Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Positiver Befall mit 4 Trojanern unter Windows7 #1

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 09.05.2015, 15:58   #1
baeuerlein
 
Positiver Befall mit 4 Trojanern unter Windows7 #1 - Standard

Positiver Befall mit 4 Trojanern unter Windows7 #1



Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Privater Rechner und Nutzer

Die Situation in chronologischer Abfolge:
1.) erste Beobachtung: CD-Schacht lässt sich auf keine Weise öffnen (Kommerzielle, saubere, alte CD mit Kinderspiel). Erster Verdachstmoment
2.) Antivir ist aktiv, meldet aber, dass es kein Update durchführen kann (kein Internet). Dabei ist kein Proxy in verwendung.
3.) Malwarebytes startet nicht
4.) Malwarebytes Chameleon started im dritten Schritt und finded einige wenige Treffer (nicht kritisch indiziert)
5.) Avira Rescue (Boot von USB) identifiziert die 4 Trojaner: TR/Kryptik.jhas, TR/Korter.palsh, TR/Cabby.cdimz, TR/Cabhot. vuzc. Beenden durch herunterfahren und Start von Festplatte dabei wird chkdsk automatisch durchgeführt
6.) Start von Malwarebytes: finded einige wenige Treffer (nicht kritisch indiziert)
7.) Scan mit Avira Antivirus Pro (update über Internet funktioniert wieder) und hat 7 Treffer (Log unten eingefügt)
8.) Zusammenstellung der geforderten Informationen des Trojanerboard (Defogger, FRST, GMER: Logs unten angefügt.

LOGS:


a) Avira Antivirus Pro (zu (7) in der Chrolologie)
Exportierte Ereignisse - also die Funde/Hits

09.05.2015 13:00 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\Michael\Documents\Outlook-Dateien\m-baeuerlein@versanet.de.pst.vir'
enthielt einen Virus oder unerwünschtes Programm 'TR/Cabhot.vuze' [trojan].
Durchgeführte Aktion(en):
Bei dieser Datei handelt es sich um eine Mailbox. Um Ihre Emails nicht zu
beeinträchtigen wird diese Datei nicht repariert oder gelöscht.

09.05.2015 12:58 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Michael\Documents\Outlook-Dateien\archive.pst.vir'
enthielt einen Virus oder unerwünschtes Programm 'TR/Cabby.cdimz' [trojan].
Durchgeführte Aktion(en):
Bei dieser Datei handelt es sich um eine Mailbox. Um Ihre Emails nicht zu
beeinträchtigen wird diese Datei nicht repariert oder gelöscht.

09.05.2015 12:25 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet
Files\Low\Content.IE5\S3GR8QGO\h65kp.exe.vir'
enthielt einen Virus oder unerwünschtes Programm 'TR/Kovter.palsh' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56b46875.qua'
verschoben!

09.05.2015 12:07 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\Kerstin(1)\Documents\Outlook-Dateien\kerstin_sielaff@baeuerlein.net.ps
t.vir'
enthielt einen Virus oder unerwünschtes Programm 'TR/Kryptik.jhas' [trojan].
Durchgeführte Aktion(en):
Bei dieser Datei handelt es sich um eine Mailbox. Um Ihre Emails nicht zu
beeinträchtigen wird diese Datei nicht repariert oder gelöscht.

08.05.2015 10:25 [Email-Schutz] Malware gefunden (eingehend)
In der eingehenden Email von "sara@tiscali.it" an "<m-baeuerlein@versanet.de>"
wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Worm.Gen' [heuristic]
gefunden.
Betreff: "Invio per posta elettronica:
88066_00841_00159_00515_EEQHDMA7G1ASHK_ATT".
Durchgeführte Aktion: Mail in Quarantäne verschoben

08.05.2015 10:25 [Email-Schutz] Malware gefunden (eingehend)
In der eingehenden Email von "serena.piloni@tin.it" an
"<m-baeuerlein@versanet.de>"
wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Worm.Gen' [heuristic]
gefunden.
Betreff: "Invio per posta elettronica:
34159_00137_00723_00924_7NEA88NMAMAXMU_ATT".
Durchgeführte Aktion: Mail in Quarantäne verschoben

01.05.2015 15:23 [Email-Schutz] Malware gefunden (eingehend)
In der eingehenden Email von ""Claretta Castleberry"
<monsoons@etudeichola.com>" an "m-baeuerlein@versanet.de"
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.81920.635' [trojan]
gefunden.
Betreff: "Mechelen BELGIUM".
Durchgeführte Aktion: Mail in Quarantäne verschoben

01.05.2015 15:22 [Email-Schutz] Malware gefunden (eingehend)
In der eingehenden Email von ""Rusty Haynes" <dispenses@hophing-oil.com>" an
"m-baeuerlein@versanet.de"
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.179482' [trojan]
gefunden.
Betreff: "Your account #516716573847 has been frozen".
Durchgeführte Aktion: Mail in Quarantäne verschoben

01.05.2015 15:21 [Email-Schutz] Malware gefunden (eingehend)
In der eingehenden Email von "Telepass <noreply@services.telepass.it>" an
"<m-baeuerlein@versanet.de>"
wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Worm.Gen' [heuristic]
gefunden.
Betreff: "Telepass.it informa - recapito elettronico delle fatture (rif.
080548031)".
Durchgeführte Aktion: Mail in Quarantäne verschoben

