0x067c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:17:55.0631 0x067c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:17:55.0659 0x067c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:17:55.0711 0x067c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
20:17:55.0739 0x067c  [ Global ] - ok
20:17:55.0739 0x067c  ================ Scan MBR ==================================
20:17:55.0752 0x067c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:17:56.0219 0x067c  \Device\Harddisk0\DR0 - ok
20:17:56.0225 0x067c  [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR1
20:17:56.0442 0x067c  \Device\Harddisk1\DR1 - ok
20:17:56.0442 0x067c  ================ Scan VBR ==================================
20:17:56.0548 0x067c  [ A4E23AA947AB71247B0A928A0E4337BE ] \Device\Harddisk0\DR0\Partition1
20:17:56.0551 0x067c  \Device\Harddisk0\DR0\Partition1 - ok
20:17:56.0572 0x067c  [ D1997FEB3D36FF5794962119413C6BDA ] \Device\Harddisk0\DR0\Partition2
20:17:56.0577 0x067c  \Device\Harddisk0\DR0\Partition2 - ok
20:17:56.0583 0x067c  [ DEB214E75DA68178B41BE4346E7E138A ] \Device\Harddisk1\DR1\Partition1
20:17:56.0586 0x067c  \Device\Harddisk1\DR1\Partition1 - ok
20:17:56.0587 0x067c  ================ Scan generic autorun ======================
20:17:56.0667 0x067c  [ 68161603C58407CBE4099D9CD739E0D1, CAA67722A810DC9165950399A0C15D2D7B3472AC0AA0EB5D0904ECC4D5BD7B8E ] C:\Program Files\Elantech\ETDCtrl.exe
20:17:56.0718 0x067c  ETDWare - ok
20:17:56.0836 0x067c  [ 9DEA654E4D9820958D6B4D1EBAF2F31E, 526599AE6A3949AC43EAFA3A5F881A50BBC6549F3F3A0F00E2309E210ABFF40C ] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
20:17:56.0884 0x067c  ASUS WebStorage - ok
20:17:56.0998 0x067c  [ 06C2C34EA4C666835C6AB492976C0BA1, E47662ED93191B425709F2221BB3C776D06506C120DC94562896A5463188F2E8 ] C:\Program Files\IDT\WDM\sttray64.exe
20:17:57.0077 0x067c  SysTrayApp - ok
20:17:57.0154 0x067c  [ DFAC78508DEFE8841DA4CDD1FA472C1A, A9055BD9C27E53F89E847C66FF73E090419CFDBFB51CA59645800E426476097E ] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
20:17:57.0204 0x067c  AmIcoSinglun64 - detected UnsignedFile.Multi.Generic ( 1 )
20:17:57.0204 0x067c  AmIcoSinglun64 ( UnsignedFile.Multi.Generic ) - warning
20:17:57.0254 0x067c  [ 233A10D4B3F6897899112E4EC60F1906, 1F7E768E57064938114DF2EFC5B219EB0D30A7D9E574924E9CED054462505AF0 ] C:\Windows\WindowsMobile\wmdcBase.exe
20:17:57.0286 0x067c  Windows Mobile-based device management - ok
20:17:57.0369 0x067c  [ 0289E88293C2E6C6CF5FF8514F5FE37F, 042B8041095E2858AC48CF8035F525DE46077EB05EBF7A530448BF0AC29D7D1F ] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
20:17:57.0403 0x067c  Acronis Scheduler2 Service - ok
20:17:57.0442 0x067c  [ 617565F33BDFCC355C727D1570E88488, 19E1DCAE69D1A378295EC9D70ABD36597C96438C0A3724FF0ED38D6DB359E000 ] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk
20:17:57.0476 0x067c  Boingo Wi-Fi - detected UnsignedFile.Multi.Generic ( 1 )
20:17:57.0477 0x067c  Boingo Wi-Fi ( UnsignedFile.Multi.Generic ) - warning
20:17:57.0540 0x067c  [ E96857D927626076104CFC5A9D237F91, B5B50B144E24DE29E03FB913B3A5A7553448FEB75607798EFE4A4B8B272FA31F ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
20:17:57.0555 0x067c  StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
20:17:57.0556 0x067c  StartCCC ( UnsignedFile.Multi.Generic ) - warning
20:17:57.0819 0x067c  [ 6529C89512CE4498919BDC512572F82C, DFF9BB4BFAFE8BA2E1F13B668C6E010FD18591B0CECF65574EA5E14143C79A83 ] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
20:17:57.0985 0x067c  ATKOSD2 - ok
20:17:58.0019 0x067c  [ 5666955DC9FD455A003D86A21E0483A9, 359E2B5857269EDCE395D6171642EAC8B23170AA5266932B2BAE1E5955E8FE77 ] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
20:17:58.0030 0x067c  ATKMEDIA - ok
20:17:58.0047 0x067c  [ 5AEBF6FA9805C9101220AA4FB4FA17E7, A9B2FC41380211A6C44E839A95676A5BA868CEEBB56D83A780230434C2A20836 ] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
20:17:58.0057 0x067c  HControlUser - ok
20:17:58.0215 0x067c  [ 9141D57AC63F8A69216852E9A697DE8F, C3828B077C88A71E9F8C4AB5A446CA65E0A3EE2BE7546A9160F53E45D7B23713 ] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
20:17:58.0280 0x067c  SAOB Monitor - ok
20:17:58.0496 0x067c  [ 96BC5E41BF5102F343B92ACE49D6940D, D5308A2D873785CE7C8BC21D08D30B4DF21F80B69B181B8546B3D1824223E3B4 ] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
20:17:58.0638 0x067c  TrueImageMonitor.exe - ok
20:17:58.0851 0x067c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:17:58.0961 0x067c  Sidebar - ok
20:17:59.0003 0x067c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:17:59.0063 0x067c  mctadmin - ok
20:17:59.0098 0x067c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:17:59.0137 0x067c  Sidebar - ok
20:17:59.0144 0x067c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:17:59.0163 0x067c  mctadmin - ok
20:17:59.0240 0x067c  [ AC43952EA7D028BD35099391DB2FF599, 1D688F98C3158D91F873421663B7BD60DA3A35DCF793792B9D398D5DFC9050F0 ] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
20:17:59.0262 0x067c  Syncables - ok
20:17:59.0412 0x067c  [ 40F7401928355A1515199676A5D00CDC, 4F16DE77F0BD7D1F9F61AE5712B3FD7BD53D19DCCEF88925E10180EF040A8E0B ] C:\Users\Zeeh\AppData\Local\Apps\2.0\5H6GP0O6.A8T\ODMZ84MY.LH2\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe
20:17:59.0458 0x067c  AVMUSBFernanschluss - detected UnsignedFile.Multi.Generic ( 1 )
20:17:59.0458 0x067c  AVMUSBFernanschluss ( UnsignedFile.Multi.Generic ) - warning
20:17:59.0525 0x067c  AV detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\wmiav.exe ( 15.0.1.415 ), 0x41000 ( enabled : updated )
20:17:59.0548 0x067c  FW detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\wmifw.exe ( 15.0.1.415 ), 0x41010 ( enabled )
20:17:59.0549 0x067c  ============================================================
20:17:59.0549 0x067c  Scan finished
20:17:59.0549 0x067c  ============================================================
20:17:59.0565 0x1af0  Detected object count: 9
20:17:59.0565 0x1af0  Actual detected object count: 9
20:18:27.0941 0x1af0  BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:18:27.0941 0x1af0  BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:18:27.0944 0x1af0  ICM_UpdaterService ( UnsignedFile.Multi.Generic ) - skipped by user
20:18:27.0944 0x1af0  ICM_UpdaterService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:18:27.0946 0x1af0  Internet Manager. RunOuc ( UnsignedFile.Multi.Generic ) - skipped by user
20:18:27.0946 0x1af0  Internet Manager. RunOuc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:18:27.0948 0x1af0  LMS ( UnsignedFile.Multi.Generic ) - skipped by user
20:18:27.0949 0x1af0  LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:18:27.0950 0x1af0  UNS ( UnsignedFile.Multi.Generic ) - skipped by user
20:18:27.0950 0x1af0  UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:18:27.0951 0x1af0  AmIcoSinglun64 ( UnsignedFile.Multi.Generic ) - skipped by user
20:18:27.0951 0x1af0  AmIcoSinglun64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:18:27.0952 0x1af0  Boingo Wi-Fi ( UnsignedFile.Multi.Generic ) - skipped by user
20:18:27.0952 0x1af0  Boingo Wi-Fi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:18:27.0954 0x1af0  StartCCC ( UnsignedFile.Multi.Generic ) - skipped by user
20:18:27.0954 0x1af0  StartCCC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:18:27.0955 0x1af0  AVMUSBFernanschluss ( UnsignedFile.Multi.Generic ) - skipped by user
20:18:27.0955 0x1af0  AVMUSBFernanschluss ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 18.03.2015, 11:49   #8
schrauber
/// the machine
/// TB-Ausbilder
 

bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt - Standard

bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.03.2015, 16:34   #9
team
 
bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt - Standard

bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt



Code:
ATTFilter
ComboFix 15-03-14.03 - Zeeh 18.03.2015  16:20:35.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3949.1868 [GMT 1:00]
ausgeführt von:: c:\users\Zeeh\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Zeeh\AppData\Local\Clean Browser
c:\users\Zeeh\AppData\Local\Clean Browser\firefox\background.html
c:\users\Zeeh\AppData\Local\Clean Browser\firefox\chrome.manifest
c:\users\Zeeh\AppData\Local\Clean Browser\firefox\extension_info.json
c:\users\Zeeh\AppData\Local\Clean Browser\firefox\framework-ui\contentNotification.tmpl
c:\users\Zeeh\AppData\Local\Clean Browser\firefox\framework-ui\contentNotificationStyle.tmpl
c:\users\Zeeh\AppData\Local\Clean Browser\firefox\icons\button.png
c:\users\Zeeh\AppData\Local\Clean Browser\firefox\icons\icon100.png
c:\users\Zeeh\AppData\Local\Clean Browser\firefox\icons\icon128.png
c:\users\Zeeh\AppData\Local\Clean Browser\firefox\icons\icon32.png
c:\users\Zeeh\AppData\Local\Clean Browser\firefox\icons\icon48.png
c:\users\Zeeh\AppData\Local\Clean Browser\firefox\install.rdf
c:\users\Zeeh\AppData\Local\Clean Browser\icon.ico
c:\users\Zeeh\AppData\Local\Clean Browser\info.xml
c:\windows\msvcr71.dll
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-02-18 bis 2015-03-18  ))))))))))))))))))))))))))))))
.
.
2015-03-18 15:29 . 2015-03-18 15:29	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\temp
2015-03-18 15:29 . 2015-03-18 15:29	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-03-17 17:59 . 2015-03-17 17:59	--------	d-----w-	c:\programdata\Malwarebytes
2015-03-17 17:59 . 2015-03-18 06:44	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-03-17 17:58 . 2015-03-17 18:42	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-17 17:57 . 2015-03-17 18:36	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-03-13 15:19 . 2015-03-13 15:21	--------	d-----w-	c:\programdata\TuneUp Software
2015-03-13 15:19 . 2015-03-13 15:19	--------	d-sh--w-	c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-03-13 07:45 . 2015-03-13 07:45	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2015-03-11 07:16 . 2015-02-03 03:31	215552	----a-w-	c:\windows\system32\ubpm.dll
2015-03-11 07:16 . 2015-02-03 03:12	171520	----a-w-	c:\windows\SysWow64\ubpm.dll
2015-03-08 15:25 . 2015-03-08 15:25	--------	d-----w-	c:\program files (x86)\VS Revo Group
2015-03-08 15:19 . 2015-03-14 18:03	--------	d-----w-	C:\FRST
2015-03-06 16:33 . 2015-03-12 14:29	--------	d-----w-	C:\AdwCleaner
2015-02-26 06:40 . 2015-01-09 03:14	91136	----a-w-	c:\windows\system32\wdi.dll
2015-02-26 06:40 . 2015-01-09 03:14	950272	----a-w-	c:\windows\system32\perftrack.dll
2015-02-26 06:40 . 2015-01-09 03:14	29696	----a-w-	c:\windows\system32\powertracker.dll
2015-02-26 06:40 . 2015-01-09 02:48	76800	----a-w-	c:\windows\SysWow64\wdi.dll
2015-02-26 06:36 . 2015-02-26 06:38	--------	d-----w-	c:\program files (x86)\Bookmark Search
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-17 08:05 . 2011-01-01 13:23	45056	----a-w-	c:\windows\system32\acovcnt.exe
2015-03-11 19:01 . 2011-01-09 16:52	122905848	----a-w-	c:\windows\system32\MRT.exe
2015-03-11 06:55 . 2014-08-20 17:04	819896	----a-w-	c:\windows\system32\drivers\klif.sys
2015-02-06 13:59 . 2015-01-20 13:21	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-06 13:59 . 2015-01-20 13:21	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-06 08:17 . 2015-02-06 08:17	20	----a-w-	c:\users\Zeeh\AppData\Roaming\appdataFr3.bin
2015-02-04 03:16 . 2015-02-11 07:49	609280	----a-w-	c:\windows\system32\generaltel.dll
2015-02-04 03:16 . 2015-02-11 07:49	762368	----a-w-	c:\windows\system32\invagent.dll
2015-02-04 03:16 . 2015-02-11 07:49	414720	----a-w-	c:\windows\system32\devinv.dll
2015-02-04 03:16 . 2015-02-11 07:49	894976	----a-w-	c:\windows\system32\appraiser.dll
2015-02-04 03:16 . 2015-02-11 07:49	227328	----a-w-	c:\windows\system32\aepdu.dll
2015-02-04 03:16 . 2015-02-11 07:49	192000	----a-w-	c:\windows\system32\aepic.dll
2015-02-04 03:13 . 2015-02-11 07:49	1098752	----a-w-	c:\windows\system32\aeinv.dll
2015-01-27 23:36 . 2015-02-11 07:49	1239720	----a-w-	c:\windows\system32\aitstatic.exe
2015-01-07 19:54 . 2015-01-15 17:18	370688	----a-w-	c:\windows\system32\ColorMedia64.dll
2015-01-01 09:52 . 2014-08-13 18:34	77512	----a-w-	c:\windows\system32\drivers\klwtp.sys
2015-01-01 09:52 . 2014-08-18 13:43	150536	----a-w-	c:\windows\system32\drivers\klflt.sys
2014-12-19 03:06 . 2015-01-14 07:36	210432	----a-w-	c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 07:36	141312	----a-w-	c:\windows\system32\drivers\mrxdav.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-04-05 370480]
"AVMUSBFernanschluss"="c:\users\Zeeh\AppData\Local\Apps\2.0\5H6GP0O6.A8T\ODMZ84MY.LH2\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe" [2012-12-30 139264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-08-10 2429]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-11 98304]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-11-16 2570688]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-02-01 5583056]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"LexwareInfoService"="c:\program files (x86)\Lexware\Update Manager\LxUpdateManager.exe" [2014-09-26 196648]
.
c:\users\Zeeh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 c4791e60;PragmaInit;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ICM_UpdaterService;ICM_UpdaterService Disp;c:\program files (x86)\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe;c:\program files (x86)\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe [x]
R2 Internet Manager. RunOuc;Internet Manager. OUC;c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe;c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [x]
R2 Lexware_Update_Service;Lexware Update Service;c:\program files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe;c:\program files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 cpuz134;cpuz134;c:\users\Zeeh\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Zeeh\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 SoehnleComfort;SoehnleComfort;c:\windows\system32\Drivers\SoehnleComfort_x64.sys;c:\windows\SYSNATIVE\Drivers\SoehnleComfort_x64.sys [x]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys;c:\windows\SYSNATIVE\DRIVERS\sscebus.sys [x]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys;c:\windows\SYSNATIVE\DRIVERS\sscemdfl.sys [x]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys;c:\windows\SYSNATIVE\DRIVERS\sscemdm.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK);c:\windows\system32\DRIVERS\cm_km_w.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km_w.sys [x]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys;c:\windows\SYSNATIVE\DRIVERS\tdrpm273.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 Klwtp;Klwtp;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 AVP15.0.1;Kaspersky Anti-Virus Service 15.0.1;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x]
S2 MSSQL$JTLWAWI;SQL Server (JTLWAWI);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys;c:\windows\SYSNATIVE\DRIVERS\avmaudio.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-20 13:59]
.
2015-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12 18:15]
.
2015-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12 18:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-11-27 487424]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-06 391240]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: {{09A10376-994C-4BBF-9121-F50CF7BA237E} - {F2A56BFE-7911-451A-BC74-A9C3C2E95126} - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{71D837ED-CC19-43D6-85CD-C31CF2544AFB}: NameServer = 10.28.253.1
TCP: Interfaces\{7C558398-EC4A-4217-8340-B8175260889E}: NameServer = 10.74.210.210 10.74.210.211
TCP: Interfaces\{C0663D1D-BDC9-4584-9089-F11218133256}\4586F6D6F54403034343331363: NameServer = 10.28.253.1
TCP: Interfaces\{EA51E0A4-6976-447B-9AFB-E271A9B20C96}: NameServer = 10.74.210.210 10.74.210.211
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2012-10-22 21:20; 64ffxtbr@TelevisionFanatic.com; c:\program files (x86)\TelevisionFanatic\bar\1.bin
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-gmsd_de_100 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-03-18  16:33:04
ComboFix-quarantined-files.txt  2015-03-18 15:33
.
Vor Suchlauf: 14 Verzeichnis(se), 100.350.279.680 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 100.269.625.344 Bytes frei
.
- - End Of File - - 83091ADDFA58EEDCBDF6611332DA156C
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 19.03.2015, 09:26   #10
schrauber
/// the machine
/// TB-Ausbilder
 

bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt - Standard

bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.03.2015, 17:17   #11
team
 
bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt - Standard

bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt



Hallo,

Teil 1 mbam:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 19.03.2015
Suchlauf-Zeit: 16:00:56
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.19.04
Rootkit Datenbank: v2015.02.25.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Zeeh

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 371031
Verstrichene Zeit: 30 Min, 48 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 5
PUP.Optional.CleanBrowser.A, HKLM\SOFTWARE\WOW6432NODE\Clean Browser, In Quarantäne, [0f5163e45c2e1f176289ad26867dee12], 
PUP.Optional.Shopperz.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, In Quarantäne, [c49c56f10783cd6949633778877c56aa], 
PUP.Optional.Spigot.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings, In Quarantäne, [0957bc8b0684082e82005fd68c79eb15], 
PUP.Optional.Shopperz.A, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, In Quarantäne, [17495ee98ffb46f0bbf1208fad56de22], 
PUP.Optional.Shopperz.A, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, In Quarantäne, [d48c33142a60280e64488e2152b153ad], 

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 8
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\AppFramework, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\CanvasFramework, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\theme, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\theme\bubble, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\icons, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 

Dateien: 28
PUP.Optional.ZombieInvasion.A, C:\ProgramData\HDAcSOJgH\dat\kDdtoAN.dll, In Quarantäne, [adb3d077157588ae87de00dd32d343bd], 
PUP.Optional.ZombieNews.A, C:\ProgramData\HDAcSOJgH\dat\lFKBEXLHD.exe, In Quarantäne, [f07079cee2a81323c56a6f56c53c966a], 
PUP.Optional.Multiplug, C:\Program Files (x86)\PragmaInit\PragmaInit.dll, In Quarantäne, [8ad6a0a76f1bc96de02755d947bbe818], 
PUP.Optional.Spigot.A, C:\Windows\Installer\68419.msi, In Quarantäne, [ca9643042c5e83b31c881abdd52c4bb5], 
PUP.Optional.ColorMedia.A, C:\Windows\SysWOW64\ColorMedia.ini, In Quarantäne, [0e52ad9adab053e3b40c1f1b80858e72], 
PUP.Optional.Winsock.Hijack, C:\Windows\System32\ColorMedia64.dll, In Quarantäne, [acb472d5f89276c09d00b88b16ef05fb], 
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\background.html, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\config.xml, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\extension_info.json, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\context_menu_item_handler.html, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\notification.html, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\theme\bubble\bottom-left.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\theme\bubble\bottom-middle.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\theme\bubble\bottom-right.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\theme\bubble\middle-left.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\theme\bubble\middle-right.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\theme\bubble\tail-bottom.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\theme\bubble\tail-left.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\theme\bubble\tail-right.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\theme\bubble\tail-top.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\theme\bubble\top-left.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\theme\bubble\top-middle.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\theme\bubble\top-right.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\icons\button.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\icons\icon100.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\icons\icon128.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\icons\icon32.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 
PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\icons\icon48.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         

Teil 2 Adwcleaner:
Code:
ATTFilter
# AdwCleaner v4.112 - Bericht erstellt 19/03/2015 um 16:49:45
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-15.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Zeeh - ZEEH-PC
# Gestarted von : C:\Users\Zeeh\Desktop\AdwCleaner_4.112.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : c4791e60

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\PragmaInit

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v36.0.1 (x86 de)


-\\ Google Chrome v41.0.2272.89


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [21600 Bytes] - [06/03/2015 17:33:56]
AdwCleaner[R1].txt - [1008 Bytes] - [12/03/2015 14:24:28]
AdwCleaner[R2].txt - [1225 Bytes] - [12/03/2015 15:13:10]
AdwCleaner[R3].txt - [1245 Bytes] - [12/03/2015 15:20:07]
AdwCleaner[R4].txt - [1363 Bytes] - [12/03/2015 15:28:01]
AdwCleaner[R5].txt - [1539 Bytes] - [19/03/2015 16:47:59]
AdwCleaner[S0].txt - [19545 Bytes] - [06/03/2015 17:36:14]
AdwCleaner[S1].txt - [1069 Bytes] - [12/03/2015 14:27:27]
AdwCleaner[S2].txt - [1287 Bytes] - [12/03/2015 15:15:13]
AdwCleaner[S3].txt - [1307 Bytes] - [12/03/2015 15:22:28]
AdwCleaner[S4].txt - [1465 Bytes] - [19/03/2015 16:49:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1524  Bytes] ##########
         
Teil 3 JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows 7 Home Premium x64
Ran by Zeeh on 19.03.2015 at 16:57:52,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Zeeh\AppData\Roaming\mozilla\firefox\profiles\3aglzgxk.default\minidumps [458 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.03.2015 at 17:03:50,01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Und nach einem neuen Scan die Frst

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Zeeh (administrator) on ZEEH-PC on 19-03-2015 17:06:40
Running from C:\Users\Zeeh\Downloads
Loaded Profiles: Zeeh (Available profiles: Zeeh)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\lexware\Update Service\Hmg.InstallationService.Service.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Windows\AsScrPro.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\lexware\Update Manager\LxUpdateManager.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Zeeh\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-27] (IDT, Inc.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [391240 2010-12-06] (Acronis)
HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-08-10] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-11-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-27] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-20] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [SAOB Monitor] => C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2570688 2010-11-16] (Acronis)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5583056 2011-02-01] (Acronis)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [196648 2014-09-26] (Haufe-Lexware GmbH & Co. KG)
HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\Run: [Syncables] => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-04-05] (syncables, LLC)
HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\Run: [AVMUSBFernanschluss] => C:\Users\Zeeh\AppData\Local\Apps\2.0\5H6GP0O6.A8T\ODMZ84MY.LH2\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe [139264 2012-12-30] (AVM Berlin)
Startup: C:\Users\Zeeh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1571306010-3709694829-1092883663-1000 -> {393DB63D-0E30-47F8-9F47-71AA303F4DE0} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1571306010-3709694829-1092883663-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
Toolbar: HKU\S-1-5-21-1571306010-3709694829-1092883663-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{71D837ED-CC19-43D6-85CD-C31CF2544AFB}: [NameServer] 10.28.253.1
Tcpip\..\Interfaces\{7C558398-EC4A-4217-8340-B8175260889E}: [NameServer] 10.74.210.210 10.74.210.211
Tcpip\..\Interfaces\{EA51E0A4-6976-447B-9AFB-E271A9B20C96}: [NameServer] 10.74.210.210 10.74.210.211

FireFox:
========
FF ProfilePath: C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default
FF Homepage: google.de
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Windows\SysWOW64\npdeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-01] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-01] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-01] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Extension: Zoom It - C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default\Extensions\{ff49035a-bfb7-0c69-8ed7-a5c9051b0b84} [2015-03-18]
FF Extension: PageRank Client - C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default\Extensions\pagerank-client@koeniglich.ch.xpi [2012-04-04]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-05-10]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-01]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-01]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-01]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR Profile: C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-12]
CHR Extension: (Google Docs) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-12]
CHR Extension: (Google Drive) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-12]
CHR Extension: (YouTube) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-12]
CHR Extension: (Google Search) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-12]
CHR Extension: (Kaspersky Protection) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-03-12]
CHR Extension: (Google Sheets) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-12]
CHR Extension: (Gmail) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-12]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 ICM_UpdaterService; C:\Program Files (x86)\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe [204883 2011-03-18] () [File not signed]
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [671744 2013-02-05] () [File not signed]
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [64552 2014-10-02] (Haufe-Lexware GmbH & Co. KG)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MSSQL$JTLWAWI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe [243712 2009-11-27] (IDT, Inc.)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116480 2012-12-30] (AVM Berlin)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [85048 2009-12-14] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66104 2009-12-14] (Infowatch)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [245248 2013-04-10] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-01-01] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-01-01] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-08-12] ()
S3 SoehnleComfort; C:\Windows\System32\Drivers\SoehnleComfort_x64.sys [38400 2011-04-20] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Zeeh\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-19 17:03 - 2015-03-19 17:03 - 00000756 _____ () C:\Users\Zeeh\Desktop\JRT.txt
2015-03-19 16:56 - 2015-03-19 16:56 - 01388672 _____ (Thisisu) C:\Users\Zeeh\Desktop\JRT.exe
2015-03-19 16:49 - 2015-03-19 16:49 - 00001604 _____ () C:\Users\Zeeh\Desktop\AdwCleaner[S4].txt
2015-03-19 16:47 - 2015-03-19 16:47 - 02171392 _____ () C:\Users\Zeeh\Desktop\AdwCleaner_4.112.exe
2015-03-19 16:45 - 2015-03-19 16:45 - 00007061 _____ () C:\Users\Zeeh\Desktop\mbam.txt
2015-03-19 15:59 - 2015-03-19 15:59 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-19 15:59 - 2015-03-19 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-19 15:59 - 2015-03-19 15:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-19 15:59 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-19 15:59 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-19 15:58 - 2015-03-19 15:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Zeeh\Desktop\mbam-setup-2.0.4.1028.exe
2015-03-18 16:33 - 2015-03-18 16:33 - 00026272 _____ () C:\ComboFix.txt
2015-03-18 16:18 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-18 16:18 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-18 16:18 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-18 16:18 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-18 16:18 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-18 16:18 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-18 16:18 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-18 16:18 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-18 16:16 - 2015-03-18 16:33 - 00000000 ____D () C:\Qoobox
2015-03-18 16:16 - 2015-03-18 16:31 - 00000000 ____D () C:\Windows\erdnt
2015-03-18 16:14 - 2015-03-18 16:14 - 05615380 ____R (Swearware) C:\Users\Zeeh\Desktop\ComboFix.exe
2015-03-17 20:12 - 2015-03-17 20:13 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Zeeh\Desktop\tdsskiller.exe
2015-03-17 18:59 - 2015-03-19 15:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-17 18:59 - 2015-03-18 07:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-17 18:58 - 2015-03-19 16:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-17 18:57 - 2015-03-17 20:09 - 00000000 ____D () C:\Users\Zeeh\Desktop\mbar
2015-03-17 18:57 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 18:55 - 2015-03-17 18:56 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Zeeh\Desktop\mbar-1.09.1.1004.exe
2015-03-14 19:01 - 2015-03-14 19:03 - 00037299 _____ () C:\Users\Zeeh\Downloads\Addition.txt
2015-03-13 16:20 - 2015-03-13 16:20 - 02095616 _____ (Farbar) C:\Users\Zeeh\Downloads\FRST64 (1).exe
2015-03-13 16:19 - 2015-03-13 16:21 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-03-13 16:19 - 2015-03-13 16:19 - 28598072 _____ (TuneUp Software) C:\Users\Zeeh\Downloads\TuneUpUtilities2014_de-DE.exe
2015-03-13 16:19 - 2015-03-13 16:19 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-03-13 08:45 - 2015-03-13 08:45 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-13 08:45 - 2015-03-13 08:45 - 00001113 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-13 08:45 - 2015-03-13 08:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-13 08:44 - 2015-03-13 08:45 - 40824144 _____ () C:\Users\Zeeh\Downloads\Firefox_Setup_36.0.1.exe
2015-03-12 19:17 - 2015-03-12 19:17 - 00002213 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-12 19:15 - 2015-03-19 16:53 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-12 19:15 - 2015-03-19 16:20 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-12 19:15 - 2015-03-12 19:15 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-12 19:15 - 2015-03-12 19:15 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-12 19:11 - 2015-03-12 19:11 - 00880208 _____ (Google Inc.) C:\Users\Zeeh\Downloads\ChromeSetup (1).exe
2015-03-12 12:36 - 2015-03-12 12:36 - 02171392 _____ () C:\Users\Zeeh\Downloads\adwcleaner_4.112.exe
2015-03-11 20:23 - 2015-03-11 20:23 - 00032768 _____ () C:\Windows\SysWOW64\persistent_q.db-shm
2015-03-11 20:23 - 2015-03-11 20:23 - 00003176 _____ () C:\Windows\SysWOW64\persistent_q.db-wal
2015-03-11 20:23 - 2015-03-11 20:23 - 00001024 _____ () C:\Windows\SysWOW64\persistent_q.db
2015-03-11 15:12 - 2015-03-11 15:12 - 02367242 _____ () C:\Users\Zeeh\Desktop\froogle.txt
2015-03-11 08:17 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 08:17 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 08:17 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 08:17 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 08:17 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 08:17 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 08:17 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 08:17 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 08:17 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 08:17 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 08:17 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 08:17 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 08:17 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 08:17 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 08:17 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 08:17 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 08:17 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 08:17 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 08:17 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 08:17 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 08:17 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 08:17 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 08:17 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 08:17 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 08:17 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 08:17 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 08:17 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 08:17 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 08:17 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 08:17 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 08:17 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 08:17 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 08:16 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 08:16 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 08:15 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 08:15 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 08:15 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 08:15 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 08:15 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 08:15 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 08:15 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 08:15 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 08:15 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 08:15 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 08:15 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 08:15 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 08:15 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 08:15 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 08:15 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 08:15 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 08:15 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 08:15 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 08:15 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 08:15 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 08:15 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 08:15 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 08:15 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 08:15 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 08:15 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 08:15 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 08:15 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 08:15 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 08:15 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 08:15 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 08:15 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 08:15 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 08:15 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 08:15 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 08:15 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 08:15 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 08:15 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 08:15 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 08:15 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 08:15 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 08:15 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 08:15 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 08:15 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 08:15 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 08:15 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 08:15 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 08:15 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 08:15 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 08:15 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 08:15 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 08:15 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 08:15 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 08:15 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 08:15 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 08:15 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 08:15 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 08:15 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 08:15 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 08:15 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 08:15 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 08:15 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 08:15 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 08:15 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 08:15 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 08:15 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 08:15 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 08:15 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 08:15 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 08:15 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 08:15 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 08:15 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 08:15 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 08:15 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 08:15 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 08:15 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 08:15 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 08:15 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 08:15 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 08:15 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-08 16:25 - 2015-03-08 16:25 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-08 16:24 - 2015-03-08 16:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Zeeh\Downloads\revosetup95.exe
2015-03-08 16:20 - 2015-03-19 17:08 - 00023016 _____ () C:\Users\Zeeh\Downloads\FRST.txt
2015-03-08 16:19 - 2015-03-19 17:06 - 00000000 ____D () C:\FRST
2015-03-08 16:19 - 2015-03-08 16:19 - 02095104 _____ (Farbar) C:\Users\Zeeh\Downloads\FRST64.exe
2015-03-07 22:41 - 2015-03-07 22:41 - 00093359 _____ () C:\Users\Zeeh\Downloads\Invoice_Jan-16-15_Feb-15-15.csv
2015-03-06 17:33 - 2015-03-19 16:54 - 00000000 ____D () C:\AdwCleaner
2015-03-06 09:25 - 2015-03-13 08:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-02 11:58 - 2015-03-02 11:58 - 00029696 _____ () C:\Users\Zeeh\Documents\froogle.xls
2015-03-01 13:15 - 2015-03-13 09:02 - 00017869 _____ () C:\Users\Zeeh\Desktop\Artesano-Wollliste.xlsx
2015-03-01 13:15 - 2015-03-02 12:01 - 00018899 _____ () C:\Users\Zeeh\Documents\Artesano-Wollliste.xlsx
2015-02-26 07:40 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-26 07:40 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-26 07:40 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-26 07:40 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-26 07:36 - 2015-02-26 07:38 - 00000000 ____D () C:\Program Files (x86)\Bookmark Search
2015-02-25 19:50 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 19:50 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-19 16:59 - 2009-07-14 05:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-19 16:59 - 2009-07-14 05:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-19 16:57 - 2010-08-10 22:48 - 01786621 _____ () C:\Windows\WindowsUpdate.log
2015-03-19 16:53 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-19 16:52 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-19 16:51 - 2011-01-01 17:18 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-19 16:50 - 2015-01-23 08:57 - 00006059 _____ () C:\Windows\setupact.log
2015-03-19 16:50 - 2015-01-23 08:56 - 00027952 _____ () C:\Windows\PFRO.log
2015-03-19 16:39 - 2011-03-09 08:42 - 00000000 ____D () C:\Users\Zeeh\AppData\Local\Deployment
2015-03-19 16:38 - 2010-08-10 23:45 - 00001754 _____ () C:\Windows\system32\ServiceFilter.ini
2015-03-19 16:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-03-19 16:35 - 2010-12-30 23:10 - 00000000 ____D () C:\Users\Zeeh\AppData\Roaming\SoftGrid Client
2015-03-19 16:31 - 2015-01-20 14:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-19 14:20 - 2015-02-16 08:35 - 00000000 ____D () C:\Users\Zeeh\Documents\DHL-Reklamationen
2015-03-19 10:44 - 2013-11-06 14:20 - 00036547 _____ () C:\Users\Zeeh\Desktop\Bestellformular Beleduc.xlsx
2015-03-19 07:15 - 2011-01-03 04:41 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1B35FCC2-2D8D-4E4D-A77B-606E14FE5BEB}
2015-03-18 16:37 - 2011-03-09 08:42 - 00000000 ____D () C:\Users\Zeeh\AppData\Local\Apps\2.0
2015-03-18 16:29 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-18 12:50 - 2014-01-14 14:21 - 00258135 _____ () C:\Users\Zeeh\Desktop\Bestandsliste Perfect Petzzz.xlsx
2015-03-18 07:46 - 2015-01-23 08:59 - 00088895 _____ () C:\Windows\avmacc.log
2015-03-17 19:33 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media
2015-03-17 09:29 - 2013-05-10 16:31 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine SUN
2015-03-17 09:05 - 2011-01-01 14:23 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2015-03-16 16:25 - 2013-12-08 08:49 - 00017082 _____ () C:\Users\Zeeh\Desktop\monatliche Kosten.xlsx
2015-03-16 16:19 - 2010-12-31 14:43 - 00000000 ____D () C:\ProgramData\Lexware
2015-03-16 14:36 - 2014-05-26 10:47 - 00015663 _____ () C:\Users\Zeeh\Desktop\Bestellschein PerfectPetzzz EUR.xlsx
2015-03-16 07:42 - 2013-06-03 08:47 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine Uniwood
2015-03-16 07:41 - 2013-07-19 08:51 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine Kaden
2015-03-13 11:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 19:17 - 2010-08-10 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-12 19:17 - 2010-08-10 23:12 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-12 15:52 - 2010-12-30 22:33 - 00000000 ____D () C:\Users\Zeeh\AppData\Local\Google
2015-03-12 11:55 - 2010-08-10 23:45 - 00002476 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-03-12 11:49 - 2010-08-10 23:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-12 11:22 - 2010-12-31 14:44 - 00000000 ____D () C:\Program Files (x86)\lexware
2015-03-12 11:22 - 2010-12-31 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2015-03-12 11:15 - 2010-08-10 23:08 - 00000000 ____D () C:\ProgramData\CyberLink
2015-03-12 10:42 - 2010-08-10 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2015-03-12 10:42 - 2010-08-10 23:13 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-03-12 08:31 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-12 08:29 - 2015-01-23 08:56 - 00307104 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 08:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 08:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 20:17 - 2013-07-14 10:08 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 20:01 - 2011-01-09 17:52 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 07:55 - 2014-08-20 18:04 - 00819896 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-03-10 10:31 - 2009-08-04 10:51 - 00715658 _____ () C:\Windows\system32\perfh007.dat
2015-03-10 10:31 - 2009-08-04 10:51 - 00156312 _____ () C:\Windows\system32\perfc007.dat
2015-03-10 10:31 - 2009-07-14 06:13 - 01660372 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-10 10:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-08 16:40 - 2012-04-29 20:52 - 00000000 ____D () C:\Program Files (x86)\CEWE COLOR
2015-03-06 17:36 - 2011-01-01 15:11 - 00000000 ____D () C:\Windows\system32\log
2015-03-04 17:29 - 2015-01-22 11:05 - 00012247 _____ () C:\Users\Zeeh\Documents\Antje-Lohn.xlsx
2015-02-26 08:49 - 2011-01-01 17:17 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-02-26 08:30 - 2013-05-10 16:33 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine Rülke
2015-02-25 07:49 - 2013-05-10 16:33 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine SINA
2015-02-24 17:15 - 2013-03-16 21:20 - 00000000 ____D () C:\Users\Zeeh\Desktop\Bilder
2015-02-23 17:41 - 2011-05-20 21:20 - 00068744 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2015-02-23 13:47 - 2011-03-05 18:38 - 00017150 _____ () C:\Users\Zeeh\Documents\Darlehen.xlsx
2015-02-23 12:06 - 2011-02-14 08:52 - 00000000 __RSD () C:\Users\Zeeh\Documents\My Stationery
2015-02-19 11:15 - 2015-02-12 18:35 - 00025921 _____ () C:\Windows\system32\ScanResults.xml
2015-02-19 11:12 - 2015-02-12 18:31 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2015-02-18 16:06 - 2012-07-10 07:57 - 00000000 ____D () C:\Users\Zeeh\AppData\Roaming\FileZilla

==================== Files in the root of some directories =======

2015-02-06 09:17 - 2015-02-06 09:17 - 0000020 _____ () C:\Users\Zeeh\AppData\Roaming\appdataFr3.bin
2012-12-30 13:11 - 2012-12-30 13:11 - 0017408 _____ () C:\Users\Zeeh\AppData\Local\WebpageIcons.db
2010-08-10 23:16 - 2009-12-24 13:38 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-08-10 23:09 - 2010-08-10 23:10 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-08-10 23:09 - 2010-08-10 23:09 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some content of TEMP:
====================
C:\Users\Zeeh\AppData\Local\Temp\Quarantine.exe
C:\Users\Zeeh\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-15 11:04

==================== End Of Log ============================
         
--- --- ---

--- --- ---


und die Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Zeeh at 2015-03-19 17:08:52
Running from C:\Users\Zeeh\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Acronis*True*Image*Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6696 - Acronis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\{1F5E5F2E-5E61-431D-B796-58CCC6B68E28}) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.27 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS USB2.0 UVC VGA WebCam (HKLM\...\ASUS USB2.0 UVC VGA WebCam) (Version: 5.8.53120.202 - Sonix)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ATI Catalyst Install Manager (HKLM\...\{80AB4395-42E3-D0B3-A310-6F0A6BD9709B}) (Version: 3.0.750.0 - ATI Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0001 - ASUS)
Body Balance Comfort Select Software (HKLM-x32\...\{74B92B80-C11A-4DD0-884C-A532B788C2D4}) (Version: 1.0.0 - Leifheit AG)
Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
Brother MFL-Pro Suite DCP-9055CDN (HKLM-x32\...\{979742CC-2CBB-49D8-9BEE-C2F7875F5393}) (Version: 1.1.5.0 - Brother Industries, Ltd.)
ccc-core-static (x32 Version: 2009.1111.1543.28169 - ATI) Hidden
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version:  - )
Express Rip (HKLM-x32\...\ExpressRip) (Version: 1.94 - NCH Software)
Fahrtenbuch.net 1.5.12 (HKLM-x32\...\Fahrtenbuch.net_is1) (Version:  - COMputer.INTernet.SOftware Tobias Schiek)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
FileZilla Client 3.2.7.1 (HKLM-x32\...\FileZilla Client) (Version: 3.2.7.1 - )
FRITZ!Box USB-Fernanschluss (HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\f018cf21c0452c64) (Version: 2.3.0.2 - AVM Berlin)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6259.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
Internet Manager (HKLM-x32\...\Internet Manager) (Version: 22.001.18.76.55 - Huawei Technologies Co.,Ltd)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version:  - )
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
Lexware Abschreibungsrechner (x32 Version: 14.00.00.0004 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware büro easy 2015 (x32 Version: 28.02.00.0197 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware büro easy plus 2015 (HKLM-x32\...\{3eadd447-88bd-45e6-8410-0b31dcad2556}) (Version: 28.0.0.132 - Haufe-Lexware GmbH & Co.KG)
Lexware Elster (x32 Version: 15.00.00.0056 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Info Service (x32 Version: 5.00.00.0044 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Installations Dienst (x32 Version: 4.00.00.0008 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware online banking (x32 Version: 22.02.00.0040 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware PDF-Export 5 (x32 Version: 5.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Sepa Check (x32 Version: 1.00.00.0003 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Zeiterfassung (x32 Version: 28.00.00.0003 - Haufe-Lexware GmbH & Co.KG) Hidden
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7C39E0D1-E138-42B1-B083-213EC2CF7692}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Samsung Networking Wizard (HKLM-x32\...\{0C485220-4029-48E7-9F27-965DA4A78D5E}) (Version: 1.1.11052.2 - Samsung Electronics Co., Ltd. )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2000.0 - SAMSUNG Electronics Co., Ltd.)
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SolidWorks eDrawings 2011 (HKLM-x32\...\{9402DAC1-447E-49C9-979D-BD5838E709D7}) (Version: 11.4.113 - Dassault Systèmes SolidWorks Corp.)
syncables desktop SE (HKLM-x32\...\{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}) (Version: 5.5.615.9518 - syncables)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM-x32\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Windows Live Anmelde-Assistent (HKLM-x32\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

11-03-2015 19:59:02 Windows Update
12-03-2015 10:18:32 Revo Uninstaller's restore point - ASUS FancyStart
12-03-2015 10:42:26 Removed ASUS FancyStart
12-03-2015 10:46:59 Revo Uninstaller's restore point - Bing Bar
12-03-2015 11:07:01 Revo Uninstaller's restore point - CyberLink LabelPrint
12-03-2015 11:07:37 Konfiguriert LabelPrint
12-03-2015 11:13:30 Revo Uninstaller's restore point - CyberLink Power2Go
12-03-2015 11:13:53 Konfiguriert Power2Go
12-03-2015 11:16:10 Revo Uninstaller's restore point - Lexware lohnauskunft 2009
12-03-2015 11:16:25 Konfiguriert Lexware lohnauskunft 2009
12-03-2015 11:18:01 Revo Uninstaller's restore point - Lexware lohnauskunft 2009
12-03-2015 11:18:21 Revo Uninstaller's restore point - Lexware lohnauskunft 2014
12-03-2015 11:18:55 Removed Lexware lohnauskunft 2014.
12-03-2015 11:21:34 Revo Uninstaller's restore point - Lexware reisekosten 2009
12-03-2015 11:21:47 Konfiguriert Lexware reisekosten 2009
12-03-2015 11:23:13 Revo Uninstaller's restore point - Mozilla Firefox 36.0.1 (x86 de)
12-03-2015 11:27:02 Revo Uninstaller's restore point - Mozilla Firefox 36.0.1 (x86 de)
12-03-2015 11:48:31 Entfernt DELISprint
12-03-2015 11:52:20 Removed RENESIS® Player Browser Plugins
13-03-2015 16:19:53 TuneUp Utilities 2014 wird installiert
13-03-2015 16:20:57 TuneUp Utilities 2014 (de-DE) wird entfernt
17-03-2015 19:28:27 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-03-18 16:29 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {342CD102-1DE5-49AE-A53A-D33ABD85E7BC} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {3A775123-7BDC-4E16-A8B7-6845A96A4083} - System32\Tasks\{1EDF6135-BB20-413E-8288-BC728394B876} => pcalua.exe -a E:\LxSetup.exe -d E:\
Task: {40721C3F-0996-4274-98ED-E888934C6B43} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12] (Google Inc.)
Task: {429C9858-F46A-408D-87D6-64BC0F0C99B0} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] ()
Task: {474683AA-2C5B-46A0-9C72-919F9FB1CBE7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12] (Google Inc.)
Task: {53997FEA-15D2-4E30-B519-F00330284647} - System32\Tasks\{C4D39608-1BDD-4FDC-94D6-2EDA5B93ECA0} => pcalua.exe -a C:\Users\Zeeh\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs <==== ATTENTION
Task: {661E3F48-5794-4F49-9DDE-351E8CF265E6} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-18] (ASUS)
Task: {89E5C935-498B-489D-801A-3E66D5249F0A} - System32\Tasks\SQAKP => C:\ProgramData\9a57dd4bfbdc41d9a41d3b8b62f45107\9a57dd4bfbdc41d9a41d3b8b62f45107.exe
Task: {8EAA276A-C2F3-409E-8546-11C58E4FA00B} - System32\Tasks\{01B8A7C3-9EE9-4DFA-80E2-0171A0BB415D} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2013-07-23] (Microsoft Corporation)
Task: {8F20AF64-5623-47D4-84BD-6771C9B8432C} - System32\Tasks\{1EC1DF85-2F18-4E6E-98F2-7C1D92E46BBA} => pcalua.exe -a F:\aomwin200ea24.exe -d F:\
Task: {9C50DFC0-DC4F-4E99-B900-E921C5344D29} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A3D57154-76E9-41EB-B88A-431B82727931} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C2301F3D-2E4A-4C92-AF9D-A1600BCC6EA2} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-12-24] (ATK)
Task: {EBA787D0-3184-4EAB-9004-F21185C8620B} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {ECA98A70-61E5-4054-8BC5-BBC2BB7E9950} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {F4080C3B-FFD2-4ACA-852D-23B954EBF2C3} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-05] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-08-18 19:25 - 2013-02-05 08:24 - 00671744 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
2014-08-18 19:29 - 2013-02-05 08:25 - 01541120 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe
2010-03-16 02:48 - 2010-03-16 02:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2008-10-23 18:21 - 2008-10-23 18:21 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-10 23:32 - 2010-08-10 23:32 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-03-12 19:17 - 2015-03-07 06:57 - 01530184 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-12 19:17 - 2015-03-07 06:57 - 00091976 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-12 19:17 - 2015-03-07 06:57 - 11266888 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
2015-03-12 19:17 - 2015-03-07 06:57 - 26792264 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll
2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll
2014-08-18 19:25 - 2009-01-10 11:32 - 00011362 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll
2014-08-18 19:25 - 2009-06-22 19:42 - 00043008 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll
2014-08-18 19:25 - 2012-10-31 10:11 - 02417152 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll
2014-08-18 19:25 - 2012-10-31 10:14 - 01148416 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll
2014-08-18 19:25 - 2012-10-31 10:33 - 09562624 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtGui4.dll
2014-08-18 19:29 - 2012-10-31 12:14 - 00082944 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qgif4.dll
2014-08-18 19:29 - 2012-10-31 12:16 - 00081920 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qico4.dll
2011-02-01 20:52 - 2011-02-01 20:52 - 11195512 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-09-11 14:09 - 2014-09-11 14:09 - 00176168 _____ () C:\Program Files (x86)\lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2014-09-11 14:09 - 2014-09-11 14:09 - 00043048 _____ () C:\Program Files (x86)\lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:63F29B08

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-1571306010-3709694829-1092883663-500 - Administrator - Disabled)
Gast (S-1-5-21-1571306010-3709694829-1092883663-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1571306010-3709694829-1092883663-1009 - Limited - Enabled)
Zeeh (S-1-5-21-1571306010-3709694829-1092883663-1000 - Administrator - Enabled) => C:\Users\Zeeh

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz
Percentage of memory in use: 46%
Total physical RAM: 3948.54 MB
Available physical RAM: 2124.88 MB
Total Pagefile: 9946.73 MB
Available Pagefile: 7322.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:149.04 GB) (Free:93.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:427.59 GB) (Free:427.23 GB) NTFS
Drive h: () (Removable) (Total:3.74 GB) (Free:3.73 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=427.6 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 9C744D6B)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)

==================== End Of Log ============================
         

Alt 19.03.2015, 21:30   #12
schrauber
/// the machine
/// TB-Ausbilder
 

bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt - Standard

bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.03.2015, 11:17   #13
team
 
bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt - Standard

bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt



Teil 1:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e50f7b76e853ed49a2194a7dea3036ef
# engine=22995
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-20 09:55:13
# local_time=2015-03-20 10:55:13 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1299 16777213 100 100 16553 54416943 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 66 85 53324246 178475163 0 0
# scanned=208047
# found=24
# cleaned=24
# scan_time=4417
sh=6051713D313FF606FD60F5D69FDD243C4C85DE08 ft=1 fh=6ab584f6340ba3a4 vn="Variante von Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\krios.dll.vir"
sh=288E09D0335790CCB608D0D1408BD2C6283B4ACB ft=1 fh=4edc91144fbe8cff vn="Variante von Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\krios64.dll.vir"
sh=96C4BE610D5873D2105EBE6C2564227E07663E0F ft=1 fh=8279f4b6e9e016eb vn="Variante von Win32/Toolbar.Widgi.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Application Updater\ApplicationUpdater.exe.vir"
sh=EFEAC355C4EAD270AC44BD41C7CE306329BF56E5 ft=1 fh=181b86f2aa11def5 vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe.vir"
sh=603B7320EB9962486C795BEB40B872CB724E30FF ft=1 fh=713e4df1b29097f0 vn="Variante von Win64/Toolbar.Widgi.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe.vir"
sh=7616829B2865E2A55E965E8687EEF58CEBA6D9F4 ft=1 fh=c4ed652c67d9e0c9 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\wth160.dll.vir"
sh=15C84E66FD27E71B2ADE3B26E9337E177AE60E86 ft=1 fh=98bf0f3a8e696ecd vn="Win64/Toolbar.Widgi.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\wthx160.dll.vir"
sh=99927B7FF1BF456EF56D3957F98D727BB6DA4C28 ft=1 fh=c71c0011a837031c vn="Variante von Win32/Adware.MultiPlug.FL Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ROyalShOpperApppp\R4Qy1camJVfJlX.dll.vir"
sh=D3DC65C3F2F8CE1E526762A35DD76736981A50E1 ft=1 fh=cecc82c634ed304c vn="Variante von Win64/Adware.MultiPlug.G Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ROyalShOpperApppp\R4Qy1camJVfJlX.x64.dll.vir"
sh=C0B7F8C09DB0ADA3DF2102A3D08FAC9781A15DC6 ft=1 fh=55bf436402755b8c vn="Win32/ELEX.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir"
sh=52F9085A177DC911DC513ED9FA431A58126F73CF ft=1 fh=08f0a6962a427f0c vn="Win32/ELEX.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir"
sh=FBDFC5A9C45940E1EE1DB6ADFCE2B1BD5DD301F3 ft=1 fh=c71c0011210d5c57 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir"
sh=D4A43936353E001F542FB287278ED350644F1917 ft=1 fh=cf34ce2fc97c23ab vn="Win32/ELEX.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir"
sh=599E2748522276CBF3F990EB4F46016868DEB898 ft=1 fh=f77aff1d76d0a3e6 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir"
sh=E50DAB85C0710DE9EB31AE35959240275B4AE07B ft=1 fh=5d729646388faede vn="Variante von Win32/Adware.PicColor.M Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\9a57dd4bfbdc41d9a41d3b8b62f45107\9a57dd4bfbdc41d9a41d3b8b62f45107.exe.vir"
sh=9F1C42FCE742E8800B0D643D7F07C4512C4A928A ft=1 fh=a4028fc937df6412 vn="Variante von Win32/Adware.PicColor.C Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\cmwr.sys.vir"
sh=FBD9CC9DD4EF8C9AAB4A010379FDBE65E8760A81 ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Zeeh\AppData\Local\Mozilla\Firefox\Profiles\3aglzgxk.default\cache2\entries\0A811E3627C260AED9D6F553C616C77DE827FE54"
sh=90B83EA3A71D176CA8D03DDCEF3C3F270D9639DB ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default\extensions\veggy@veggyAddon.com\chrome\content\main.js"
sh=A504F81E9D1D0BD0CDBA355620BADB13CBAB6984 ft=1 fh=5f69c3f6b4084ff0 vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Zeeh\Downloads\gimp.exe"
sh=EDCF4EA293DD0C7475D73797276FBE9E45EBBC29 ft=1 fh=51c8894478037c3d vn="Win32/Somoto.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Zeeh\Downloads\m4a-to80-mp3-converter.exe"
sh=D0357617961BF3D526BEFAAB0048CBB983EA4DF9 ft=1 fh=c604c933e8b9509f vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Zeeh\Downloads\PDFCreator-1_7_0_setup.exe"
sh=6AEBC9B03C8291C5DF8B20A74874498328FD3184 ft=1 fh=24e3181a2aad989e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Zeeh\Downloads\Picture Converter - CHIP-Installer.exe"
sh=F42434EB673DF4B135D8D509943965FE20F75B22 ft=1 fh=84267000d91c779b vn="Win32/ReImageRepair.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Zeeh\Downloads\ReimageRepair.exe"
sh=BDC53184583ED4870CF48D54239BDD8EEA3F148F ft=1 fh=67b0812158229c81 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Zeeh\Downloads\speedupmypc.exe"
         
Teil 2
Code:
ATTFilter
Results of screen317's Security Check version 0.99.97  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Adobe Reader 10.1.11 Adobe Reader out of Date!  
 Mozilla Firefox (36.0.1) 
 Google Chrome (41.0.2272.89) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Internet Manager OnlineUpdate ouc.exe  
 Internet Manager OnlineUpdate LiveUpd.exe  
 Acronis TrueImageHome OnlineBackupStandalone TrueImageMonitor.exe 
 Kaspersky Lab Kaspersky Internet Security 15.0.1 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 15.0.1 avpui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
und ein neues FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Zeeh (administrator) on ZEEH-PC on 20-03-2015 11:09:55
Running from C:\Users\Zeeh\Downloads
Loaded Profiles: Zeeh (Available profiles: Zeeh)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\stacsv64.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\lexware\Update Service\Hmg.InstallationService.Service.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(syncables, LLC) C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\lexware\Update Manager\LxUpdateManager.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Farbar) C:\Users\Zeeh\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-27] (IDT, Inc.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [391240 2010-12-06] (Acronis)
HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-08-10] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-11-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-27] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-20] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [SAOB Monitor] => C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2570688 2010-11-16] (Acronis)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5583056 2011-02-01] (Acronis)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [196648 2014-09-26] (Haufe-Lexware GmbH & Co. KG)
HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\Run: [Syncables] => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-04-05] (syncables, LLC)
HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\Run: [AVMUSBFernanschluss] => C:\Users\Zeeh\AppData\Local\Apps\2.0\5H6GP0O6.A8T\ODMZ84MY.LH2\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe [139264 2012-12-30] (AVM Berlin)
Startup: C:\Users\Zeeh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1571306010-3709694829-1092883663-1000 -> {393DB63D-0E30-47F8-9F47-71AA303F4DE0} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1571306010-3709694829-1092883663-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
Toolbar: HKU\S-1-5-21-1571306010-3709694829-1092883663-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{71D837ED-CC19-43D6-85CD-C31CF2544AFB}: [NameServer] 10.28.253.1
Tcpip\..\Interfaces\{7C558398-EC4A-4217-8340-B8175260889E}: [NameServer] 10.74.210.210 10.74.210.211
Tcpip\..\Interfaces\{EA51E0A4-6976-447B-9AFB-E271A9B20C96}: [NameServer] 10.74.210.210 10.74.210.211

FireFox:
========
FF ProfilePath: C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default
FF Homepage: google.de
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Windows\SysWOW64\npdeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-01] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-01] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-01] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Extension: Mozilla Firefox Hotfixer - C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default\Extensions\veggy@veggyAddon.com [2015-03-20]
FF Extension: Zoom It - C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default\Extensions\{da15f6ce-464a-4063-1270-af5670f23067} [2015-03-20]
FF Extension: Zoom It - C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default\Extensions\{ff49035a-bfb7-0c69-8ed7-a5c9051b0b84} [2015-03-18]
FF Extension: PageRank Client - C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default\Extensions\pagerank-client@koeniglich.ch.xpi [2012-04-04]
FF Extension: Adblock Plus - C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-20]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-05-10]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-01]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-01]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-01]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR Profile: C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-12]
CHR Extension: (Google Docs) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-12]
CHR Extension: (Google Drive) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-12]
CHR Extension: (YouTube) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-12]
CHR Extension: (Google Search) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-12]
CHR Extension: (Kaspersky Protection) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-03-12]
CHR Extension: (Google Sheets) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-12]
CHR Extension: (Gmail) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-12]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 ICM_UpdaterService; C:\Program Files (x86)\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe [204883 2011-03-18] () [File not signed]
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [671744 2013-02-05] () [File not signed]
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [64552 2014-10-02] (Haufe-Lexware GmbH & Co. KG)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MSSQL$JTLWAWI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe [243712 2009-11-27] (IDT, Inc.)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116480 2012-12-30] (AVM Berlin)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [85048 2009-12-14] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66104 2009-12-14] (Infowatch)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [245248 2013-04-10] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-01-01] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-01-01] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-08-12] ()
S3 SoehnleComfort; C:\Windows\System32\Drivers\SoehnleComfort_x64.sys [38400 2011-04-20] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Zeeh\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 11:03 - 2015-03-20 11:03 - 00852604 _____ () C:\Users\Zeeh\Desktop\SecurityCheck.exe
2015-03-20 09:40 - 2015-03-20 09:40 - 02347384 _____ (ESET) C:\Users\Zeeh\Desktop\esetsmartinstaller_deu.exe
2015-03-20 08:47 - 2015-03-20 08:47 - 00934566 _____ () C:\Users\Zeeh\Downloads\adblock_plus-2.6.7-sm_tb_fx_an.zip
2015-03-19 16:56 - 2015-03-19 16:56 - 01388672 _____ (Thisisu) C:\Users\Zeeh\Desktop\JRT.exe
2015-03-19 16:47 - 2015-03-19 16:47 - 02171392 _____ () C:\Users\Zeeh\Desktop\AdwCleaner_4.112.exe
2015-03-19 15:59 - 2015-03-19 15:59 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-19 15:59 - 2015-03-19 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-19 15:59 - 2015-03-19 15:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-19 15:59 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-19 15:59 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-19 15:58 - 2015-03-19 15:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Zeeh\Desktop\mbam-setup-2.0.4.1028.exe
2015-03-18 16:33 - 2015-03-18 16:33 - 00026272 _____ () C:\ComboFix.txt
2015-03-18 16:18 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-18 16:18 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-18 16:18 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-18 16:18 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-18 16:18 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-18 16:18 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-18 16:18 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-18 16:18 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-18 16:16 - 2015-03-18 16:33 - 00000000 ____D () C:\Qoobox
2015-03-18 16:16 - 2015-03-18 16:31 - 00000000 ____D () C:\Windows\erdnt
2015-03-18 16:14 - 2015-03-18 16:14 - 05615380 ____R (Swearware) C:\Users\Zeeh\Desktop\ComboFix.exe
2015-03-17 20:12 - 2015-03-17 20:13 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Zeeh\Desktop\tdsskiller.exe
2015-03-17 18:59 - 2015-03-19 15:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-17 18:59 - 2015-03-18 07:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-17 18:58 - 2015-03-20 09:34 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-17 18:57 - 2015-03-17 20:09 - 00000000 ____D () C:\Users\Zeeh\Desktop\mbar
2015-03-17 18:57 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 18:55 - 2015-03-17 18:56 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Zeeh\Desktop\mbar-1.09.1.1004.exe
2015-03-14 19:01 - 2015-03-19 17:09 - 00026353 _____ () C:\Users\Zeeh\Downloads\Addition.txt
2015-03-13 16:20 - 2015-03-13 16:20 - 02095616 _____ (Farbar) C:\Users\Zeeh\Downloads\FRST64 (1).exe
2015-03-13 16:19 - 2015-03-13 16:21 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-03-13 16:19 - 2015-03-13 16:19 - 28598072 _____ (TuneUp Software) C:\Users\Zeeh\Downloads\TuneUpUtilities2014_de-DE.exe
2015-03-13 16:19 - 2015-03-13 16:19 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-03-13 08:45 - 2015-03-13 08:45 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-13 08:45 - 2015-03-13 08:45 - 00001113 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-13 08:45 - 2015-03-13 08:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-13 08:44 - 2015-03-13 08:45 - 40824144 _____ () C:\Users\Zeeh\Downloads\Firefox_Setup_36.0.1.exe
2015-03-12 19:17 - 2015-03-12 19:17 - 00002213 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-12 19:15 - 2015-03-20 10:20 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-12 19:15 - 2015-03-20 07:22 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-12 19:15 - 2015-03-12 19:15 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-12 19:15 - 2015-03-12 19:15 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-12 19:11 - 2015-03-12 19:11 - 00880208 _____ (Google Inc.) C:\Users\Zeeh\Downloads\ChromeSetup (1).exe
2015-03-12 12:36 - 2015-03-12 12:36 - 02171392 _____ () C:\Users\Zeeh\Downloads\adwcleaner_4.112.exe
2015-03-11 20:23 - 2015-03-11 20:23 - 00032768 _____ () C:\Windows\SysWOW64\persistent_q.db-shm
2015-03-11 20:23 - 2015-03-11 20:23 - 00003176 _____ () C:\Windows\SysWOW64\persistent_q.db-wal
2015-03-11 20:23 - 2015-03-11 20:23 - 00001024 _____ () C:\Windows\SysWOW64\persistent_q.db
2015-03-11 15:12 - 2015-03-11 15:12 - 02367242 _____ () C:\Users\Zeeh\Desktop\froogle.txt
2015-03-11 08:17 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 08:17 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 08:17 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 08:17 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 08:17 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 08:17 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 08:17 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 08:17 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 08:17 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 08:17 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 08:17 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 08:17 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 08:17 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 08:17 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 08:17 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 08:17 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 08:17 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 08:17 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 08:17 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 08:17 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 08:17 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 08:17 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 08:17 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 08:17 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 08:17 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 08:17 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 08:17 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 08:17 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 08:17 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 08:17 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 08:17 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 08:17 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 08:16 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 08:16 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 08:15 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 08:15 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 08:15 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 08:15 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 08:15 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 08:15 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 08:15 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 08:15 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 08:15 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 08:15 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 08:15 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 08:15 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 08:15 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 08:15 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 08:15 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 08:15 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 08:15 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 08:15 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 08:15 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 08:15 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 08:15 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 08:15 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 08:15 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 08:15 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 08:15 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 08:15 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 08:15 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 08:15 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 08:15 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 08:15 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 08:15 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 08:15 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 08:15 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 08:15 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 08:15 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 08:15 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 08:15 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 08:15 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 08:15 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 08:15 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 08:15 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 08:15 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 08:15 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 08:15 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 08:15 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 08:15 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 08:15 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 08:15 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 08:15 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 08:15 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 08:15 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 08:15 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 08:15 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 08:15 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 08:15 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 08:15 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 08:15 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 08:15 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 08:15 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 08:15 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 08:15 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 08:15 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 08:15 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 08:15 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 08:15 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 08:15 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 08:15 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 08:15 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 08:15 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 08:15 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 08:15 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 08:15 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 08:15 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 08:15 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 08:15 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 08:15 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 08:15 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 08:15 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 08:15 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-08 16:25 - 2015-03-08 16:25 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-08 16:24 - 2015-03-08 16:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Zeeh\Downloads\revosetup95.exe
2015-03-08 16:20 - 2015-03-20 11:11 - 00024332 _____ () C:\Users\Zeeh\Downloads\FRST.txt
2015-03-08 16:19 - 2015-03-20 11:09 - 00000000 ____D () C:\FRST
2015-03-08 16:19 - 2015-03-08 16:19 - 02095104 _____ (Farbar) C:\Users\Zeeh\Downloads\FRST64.exe
2015-03-07 22:41 - 2015-03-07 22:41 - 00093359 _____ () C:\Users\Zeeh\Downloads\Invoice_Jan-16-15_Feb-15-15.csv
2015-03-06 17:33 - 2015-03-19 16:54 - 00000000 ____D () C:\AdwCleaner
2015-03-06 09:25 - 2015-03-13 08:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-02 11:58 - 2015-03-02 11:58 - 00029696 _____ () C:\Users\Zeeh\Documents\froogle.xls
2015-03-01 13:15 - 2015-03-20 08:11 - 00017838 _____ () C:\Users\Zeeh\Desktop\Artesano-Wollliste.xlsx
2015-03-01 13:15 - 2015-03-02 12:01 - 00018899 _____ () C:\Users\Zeeh\Documents\Artesano-Wollliste.xlsx
2015-02-26 07:40 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-26 07:40 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-26 07:40 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-26 07:40 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-26 07:36 - 2015-02-26 07:38 - 00000000 ____D () C:\Program Files (x86)\Bookmark Search
2015-02-25 19:50 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 19:50 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 10:31 - 2015-01-20 14:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-20 10:19 - 2010-08-10 22:48 - 01846112 _____ () C:\Windows\WindowsUpdate.log
2015-03-20 08:11 - 2014-01-14 14:21 - 00258108 _____ () C:\Users\Zeeh\Desktop\Bestandsliste Perfect Petzzz.xlsx
2015-03-20 07:57 - 2011-01-03 04:41 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1B35FCC2-2D8D-4E4D-A77B-606E14FE5BEB}
2015-03-20 07:48 - 2010-12-30 23:10 - 00000000 ____D () C:\Users\Zeeh\AppData\Roaming\SoftGrid Client
2015-03-20 07:47 - 2013-05-10 16:31 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine SUN
2015-03-20 07:27 - 2009-07-14 05:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-20 07:27 - 2009-07-14 05:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-20 07:22 - 2011-03-09 08:42 - 00000000 ____D () C:\Users\Zeeh\AppData\Local\Deployment
2015-03-20 07:22 - 2011-01-01 17:18 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-20 07:19 - 2015-01-23 08:57 - 00006115 _____ () C:\Windows\setupact.log
2015-03-20 07:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-19 19:22 - 2010-12-31 14:43 - 00000000 ____D () C:\ProgramData\Lexware
2015-03-19 18:31 - 2015-02-16 08:35 - 00000000 ____D () C:\Users\Zeeh\Documents\DHL-Reklamationen
2015-03-19 16:52 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-19 16:50 - 2015-01-23 08:56 - 00027952 _____ () C:\Windows\PFRO.log
2015-03-19 16:38 - 2010-08-10 23:45 - 00001754 _____ () C:\Windows\system32\ServiceFilter.ini
2015-03-19 16:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-03-19 10:44 - 2013-11-06 14:20 - 00036547 _____ () C:\Users\Zeeh\Desktop\Bestellformular Beleduc.xlsx
2015-03-18 16:37 - 2011-03-09 08:42 - 00000000 ____D () C:\Users\Zeeh\AppData\Local\Apps\2.0
2015-03-18 16:29 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-18 07:46 - 2015-01-23 08:59 - 00088895 _____ () C:\Windows\avmacc.log
2015-03-17 19:33 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media
2015-03-17 09:05 - 2011-01-01 14:23 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2015-03-16 16:25 - 2013-12-08 08:49 - 00017082 _____ () C:\Users\Zeeh\Desktop\monatliche Kosten.xlsx
2015-03-16 14:36 - 2014-05-26 10:47 - 00015663 _____ () C:\Users\Zeeh\Desktop\Bestellschein PerfectPetzzz EUR.xlsx
2015-03-16 07:42 - 2013-06-03 08:47 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine Uniwood
2015-03-16 07:41 - 2013-07-19 08:51 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine Kaden
2015-03-13 11:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 19:17 - 2010-08-10 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-12 19:17 - 2010-08-10 23:12 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-12 15:52 - 2010-12-30 22:33 - 00000000 ____D () C:\Users\Zeeh\AppData\Local\Google
2015-03-12 11:55 - 2010-08-10 23:45 - 00002476 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-03-12 11:49 - 2010-08-10 23:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-12 11:22 - 2010-12-31 14:44 - 00000000 ____D () C:\Program Files (x86)\lexware
2015-03-12 11:22 - 2010-12-31 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2015-03-12 11:15 - 2010-08-10 23:08 - 00000000 ____D () C:\ProgramData\CyberLink
2015-03-12 10:42 - 2010-08-10 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2015-03-12 10:42 - 2010-08-10 23:13 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-03-12 08:31 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-12 08:29 - 2015-01-23 08:56 - 00307104 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 08:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 08:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 20:17 - 2013-07-14 10:08 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 20:01 - 2011-01-09 17:52 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 07:55 - 2014-08-20 18:04 - 00819896 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-03-10 10:31 - 2009-08-04 10:51 - 00715658 _____ () C:\Windows\system32\perfh007.dat
2015-03-10 10:31 - 2009-08-04 10:51 - 00156312 _____ () C:\Windows\system32\perfc007.dat
2015-03-10 10:31 - 2009-07-14 06:13 - 01660372 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-10 10:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-08 16:40 - 2012-04-29 20:52 - 00000000 ____D () C:\Program Files (x86)\CEWE COLOR
2015-03-06 17:36 - 2011-01-01 15:11 - 00000000 ____D () C:\Windows\system32\log
2015-03-04 17:29 - 2015-01-22 11:05 - 00012247 _____ () C:\Users\Zeeh\Documents\Antje-Lohn.xlsx
2015-02-26 08:49 - 2011-01-01 17:17 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-02-26 08:30 - 2013-05-10 16:33 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine Rülke
2015-02-25 07:49 - 2013-05-10 16:33 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine SINA
2015-02-24 17:15 - 2013-03-16 21:20 - 00000000 ____D () C:\Users\Zeeh\Desktop\Bilder
2015-02-23 17:41 - 2011-05-20 21:20 - 00068744 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2015-02-23 13:47 - 2011-03-05 18:38 - 00017150 _____ () C:\Users\Zeeh\Documents\Darlehen.xlsx
2015-02-23 12:06 - 2011-02-14 08:52 - 00000000 __RSD () C:\Users\Zeeh\Documents\My Stationery
2015-02-19 11:15 - 2015-02-12 18:35 - 00025921 _____ () C:\Windows\system32\ScanResults.xml
2015-02-19 11:12 - 2015-02-12 18:31 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2015-02-18 16:06 - 2012-07-10 07:57 - 00000000 ____D () C:\Users\Zeeh\AppData\Roaming\FileZilla

==================== Files in the root of some directories =======

2015-02-06 09:17 - 2015-02-06 09:17 - 0000020 _____ () C:\Users\Zeeh\AppData\Roaming\appdataFr3.bin
2012-12-30 13:11 - 2012-12-30 13:11 - 0017408 _____ () C:\Users\Zeeh\AppData\Local\WebpageIcons.db
2010-08-10 23:16 - 2009-12-24 13:38 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-08-10 23:09 - 2010-08-10 23:10 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-08-10 23:09 - 2010-08-10 23:09 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some content of TEMP:
====================
C:\Users\Zeeh\AppData\Local\Temp\Quarantine.exe
C:\Users\Zeeh\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-15 11:04

==================== End Of Log ============================
         
--- --- ---

--- --- ---


und addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Zeeh at 2015-03-20 11:11:46
Running from C:\Users\Zeeh\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Acronis*True*Image*Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6696 - Acronis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\{1F5E5F2E-5E61-431D-B796-58CCC6B68E28}) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.27 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS USB2.0 UVC VGA WebCam (HKLM\...\ASUS USB2.0 UVC VGA WebCam) (Version: 5.8.53120.202 - Sonix)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ATI Catalyst Install Manager (HKLM\...\{80AB4395-42E3-D0B3-A310-6F0A6BD9709B}) (Version: 3.0.750.0 - ATI Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0001 - ASUS)
Body Balance Comfort Select Software (HKLM-x32\...\{74B92B80-C11A-4DD0-884C-A532B788C2D4}) (Version: 1.0.0 - Leifheit AG)
Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
Brother MFL-Pro Suite DCP-9055CDN (HKLM-x32\...\{979742CC-2CBB-49D8-9BEE-C2F7875F5393}) (Version: 1.1.5.0 - Brother Industries, Ltd.)
ccc-core-static (x32 Version: 2009.1111.1543.28169 - ATI) Hidden
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version:  - )
Express Rip (HKLM-x32\...\ExpressRip) (Version: 1.94 - NCH Software)
Fahrtenbuch.net 1.5.12 (HKLM-x32\...\Fahrtenbuch.net_is1) (Version:  - COMputer.INTernet.SOftware Tobias Schiek)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
FileZilla Client 3.2.7.1 (HKLM-x32\...\FileZilla Client) (Version: 3.2.7.1 - )
FRITZ!Box USB-Fernanschluss (HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\f018cf21c0452c64) (Version: 2.3.0.2 - AVM Berlin)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6259.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
Internet Manager (HKLM-x32\...\Internet Manager) (Version: 22.001.18.76.55 - Huawei Technologies Co.,Ltd)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version:  - )
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
Lexware Abschreibungsrechner (x32 Version: 14.00.00.0004 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware büro easy 2015 (x32 Version: 28.02.00.0197 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware büro easy plus 2015 (HKLM-x32\...\{3eadd447-88bd-45e6-8410-0b31dcad2556}) (Version: 28.0.0.132 - Haufe-Lexware GmbH & Co.KG)
Lexware Elster (x32 Version: 15.00.00.0056 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Info Service (x32 Version: 5.00.00.0044 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Installations Dienst (x32 Version: 4.00.00.0008 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware online banking (x32 Version: 22.02.00.0040 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware PDF-Export 5 (x32 Version: 5.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Sepa Check (x32 Version: 1.00.00.0003 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Zeiterfassung (x32 Version: 28.00.00.0003 - Haufe-Lexware GmbH & Co.KG) Hidden
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7C39E0D1-E138-42B1-B083-213EC2CF7692}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Samsung Networking Wizard (HKLM-x32\...\{0C485220-4029-48E7-9F27-965DA4A78D5E}) (Version: 1.1.11052.2 - Samsung Electronics Co., Ltd. )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2000.0 - SAMSUNG Electronics Co., Ltd.)
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SolidWorks eDrawings 2011 (HKLM-x32\...\{9402DAC1-447E-49C9-979D-BD5838E709D7}) (Version: 11.4.113 - Dassault Systèmes SolidWorks Corp.)
syncables desktop SE (HKLM-x32\...\{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}) (Version: 5.5.615.9518 - syncables)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM-x32\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Windows Live Anmelde-Assistent (HKLM-x32\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

11-03-2015 19:59:02 Windows Update
12-03-2015 10:18:32 Revo Uninstaller's restore point - ASUS FancyStart
12-03-2015 10:42:26 Removed ASUS FancyStart
12-03-2015 10:46:59 Revo Uninstaller's restore point - Bing Bar
12-03-2015 11:07:01 Revo Uninstaller's restore point - CyberLink LabelPrint
12-03-2015 11:07:37 Konfiguriert LabelPrint
12-03-2015 11:13:30 Revo Uninstaller's restore point - CyberLink Power2Go
12-03-2015 11:13:53 Konfiguriert Power2Go
12-03-2015 11:16:10 Revo Uninstaller's restore point - Lexware lohnauskunft 2009
12-03-2015 11:16:25 Konfiguriert Lexware lohnauskunft 2009
12-03-2015 11:18:01 Revo Uninstaller's restore point - Lexware lohnauskunft 2009
12-03-2015 11:18:21 Revo Uninstaller's restore point - Lexware lohnauskunft 2014
12-03-2015 11:18:55 Removed Lexware lohnauskunft 2014.
12-03-2015 11:21:34 Revo Uninstaller's restore point - Lexware reisekosten 2009
12-03-2015 11:21:47 Konfiguriert Lexware reisekosten 2009
12-03-2015 11:23:13 Revo Uninstaller's restore point - Mozilla Firefox 36.0.1 (x86 de)
12-03-2015 11:27:02 Revo Uninstaller's restore point - Mozilla Firefox 36.0.1 (x86 de)
12-03-2015 11:48:31 Entfernt DELISprint
12-03-2015 11:52:20 Removed RENESIS® Player Browser Plugins
13-03-2015 16:19:53 TuneUp Utilities 2014 wird installiert
13-03-2015 16:20:57 TuneUp Utilities 2014 (de-DE) wird entfernt
17-03-2015 19:28:27 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-03-18 16:29 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {342CD102-1DE5-49AE-A53A-D33ABD85E7BC} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {3A775123-7BDC-4E16-A8B7-6845A96A4083} - System32\Tasks\{1EDF6135-BB20-413E-8288-BC728394B876} => pcalua.exe -a E:\LxSetup.exe -d E:\
Task: {40721C3F-0996-4274-98ED-E888934C6B43} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12] (Google Inc.)
Task: {429C9858-F46A-408D-87D6-64BC0F0C99B0} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] ()
Task: {474683AA-2C5B-46A0-9C72-919F9FB1CBE7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12] (Google Inc.)
Task: {53997FEA-15D2-4E30-B519-F00330284647} - System32\Tasks\{C4D39608-1BDD-4FDC-94D6-2EDA5B93ECA0} => pcalua.exe -a C:\Users\Zeeh\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs <==== ATTENTION
Task: {661E3F48-5794-4F49-9DDE-351E8CF265E6} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-18] (ASUS)
Task: {89E5C935-498B-489D-801A-3E66D5249F0A} - System32\Tasks\SQAKP => C:\ProgramData\9a57dd4bfbdc41d9a41d3b8b62f45107\9a57dd4bfbdc41d9a41d3b8b62f45107.exe
Task: {8EAA276A-C2F3-409E-8546-11C58E4FA00B} - System32\Tasks\{01B8A7C3-9EE9-4DFA-80E2-0171A0BB415D} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2013-07-23] (Microsoft Corporation)
Task: {8F20AF64-5623-47D4-84BD-6771C9B8432C} - System32\Tasks\{1EC1DF85-2F18-4E6E-98F2-7C1D92E46BBA} => pcalua.exe -a F:\aomwin200ea24.exe -d F:\
Task: {9C50DFC0-DC4F-4E99-B900-E921C5344D29} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A3D57154-76E9-41EB-B88A-431B82727931} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C2301F3D-2E4A-4C92-AF9D-A1600BCC6EA2} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-12-24] (ATK)
Task: {EBA787D0-3184-4EAB-9004-F21185C8620B} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {ECA98A70-61E5-4054-8BC5-BBC2BB7E9950} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {F4080C3B-FFD2-4ACA-852D-23B954EBF2C3} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-05] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-08-18 19:25 - 2013-02-05 08:24 - 00671744 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
2014-08-18 19:29 - 2013-02-05 08:25 - 01541120 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe
2010-03-16 02:48 - 2010-03-16 02:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-08-10 23:13 - 2010-08-10 23:13 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2010-08-10 23:13 - 2010-08-10 23:13 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-03-16 02:48 - 2010-03-16 02:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2008-10-01 07:02 - 2008-10-01 07:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2009-12-23 21:12 - 2009-12-23 21:12 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2009-12-19 03:11 - 2009-12-19 03:11 - 00033280 _____ () C:\Program Files\P4G\OvrClk.dll
2009-11-24 21:45 - 2009-11-24 21:45 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2010-08-10 23:46 - 2007-11-30 19:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2010-01-05 01:43 - 2010-01-05 01:43 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2008-10-23 18:21 - 2008-10-23 18:21 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-10 23:32 - 2010-08-10 23:32 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-03-12 19:17 - 2015-03-07 06:57 - 01530184 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-12 19:17 - 2015-03-07 06:57 - 00091976 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2010-02-28 02:33 - 2010-02-28 02:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2015-03-12 19:17 - 2015-03-07 06:57 - 11266888 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll
2014-08-18 19:25 - 2009-01-10 11:32 - 00011362 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll
2014-08-18 19:25 - 2009-06-22 19:42 - 00043008 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll
2014-08-18 19:25 - 2012-10-31 10:11 - 02417152 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll
2014-08-18 19:25 - 2012-10-31 10:14 - 01148416 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll
2014-08-18 19:25 - 2012-10-31 10:33 - 09562624 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtGui4.dll
2014-08-18 19:29 - 2012-10-31 12:14 - 00082944 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qgif4.dll
2014-08-18 19:29 - 2012-10-31 12:16 - 00081920 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qico4.dll
2011-02-01 20:52 - 2011-02-01 20:52 - 11195512 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-09-11 14:09 - 2014-09-11 14:09 - 00176168 _____ () C:\Program Files (x86)\lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2014-09-11 14:09 - 2014-09-11 14:09 - 00043048 _____ () C:\Program Files (x86)\lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:63F29B08

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-1571306010-3709694829-1092883663-500 - Administrator - Disabled)
Gast (S-1-5-21-1571306010-3709694829-1092883663-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1571306010-3709694829-1092883663-1009 - Limited - Enabled)
Zeeh (S-1-5-21-1571306010-3709694829-1092883663-1000 - Administrator - Enabled) => C:\Users\Zeeh

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/20/2015 10:56:58 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/20/2015 09:40:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/20/2015 09:40:17 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/20/2015 09:40:06 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (03/20/2015 07:20:42 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/20/2015 07:19:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (03/20/2015 07:19:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht.


Microsoft Office Sessions:
=========================
Error: (03/20/2015 10:56:58 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (03/20/2015 09:40:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Zeeh\Desktop\esetsmartinstaller_deu.exe

Error: (03/20/2015 09:40:17 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Zeeh\Desktop\esetsmartinstaller_deu.exe

Error: (03/20/2015 09:40:06 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Zeeh\Desktop\esetsmartinstaller_deu.exe


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz
Percentage of memory in use: 59%
Total physical RAM: 3948.54 MB
Available physical RAM: 1596.05 MB
Total Pagefile: 9946.73 MB
Available Pagefile: 6872.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:149.04 GB) (Free:93.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:427.59 GB) (Free:427.23 GB) NTFS
Drive h: () (Removable) (Total:3.74 GB) (Free:3.73 GB) FAT32
Drive z: (OS) (Network) (Total:149.04 GB) (Free:93.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=427.6 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 9C744D6B)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)

==================== End Of Log ============================
         
und ja, die Probleme bestehen nach wie vor


Alt 21.03.2015, 09:55   #14
schrauber
/// the machine
/// TB-Ausbilder
 

bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt - Standard

bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt



Java und Adobe updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Zeeh\AppData\Local\Mozilla\Firefox\Profiles\3aglzgxk.default\cache2\entries\0A811E3627C260AED9D6F553C616C77DE827FE54

C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default\extensions\veggy@veggyAddon.com\chrome\content\main.js

C:\Users\Zeeh\Downloads\gimp.exe

C:\Users\Zeeh\Downloads\m4a-to80-mp3-converter.exe

C:\Users\Zeeh\Downloads\PDFCreator-1_7_0_setup.exe

C:\Users\Zeeh\Downloads\Picture Converter - CHIP-Installer.exe

C:\Users\Zeeh\Downloads\ReimageRepair.exe

C:\Users\Zeeh\Downloads\speedupmypc.exe
Task: {53997FEA-15D2-4E30-B519-F00330284647} - System32\Tasks\{C4D39608-1BDD-4FDC-94D6-2EDA5B93ECA0} => pcalua.exe -a C:\Users\Zeeh\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs <==== ATTENTION
C:\Users\Zeeh\AppData\Roaming\webssearches
Tcpip\..\Interfaces\{71D837ED-CC19-43D6-85CD-C31CF2544AFB}: [NameServer] 10.28.253.1
Tcpip\..\Interfaces\{7C558398-EC4A-4217-8340-B8175260889E}: [NameServer] 10.74.210.210 10.74.210.211
Tcpip\..\Interfaces\{EA51E0A4-6976-447B-9AFB-E271A9B20C96}: [NameServer] 10.74.210.210 10.74.210.211
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen



Frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.03.2015, 17:00   #15
team
 
bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt - Standard

bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Zeeh at 2015-03-22 15:59:02 Run:1
Running from C:\Users\Zeeh\Downloads
Loaded Profiles: Zeeh (Available profiles: Zeeh)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Zeeh\AppData\Local\Mozilla\Firefox\Profiles\3aglzgxk.default\cache2\entries\0A811E3627C260AED9D6F553C616C77DE827FE54

C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default\extensions\veggy@veggyAddon.com\chrome\content\main.js

C:\Users\Zeeh\Downloads\gimp.exe

C:\Users\Zeeh\Downloads\m4a-to80-mp3-converter.exe

C:\Users\Zeeh\Downloads\PDFCreator-1_7_0_setup.exe

C:\Users\Zeeh\Downloads\Picture Converter - CHIP-Installer.exe

C:\Users\Zeeh\Downloads\ReimageRepair.exe

C:\Users\Zeeh\Downloads\speedupmypc.exe
Task: {53997FEA-15D2-4E30-B519-F00330284647} - System32\Tasks\{C4D39608-1BDD-4FDC-94D6-2EDA5B93ECA0} => pcalua.exe -a C:\Users\Zeeh\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs <==== ATTENTION
C:\Users\Zeeh\AppData\Roaming\webssearches
Tcpip\..\Interfaces\{71D837ED-CC19-43D6-85CD-C31CF2544AFB}: [NameServer] 10.28.253.1
Tcpip\..\Interfaces\{7C558398-EC4A-4217-8340-B8175260889E}: [NameServer] 10.74.210.210 10.74.210.211
Tcpip\..\Interfaces\{EA51E0A4-6976-447B-9AFB-E271A9B20C96}: [NameServer] 10.74.210.210 10.74.210.211
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
Emptytemp:
         
*****************

"C:\Users\Zeeh\AppData\Local\Mozilla\Firefox\Profiles\3aglzgxk.default\cache2\entries\0A811E3627C260AED9D6F553C616C77DE827FE54" => File/Directory not found.
"C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default\extensions\veggy@veggyAddon.com\chrome\content\main.js" => File/Directory not found.
"C:\Users\Zeeh\Downloads\gimp.exe" => File/Directory not found.
"C:\Users\Zeeh\Downloads\m4a-to80-mp3-converter.exe" => File/Directory not found.
"C:\Users\Zeeh\Downloads\PDFCreator-1_7_0_setup.exe" => File/Directory not found.
"C:\Users\Zeeh\Downloads\Picture Converter - CHIP-Installer.exe" => File/Directory not found.
"C:\Users\Zeeh\Downloads\ReimageRepair.exe" => File/Directory not found.
"C:\Users\Zeeh\Downloads\speedupmypc.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53997FEA-15D2-4E30-B519-F00330284647}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53997FEA-15D2-4E30-B519-F00330284647}" => Key deleted successfully.
C:\Windows\System32\Tasks\{C4D39608-1BDD-4FDC-94D6-2EDA5B93ECA0} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C4D39608-1BDD-4FDC-94D6-2EDA5B93ECA0}" => Key deleted successfully.
"C:\Users\Zeeh\AppData\Roaming\webssearches" => File/Directory not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{71D837ED-CC19-43D6-85CD-C31CF2544AFB}\\NameServer => value deleted successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7C558398-EC4A-4217-8340-B8175260889E}\\NameServer => value deleted successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EA51E0A4-6976-447B-9AFB-E271A9B20C96}\\NameServer => value deleted successfully.
tmlwf => Service deleted successfully.
tmwfp => Service deleted successfully.
EmptyTemp: => Removed 1020.5 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 16:02:54 ====
         


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Zeeh (administrator) on ZEEH-PC on 22-03-2015 16:55:12
Running from C:\Users\Zeeh\Downloads
Loaded Profiles: Zeeh (Available profiles: Zeeh)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\lexware\Update Service\Hmg.InstallationService.Service.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Windows\AsScrPro.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
(Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\lexware\Update Manager\LxUpdateManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Farbar) C:\Users\Zeeh\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-27] (IDT, Inc.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [391240 2010-12-06] (Acronis)
HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-08-10] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-11-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-27] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-20] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [SAOB Monitor] => C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2570688 2010-11-16] (Acronis)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5583056 2011-02-01] (Acronis)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [196648 2014-09-26] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\Run: [Syncables] => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-04-05] (syncables, LLC)
HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\Run: [AVMUSBFernanschluss] => C:\Users\Zeeh\AppData\Local\Apps\2.0\5H6GP0O6.A8T\ODMZ84MY.LH2\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe [139264 2012-12-30] (AVM Berlin)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Zeeh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1571306010-3709694829-1092883663-1000 -> {393DB63D-0E30-47F8-9F47-71AA303F4DE0} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1571306010-3709694829-1092883663-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-22] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-22] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1571306010-3709694829-1092883663-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\0x7g321o.default-1427039512945
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-01] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-01] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-01] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\0x7g321o.default-1427039512945\user.js [2015-03-22]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR Profile: C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-12]
CHR Extension: (Google Docs) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-12]
CHR Extension: (Google Drive) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-12]
CHR Extension: (YouTube) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-12]
CHR Extension: (Adblock Plus) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-22]
CHR Extension: (Google Search) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-12]
CHR Extension: (Kaspersky Protection) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-03-12]
CHR Extension: (Google Sheets) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-12]
CHR Extension: (Gmail) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-12]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 ICM_UpdaterService; C:\Program Files (x86)\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe [204883 2011-03-18] () [File not signed]
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [671744 2013-02-05] () [File not signed]
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [64552 2014-10-02] (Haufe-Lexware GmbH & Co. KG)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 MSSQL$JTLWAWI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe [243712 2009-11-27] (IDT, Inc.)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116480 2012-12-30] (AVM Berlin)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [85048 2009-12-14] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66104 2009-12-14] (Infowatch)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [245248 2013-04-10] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-01-01] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-01-01] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-08-12] ()
S3 SoehnleComfort; C:\Windows\System32\Drivers\SoehnleComfort_x64.sys [38400 2011-04-20] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Zeeh\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-22 16:51 - 2015-03-22 16:51 - 00000000 ____D () C:\Users\Zeeh\Desktop\Alte Firefox-Daten
2015-03-22 16:48 - 2015-03-22 16:48 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-22 16:48 - 2015-03-22 16:48 - 00001113 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-22 16:48 - 2015-03-22 16:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-22 16:47 - 2015-03-22 16:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-22 16:44 - 2015-03-22 16:44 - 01203488 _____ () C:\Users\Zeeh\Desktop\Firefox - CHIP-Installer.exe
2015-03-22 16:09 - 2015-03-22 16:09 - 00001230 _____ () C:\Users\Zeeh\Desktop\Revo Uninstaller.lnk
2015-03-22 16:08 - 2015-03-22 16:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Zeeh\Desktop\revosetup95.exe
2015-03-22 15:51 - 2015-03-22 15:51 - 00002132 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-03-22 15:51 - 2015-03-22 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-03-22 15:51 - 2015-03-22 15:51 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-03-22 15:51 - 2015-03-22 15:51 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2015-03-22 15:50 - 2015-03-22 15:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-03-22 15:50 - 2015-03-22 15:50 - 00001981 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-03-22 15:38 - 2015-03-22 15:37 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-03-22 15:35 - 2015-03-22 15:36 - 42925480 _____ (Oracle Corporation) C:\Users\Zeeh\Desktop\jre-8u40-windows-x64.exe
2015-03-21 09:24 - 2015-03-21 09:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\379B00F2.sys
2015-03-20 08:47 - 2015-03-20 08:47 - 00934566 _____ () C:\Users\Zeeh\Downloads\adblock_plus-2.6.7-sm_tb_fx_an.zip
2015-03-19 15:59 - 2015-03-19 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-19 15:59 - 2015-03-19 15:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-19 15:59 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-19 15:59 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-18 16:33 - 2015-03-18 16:33 - 00026272 _____ () C:\ComboFix.txt
2015-03-18 16:18 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-18 16:18 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-18 16:18 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-18 16:18 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-18 16:18 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-18 16:18 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-18 16:18 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-18 16:18 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-18 16:16 - 2015-03-18 16:33 - 00000000 ____D () C:\Qoobox
2015-03-18 16:16 - 2015-03-18 16:31 - 00000000 ____D () C:\Windows\erdnt
2015-03-17 18:59 - 2015-03-19 15:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-17 18:59 - 2015-03-18 07:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-17 18:58 - 2015-03-22 16:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-17 18:57 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-14 19:01 - 2015-03-20 11:12 - 00034012 _____ () C:\Users\Zeeh\Downloads\Addition.txt
2015-03-13 16:20 - 2015-03-13 16:20 - 02095616 _____ (Farbar) C:\Users\Zeeh\Downloads\FRST64 (1).exe
2015-03-13 16:19 - 2015-03-13 16:21 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-03-13 16:19 - 2015-03-13 16:19 - 28598072 _____ (TuneUp Software) C:\Users\Zeeh\Downloads\TuneUpUtilities2014_de-DE.exe
2015-03-13 16:19 - 2015-03-13 16:19 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-03-13 08:44 - 2015-03-13 08:45 - 40824144 _____ () C:\Users\Zeeh\Downloads\Firefox_Setup_36.0.1.exe
2015-03-12 19:17 - 2015-03-22 14:45 - 00002137 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-12 19:15 - 2015-03-22 16:20 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-12 19:15 - 2015-03-22 16:04 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-12 19:15 - 2015-03-12 19:15 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-12 19:15 - 2015-03-12 19:15 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-12 19:11 - 2015-03-12 19:11 - 00880208 _____ (Google Inc.) C:\Users\Zeeh\Downloads\ChromeSetup (1).exe
2015-03-12 12:36 - 2015-03-12 12:36 - 02171392 _____ () C:\Users\Zeeh\Downloads\adwcleaner_4.112.exe
2015-03-11 20:23 - 2015-03-11 20:23 - 00032768 _____ () C:\Windows\SysWOW64\persistent_q.db-shm
2015-03-11 20:23 - 2015-03-11 20:23 - 00003176 _____ () C:\Windows\SysWOW64\persistent_q.db-wal
2015-03-11 20:23 - 2015-03-11 20:23 - 00001024 _____ () C:\Windows\SysWOW64\persistent_q.db
2015-03-11 15:12 - 2015-03-11 15:12 - 02367242 _____ () C:\Users\Zeeh\Desktop\froogle.txt
2015-03-11 08:17 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 08:17 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 08:17 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 08:17 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 08:17 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 08:17 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 08:17 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 08:17 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 08:17 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 08:17 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 08:17 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 08:17 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 08:17 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 08:17 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 08:17 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 08:17 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 08:17 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 08:17 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 08:17 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 08:17 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 08:17 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 08:17 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 08:17 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 08:17 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 08:17 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 08:17 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 08:17 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 08:17 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 08:17 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 08:17 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 08:17 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 08:17 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 08:17 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 08:17 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 08:17 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 08:17 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 08:16 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 08:16 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 08:15 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 08:15 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 08:15 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 08:15 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 08:15 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 08:15 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 08:15 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 08:15 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 08:15 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 08:15 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 08:15 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 08:15 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 08:15 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 08:15 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 08:15 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 08:15 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 08:15 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 08:15 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 08:15 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 08:15 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 08:15 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 08:15 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 08:15 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 08:15 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 08:15 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 08:15 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 08:15 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 08:15 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 08:15 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 08:15 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 08:15 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 08:15 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 08:15 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 08:15 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 08:15 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 08:15 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 08:15 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 08:15 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 08:15 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 08:15 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 08:15 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 08:15 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 08:15 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 08:15 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 08:15 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 08:15 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 08:15 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 08:15 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 08:15 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 08:15 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 08:15 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 08:15 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 08:15 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 08:15 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 08:15 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 08:15 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 08:15 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 08:15 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 08:15 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 08:15 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 08:15 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 08:15 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 08:15 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 08:15 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 08:15 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 08:15 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 08:15 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 08:15 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 08:15 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 08:15 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 08:15 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 08:15 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 08:15 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 08:15 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 08:15 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 08:15 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 08:15 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 08:15 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 08:15 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 08:15 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 08:15 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-08 16:25 - 2015-03-08 16:25 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-08 16:24 - 2015-03-08 16:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Zeeh\Downloads\revosetup95.exe
2015-03-08 16:20 - 2015-03-22 16:56 - 00022383 _____ () C:\Users\Zeeh\Downloads\FRST.txt
2015-03-08 16:19 - 2015-03-22 16:55 - 00000000 ____D () C:\FRST
2015-03-08 16:19 - 2015-03-08 16:19 - 02095104 _____ (Farbar) C:\Users\Zeeh\Downloads\FRST64.exe
2015-03-07 22:41 - 2015-03-07 22:41 - 00093359 _____ () C:\Users\Zeeh\Downloads\Invoice_Jan-16-15_Feb-15-15.csv
2015-03-06 17:33 - 2015-03-19 16:54 - 00000000 ____D () C:\AdwCleaner
2015-03-02 11:58 - 2015-03-02 11:58 - 00029696 _____ () C:\Users\Zeeh\Documents\froogle.xls
2015-03-01 13:15 - 2015-03-21 10:51 - 00017842 _____ () C:\Users\Zeeh\Desktop\Artesano-Wollliste.xlsx
2015-03-01 13:15 - 2015-03-02 12:01 - 00018899 _____ () C:\Users\Zeeh\Documents\Artesano-Wollliste.xlsx
2015-02-26 07:40 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-26 07:40 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-26 07:40 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-26 07:40 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-26 07:36 - 2015-02-26 07:38 - 00000000 ____D () C:\Program Files (x86)\Bookmark Search
2015-02-25 19:50 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 19:50 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-22 16:31 - 2015-01-20 14:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-22 16:12 - 2010-08-10 22:48 - 01944704 _____ () C:\Windows\WindowsUpdate.log
2015-03-22 16:12 - 2009-07-14 05:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-22 16:12 - 2009-07-14 05:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-22 16:06 - 2011-03-09 08:42 - 00000000 ____D () C:\Users\Zeeh\AppData\Local\Deployment
2015-03-22 16:04 - 2015-01-23 08:57 - 00006339 _____ () C:\Windows\setupact.log
2015-03-22 16:04 - 2015-01-23 08:56 - 00029812 _____ () C:\Windows\PFRO.log
2015-03-22 16:04 - 2011-01-01 17:18 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-22 16:04 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-22 15:53 - 2010-12-31 14:04 - 00000000 ____D () C:\Users\Zeeh\AppData\Local\Adobe
2015-03-22 15:50 - 2010-08-10 23:10 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-22 15:50 - 2010-08-10 23:10 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-22 15:37 - 2013-11-25 07:47 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-22 15:37 - 2013-11-25 07:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-22 15:37 - 2011-01-05 09:47 - 00000000 ____D () C:\Program Files\Java
2015-03-22 15:24 - 2011-01-03 04:41 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1B35FCC2-2D8D-4E4D-A77B-606E14FE5BEB}
2015-03-21 19:19 - 2015-02-16 08:35 - 00000000 ____D () C:\Users\Zeeh\Documents\DHL-Reklamationen
2015-03-21 19:19 - 2010-12-30 23:10 - 00000000 ____D () C:\Users\Zeeh\AppData\Roaming\SoftGrid Client
2015-03-21 11:12 - 2010-12-31 14:43 - 00000000 ____D () C:\ProgramData\Lexware
2015-03-20 08:11 - 2014-01-14 14:21 - 00258108 _____ () C:\Users\Zeeh\Desktop\Bestandsliste Perfect Petzzz.xlsx
2015-03-20 07:47 - 2013-05-10 16:31 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine SUN
2015-03-19 16:52 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-19 16:38 - 2010-08-10 23:45 - 00001754 _____ () C:\Windows\system32\ServiceFilter.ini
2015-03-19 16:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-03-19 10:44 - 2013-11-06 14:20 - 00036547 _____ () C:\Users\Zeeh\Desktop\Bestellformular Beleduc.xlsx
2015-03-18 16:37 - 2011-03-09 08:42 - 00000000 ____D () C:\Users\Zeeh\AppData\Local\Apps\2.0
2015-03-18 16:29 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-18 07:46 - 2015-01-23 08:59 - 00088895 _____ () C:\Windows\avmacc.log
2015-03-17 19:33 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media
2015-03-17 09:05 - 2011-01-01 14:23 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2015-03-16 16:25 - 2013-12-08 08:49 - 00017082 _____ () C:\Users\Zeeh\Desktop\monatliche Kosten.xlsx
2015-03-16 14:36 - 2014-05-26 10:47 - 00015663 _____ () C:\Users\Zeeh\Desktop\Bestellschein PerfectPetzzz EUR.xlsx
2015-03-16 07:42 - 2013-06-03 08:47 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine Uniwood
2015-03-16 07:41 - 2013-07-19 08:51 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine Kaden
2015-03-13 11:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 19:17 - 2010-08-10 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-12 19:17 - 2010-08-10 23:12 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-12 15:52 - 2010-12-30 22:33 - 00000000 ____D () C:\Users\Zeeh\AppData\Local\Google
2015-03-12 11:55 - 2010-08-10 23:45 - 00002476 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-03-12 11:49 - 2010-08-10 23:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-12 11:22 - 2010-12-31 14:44 - 00000000 ____D () C:\Program Files (x86)\lexware
2015-03-12 11:22 - 2010-12-31 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2015-03-12 11:15 - 2010-08-10 23:08 - 00000000 ____D () C:\ProgramData\CyberLink
2015-03-12 10:42 - 2010-08-10 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2015-03-12 10:42 - 2010-08-10 23:13 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-03-12 08:31 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-12 08:29 - 2015-01-23 08:56 - 00307104 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 08:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 08:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 20:17 - 2013-07-14 10:08 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 20:01 - 2011-01-09 17:52 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 07:55 - 2014-08-20 18:04 - 00819896 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-03-10 10:31 - 2009-08-04 10:51 - 00715658 _____ () C:\Windows\system32\perfh007.dat
2015-03-10 10:31 - 2009-08-04 10:51 - 00156312 _____ () C:\Windows\system32\perfc007.dat
2015-03-10 10:31 - 2009-07-14 06:13 - 01660372 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-10 10:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-08 16:40 - 2012-04-29 20:52 - 00000000 ____D () C:\Program Files (x86)\CEWE COLOR
2015-03-06 17:36 - 2011-01-01 15:11 - 00000000 ____D () C:\Windows\system32\log
2015-03-04 17:29 - 2015-01-22 11:05 - 00012247 _____ () C:\Users\Zeeh\Documents\Antje-Lohn.xlsx
2015-02-26 08:49 - 2011-01-01 17:17 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-02-26 08:30 - 2013-05-10 16:33 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine Rülke
2015-02-25 07:49 - 2013-05-10 16:33 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine SINA
2015-02-24 17:15 - 2013-03-16 21:20 - 00000000 ____D () C:\Users\Zeeh\Desktop\Bilder
2015-02-23 17:41 - 2011-05-20 21:20 - 00068744 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2015-02-23 13:47 - 2011-03-05 18:38 - 00017150 _____ () C:\Users\Zeeh\Documents\Darlehen.xlsx
2015-02-23 12:06 - 2011-02-14 08:52 - 00000000 __RSD () C:\Users\Zeeh\Documents\My Stationery

==================== Files in the root of some directories =======

2015-02-06 09:17 - 2015-02-06 09:17 - 0000020 _____ () C:\Users\Zeeh\AppData\Roaming\appdataFr3.bin
2012-12-30 13:11 - 2012-12-30 13:11 - 0017408 _____ () C:\Users\Zeeh\AppData\Local\WebpageIcons.db
2010-08-10 23:16 - 2009-12-24 13:38 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-08-10 23:09 - 2010-08-10 23:10 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-08-10 23:09 - 2010-08-10 23:09 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-15 11:04

==================== End Of Log ============================
         
--- --- ---



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Zeeh at 2015-03-22 16:57:14
Running from C:\Users\Zeeh\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Acronis*True*Image*Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6696 - Acronis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\{1F5E5F2E-5E61-431D-B796-58CCC6B68E28}) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.27 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS USB2.0 UVC VGA WebCam (HKLM\...\ASUS USB2.0 UVC VGA WebCam) (Version: 5.8.53120.202 - Sonix)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ATI Catalyst Install Manager (HKLM\...\{80AB4395-42E3-D0B3-A310-6F0A6BD9709B}) (Version: 3.0.750.0 - ATI Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0001 - ASUS)
Body Balance Comfort Select Software (HKLM-x32\...\{74B92B80-C11A-4DD0-884C-A532B788C2D4}) (Version: 1.0.0 - Leifheit AG)
Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
Brother MFL-Pro Suite DCP-9055CDN (HKLM-x32\...\{979742CC-2CBB-49D8-9BEE-C2F7875F5393}) (Version: 1.1.5.0 - Brother Industries, Ltd.)
ccc-core-static (x32 Version: 2009.1111.1543.28169 - ATI) Hidden
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version:  - )
Express Rip (HKLM-x32\...\ExpressRip) (Version: 1.94 - NCH Software)
Fahrtenbuch.net 1.5.12 (HKLM-x32\...\Fahrtenbuch.net_is1) (Version:  - COMputer.INTernet.SOftware Tobias Schiek)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
FileZilla Client 3.2.7.1 (HKLM-x32\...\FileZilla Client) (Version: 3.2.7.1 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6259.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
Internet Manager (HKLM-x32\...\Internet Manager) (Version: 22.001.18.76.55 - Huawei Technologies Co.,Ltd)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version:  - )
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
Lexware Abschreibungsrechner (x32 Version: 14.00.00.0004 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware büro easy 2015 (x32 Version: 28.02.00.0197 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware büro easy plus 2015 (HKLM-x32\...\{3eadd447-88bd-45e6-8410-0b31dcad2556}) (Version: 28.0.0.132 - Haufe-Lexware GmbH & Co.KG)
Lexware Elster (x32 Version: 15.00.00.0056 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Info Service (x32 Version: 5.00.00.0044 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Installations Dienst (x32 Version: 4.00.00.0008 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware online banking (x32 Version: 22.02.00.0040 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware PDF-Export 5 (x32 Version: 5.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Sepa Check (x32 Version: 1.00.00.0003 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Zeiterfassung (x32 Version: 28.00.00.0003 - Haufe-Lexware GmbH & Co.KG) Hidden
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7C39E0D1-E138-42B1-B083-213EC2CF7692}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Networking Wizard (HKLM-x32\...\{0C485220-4029-48E7-9F27-965DA4A78D5E}) (Version: 1.1.11052.2 - Samsung Electronics Co., Ltd. )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2000.0 - SAMSUNG Electronics Co., Ltd.)
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SolidWorks eDrawings 2011 (HKLM-x32\...\{9402DAC1-447E-49C9-979D-BD5838E709D7}) (Version: 11.4.113 - Dassault Systèmes SolidWorks Corp.)
syncables desktop SE (HKLM-x32\...\{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}) (Version: 5.5.615.9518 - syncables)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM-x32\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Windows Live Anmelde-Assistent (HKLM-x32\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

12-03-2015 11:21:47 Konfiguriert Lexware reisekosten 2009
12-03-2015 11:23:13 Revo Uninstaller's restore point - Mozilla Firefox 36.0.1 (x86 de)
12-03-2015 11:27:02 Revo Uninstaller's restore point - Mozilla Firefox 36.0.1 (x86 de)
12-03-2015 11:48:31 Entfernt DELISprint
12-03-2015 11:52:20 Removed RENESIS® Player Browser Plugins
13-03-2015 16:19:53 TuneUp Utilities 2014 wird installiert
13-03-2015 16:20:57 TuneUp Utilities 2014 (de-DE) wird entfernt
17-03-2015 19:28:27 Malwarebytes Anti-Rootkit Restore Point
22-03-2015 16:12:30 Revo Uninstaller's restore point - Mozilla Firefox 36.0.1 (x86 de)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-03-18 16:29 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {342CD102-1DE5-49AE-A53A-D33ABD85E7BC} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {3A775123-7BDC-4E16-A8B7-6845A96A4083} - System32\Tasks\{1EDF6135-BB20-413E-8288-BC728394B876} => pcalua.exe -a E:\LxSetup.exe -d E:\
Task: {40721C3F-0996-4274-98ED-E888934C6B43} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12] (Google Inc.)
Task: {429C9858-F46A-408D-87D6-64BC0F0C99B0} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] ()
Task: {474683AA-2C5B-46A0-9C72-919F9FB1CBE7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12] (Google Inc.)
Task: {661E3F48-5794-4F49-9DDE-351E8CF265E6} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-18] (ASUS)
Task: {89E5C935-498B-489D-801A-3E66D5249F0A} - System32\Tasks\SQAKP => C:\ProgramData\9a57dd4bfbdc41d9a41d3b8b62f45107\9a57dd4bfbdc41d9a41d3b8b62f45107.exe
Task: {8EAA276A-C2F3-409E-8546-11C58E4FA00B} - System32\Tasks\{01B8A7C3-9EE9-4DFA-80E2-0171A0BB415D} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2013-07-23] (Microsoft Corporation)
Task: {8F20AF64-5623-47D4-84BD-6771C9B8432C} - System32\Tasks\{1EC1DF85-2F18-4E6E-98F2-7C1D92E46BBA} => pcalua.exe -a F:\aomwin200ea24.exe -d F:\
Task: {9C50DFC0-DC4F-4E99-B900-E921C5344D29} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A3D57154-76E9-41EB-B88A-431B82727931} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C2301F3D-2E4A-4C92-AF9D-A1600BCC6EA2} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-12-24] (ATK)
Task: {EBA787D0-3184-4EAB-9004-F21185C8620B} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {ECA98A70-61E5-4054-8BC5-BBC2BB7E9950} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {F4080C3B-FFD2-4ACA-852D-23B954EBF2C3} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-05] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-08-18 19:25 - 2013-02-05 08:24 - 00671744 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
2014-08-18 19:29 - 2013-02-05 08:25 - 01541120 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe
2008-10-01 07:02 - 2008-10-01 07:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2009-11-24 21:45 - 2009-11-24 21:45 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2009-12-23 21:12 - 2009-12-23 21:12 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2009-12-19 03:11 - 2009-12-19 03:11 - 00033280 _____ () C:\Program Files\P4G\OvrClk.dll
2010-08-10 23:46 - 2007-11-30 19:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2010-01-05 01:43 - 2010-01-05 01:43 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-03-16 02:48 - 2010-03-16 02:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2008-10-23 18:21 - 2008-10-23 18:21 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-10 23:32 - 2010-08-10 23:32 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-03-16 02:48 - 2010-03-16 02:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-08-10 23:13 - 2010-08-10 23:13 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2010-08-10 23:13 - 2010-08-10 23:13 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2015-03-22 14:45 - 2015-03-14 11:02 - 01530184 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-22 14:45 - 2015-03-14 11:02 - 00091976 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-22 14:45 - 2015-03-14 11:02 - 11266888 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll
2014-08-18 19:25 - 2009-01-10 11:32 - 00011362 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll
2014-08-18 19:25 - 2009-06-22 19:42 - 00043008 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll
2014-08-18 19:25 - 2012-10-31 10:11 - 02417152 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll
2014-08-18 19:25 - 2012-10-31 10:14 - 01148416 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll
2014-08-18 19:25 - 2012-10-31 10:33 - 09562624 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtGui4.dll
2014-08-18 19:29 - 2012-10-31 12:14 - 00082944 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qgif4.dll
2014-08-18 19:29 - 2012-10-31 12:16 - 00081920 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qico4.dll
2011-02-01 20:52 - 2011-02-01 20:52 - 11195512 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll
2014-09-11 14:09 - 2014-09-11 14:09 - 00176168 _____ () C:\Program Files (x86)\lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2014-09-11 14:09 - 2014-09-11 14:09 - 00043048 _____ () C:\Program Files (x86)\lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:63F29B08

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-1571306010-3709694829-1092883663-500 - Administrator - Disabled)
Gast (S-1-5-21-1571306010-3709694829-1092883663-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1571306010-3709694829-1092883663-1009 - Limited - Enabled)
Zeeh (S-1-5-21-1571306010-3709694829-1092883663-1000 - Administrator - Enabled) => C:\Users\Zeeh

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/22/2015 03:59:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.1.5542, Zeitstempel: 0x54f851c0
Name des fehlerhaften Moduls: mozalloc.dll, Version: 36.0.1.5542, Zeitstempel: 0x54f8437e
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001e02
ID des fehlerhaften Prozesses: 0x1188
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (03/22/2015 03:59:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.1.5542, Zeitstempel: 0x54f851c0
Name des fehlerhaften Moduls: mozalloc.dll, Version: 36.0.1.5542, Zeitstempel: 0x54f8437e
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001e02
ID des fehlerhaften Prozesses: 0x119c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (03/22/2015 03:59:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.1.5542, Zeitstempel: 0x54f851c0
Name des fehlerhaften Moduls: mozalloc.dll, Version: 36.0.1.5542, Zeitstempel: 0x54f8437e
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001e02
ID des fehlerhaften Prozesses: 0x1de4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (03/21/2015 09:09:21 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (03/20/2015 10:56:58 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/20/2015 09:40:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/20/2015 09:40:17 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/20/2015 09:40:06 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (03/22/2015 04:05:38 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/22/2015 04:04:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (03/22/2015 04:04:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht.

Error: (03/22/2015 03:22:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Gemeinsame Nutzung der Internetverbindung" wurde nicht richtig gestartet.

Error: (03/22/2015 03:20:33 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/22/2015 03:20:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Lexware Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (03/22/2015 03:20:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Lexware Update Service erreicht.

Error: (03/22/2015 03:19:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (03/22/2015 03:19:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht.

Error: (03/22/2015 03:19:01 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎22.‎03.‎2015 um 15:10:36 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (03/22/2015 03:59:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.1.554254f851c0mozalloc.dll36.0.1.554254f8437e8000000300001e02118801d064ae8f101c3cC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll034dae8e-d0a4-11e4-8ca8-20cf3034dee3

Error: (03/22/2015 03:59:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.1.554254f851c0mozalloc.dll36.0.1.554254f8437e8000000300001e02119c01d064ae8ec65194C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll034d877e-d0a4-11e4-8ca8-20cf3034dee3

Error: (03/22/2015 03:59:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.1.554254f851c0mozalloc.dll36.0.1.554254f8437e8000000300001e021de401d064ae8d95a170C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllfb4743f2-d0a3-11e4-8ca8-20cf3034dee3

Error: (03/21/2015 09:09:21 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (03/20/2015 10:56:58 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (03/20/2015 09:40:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Zeeh\Desktop\esetsmartinstaller_deu.exe

Error: (03/20/2015 09:40:17 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Zeeh\Desktop\esetsmartinstaller_deu.exe

Error: (03/20/2015 09:40:06 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Zeeh\Desktop\esetsmartinstaller_deu.exe


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz
Percentage of memory in use: 50%
Total physical RAM: 3948.54 MB
Available physical RAM: 1938.91 MB
Total Pagefile: 9946.73 MB
Available Pagefile: 7054.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:149.04 GB) (Free:94.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:427.59 GB) (Free:427.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=427.6 GB) - (Type=OF Extended)

==================== End Of Log ============================
         

Es funktioniert jetzt erstmal alles wieder. Ich hoffe es bleibt so.

Vielen Dank für die Hilfe.

Antwort

Themen zu bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt
deinstallieren, fehlercode 0x80000003, fehlercode 0xc0000005, fraudtool.yac, pup.optional.cleanbrowser.a, pup.optional.colormedia.a, pup.optional.multiplug, pup.optional.shopperz.a, pup.optional.spigot.a, pup.optional.winsock.hijack, pup.optional.zombieinvasion.a, pup.optional.zombienews.a, rogue.multiple, this device cannot start. (code10), ungefragt, werbeseite, win32/adware.multiplug.fl, win32/adware.piccolor.m, win32/elex.bm, win32/toolbar.perion.k, win32/toolbar.widgi, win32/toolbar.widgi.a, win64/adware.multiplug.g, win64/toolbar.widgi.a, win64/toolbar.widgi.b




Ähnliche Themen: bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt


  1. Unbekannter Trojaner in Firefox und I-Explorer, Seiten frieren ein, Werbung erscheint.
    Plagegeister aller Art und deren Bekämpfung - 07.09.2015 (7)
  2. Firefox, Wörter doppelt blau unterstrichen, Werbung an den Seiten und am unteren Bildschirmrand
    Log-Analyse und Auswertung - 05.08.2015 (19)
  3. Windows 7: es öffnet ständig Werbefenster, Webseiten werden auf Werbung umgeleitet, Wörter sind z.T unterstrichen.
    Log-Analyse und Auswertung - 13.11.2014 (11)
  4. Firefox, einzelne Wörter in blauer Schrift und doppelt unterstrichen, beim Hoovern erscheint ein Popup/Werbung
    Log-Analyse und Auswertung - 12.07.2014 (17)
  5. Ständig Werbung eingeblendet, mehrere Seiten werden geöffnet
    Plagegeister aller Art und deren Bekämpfung - 01.07.2014 (5)
  6. Windows 8.1, Firefox, Wörter doppelt blau unterstrichen, Werbung an den Seiten und am unteren Bildschirmrand
    Plagegeister aller Art und deren Bekämpfung - 06.06.2014 (12)
  7. Unerwünschte, leere Pop-up Fenster erscheinen und Wörter sind unterstrichen und verlinkt
    Log-Analyse und Auswertung - 03.06.2014 (21)
  8. [Google Chrome]Neue Seiten öffnen sich automatisch ( Werbung ) zufällige wörter jeder Internet seiten sind mit URL's verseht
    Plagegeister aller Art und deren Bekämpfung - 01.04.2014 (5)
  9. Windows XP Werbung wird ungefragt geöffnet
    Log-Analyse und Auswertung - 12.01.2014 (3)
  10. mozilla firefox werbung auf allen seiten
    Plagegeister aller Art und deren Bekämpfung - 08.01.2014 (13)
  11. Unerwünschte, leere Pop-up Fenster erscheinen und Wörter sind unterstrichen und verlinkt
    Log-Analyse und Auswertung - 20.11.2013 (9)
  12. Mozilla Firefox: überall Werbung, unterstrichene Wörter mit Links, Weiterleitung zu Links
    Plagegeister aller Art und deren Bekämpfung - 23.10.2013 (11)
  13. Win7: Webseiten werden mit Werbung verlinkt; Suchmaschinen-ergebnisse sind infiziert (monstermarketplace.com)
    Log-Analyse und Auswertung - 02.09.2013 (23)
  14. Wörter werden verlinkt und ein Werbefenster ploppt auf..
    Plagegeister aller Art und deren Bekämpfung - 03.07.2013 (3)
  15. Wörter sind verlinkt und führen clickcompage.info
    Plagegeister aller Art und deren Bekämpfung - 07.06.2013 (9)
  16. es wird ständig werbung geöffnet (mozilla firefox)
    Log-Analyse und Auswertung - 02.01.2010 (5)
  17. mozilla verlinkt auf falsche seiten
    Log-Analyse und Auswertung - 29.07.2009 (6)

Zum Thema bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt - Hallo, ich brauche dringend Hilfe. Seit ein paar Tagen habe ich Probleme mit Mozilla Firefox. Beim Öffnen einer Seite werden im Hintergrund noch andere Werbeseiten geöffnet. Es erscheinen auf dem - bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt...
Archiv
Du betrachtest: bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.