01.05.2015 15:20 [Email-Schutz] Malware gefunden (eingehend)
In der eingehenden Email von ""Inkasso Abteilung Online24 Pay AG"
<georg.paul@onlinehome.de>" an ""Michael Baeuerlein" <m-baeuerlein@versanet.de>"
wurde ein Virus oder unerwünschtes Programm 'TR/Matsnu.A.274' [trojan] gefunden.
Betreff: "Ihr gespeichertes Girokonto ist nicht ausreichend gedeckt".
Durchgeführte Aktion: Mail in Quarantäne verschoben

01.05.2015 15:19 [Email-Schutz] Malware gefunden (eingehend)
In der eingehenden Email von ""Toi Egelston" <reprints@ferfreight.com>" an
"m-baeuerlein@versanet.de"
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.187834' [trojan]
gefunden.
Betreff: "New mms message from +07954-710-253".
Durchgeführte Aktion: Mail in Quarantäne verschoben

30.04.2015 08:13 [Email-Schutz] Malware gefunden (eingehend)
In der eingehenden Email von ""Gerald Keding" <hemimorphism@cartimex.com>" an
"kerstin_sielaff@baeuerlein.net"
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.187154' [trojan]
gefunden.
Betreff: "[***SPAM?***] Copy from +07840-886393".
Durchgeführte Aktion: Mail in Quarantäne verschoben

28.04.2015 08:21 [Email-Schutz] Malware gefunden (eingehend)
In der eingehenden Email von ""Mohamed Vangorder" <decolourise@elektor.com>" an
"kerstin_sielaff@baeuerlein.net"
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.179659' [trojan]
gefunden.
Betreff: "Your account #889029932754 has been blocked".
Durchgeführte Aktion: Mail in Quarantäne verschoben

24.04.2015 20:07 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL
"hxxp://www.serendipity.fr/images/presse/8274.jpg"
wurde ein Virus oder unerwünschtes Programm 'PHP/Shell.BB.2' [virus] gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert



b) Avira Antivirus Pro (zu (7) in der Chrolologie)
Erstellungsdatum der Reportdatei: Samstag, 9. Mai 2015 10:09 Datei ist auf Grund der Groesse noch nicht beigefügt


Die Logs zu FRST und GMER nach Anweisung in zweiten Bolg NAmens "Positiver Befall mit 4 Trojanern unter Windows7 #2" geposted. Hoffentlich richtig so.

Alt 09.05.2015, 16:04   #2
baeuerlein
 
Positiver Befall mit 4 Trojanern unter Windows7 #1 - Standard

Positiver Befall mit 4 Trojanern unter Windows7 #2



Fortsezung aus Positiver Befall mit 4 Trojanern unter Windows7 #1 mit Logfiles
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015 01
Ran by Michael (administrator) on ABKM-2012 on 09-05-2015 15:13:47
Running from C:\Users\Michael\Desktop\Trojan Tools
Loaded Profiles: Michael & (Available profiles: Michael & Antonia & Kerstin(1) & BENJAMIN)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation
) C:\Windows\vVX6000.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(© onlinetvrecorder.com) C:\Program Files (x86)\OTRHomeloader\OTRHomeloader.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Users\Michael\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Seal One AG) C:\Users\Michael\AppData\Local\Temp\Seal One\SealOne.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\tray.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
(Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(© onlinetvrecorder.com) C:\Program Files (x86)\OTRHomeloader\OTRH_Monitoring.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Abine Inc.) C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPService.exe
(CallingID Ltd.) C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDGlobalLight.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-11] (Realtek Semiconductor)
HKLM\...\Run: [VX6000] => C:\Windows\vVX6000.exe [764784 2010-05-20] (Microsoft Corporation
)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403144 2012-06-28] (Acronis)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [188944 2012-09-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-11] ()
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5955088 2012-06-28] (Acronis)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1171336 2012-06-28] (Acronis)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-04-08] (DivX, LLC)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-01-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [OTR Homeloader] => C:\Program Files (x86)\OTRHomeloader\OTRHomeloader.exe [3567616 2014-02-28] (© onlinetvrecorder.com)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2015-01-14] (Samsung)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1565504 2015-01-14] (Samsung)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-24] (Google Inc.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [SealOne] => C:\Users\Michael\AppData\Roaming\Seal One\SealOne.exe [281080 2014-09-26] (Seal One AG)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [Amazon Music] => C:\Users\Michael\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\MountPoints2: I - I:\SealOne.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\MountPoints2: {09289954-7ffb-11e1-9c21-806e6f6e6963} - H:\pushinst.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\MountPoints2: {395dacfd-4553-11e4-86d2-bc05430c7d61} - I:\SealOne.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\MountPoints2: {96c2a851-165b-11e1-910d-806e6f6e6963} - E:\Launcher.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\MountPoints2: {c3c9aa0d-61ac-11e4-b8b5-bc05430c7d61} - J:\SealOne.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\MountPoints2: {cd508ebe-8611-11e1-8068-001a4f9f96e5} - J:\pushinst.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OTR Homeloader] => C:\Program Files (x86)\OTRHomeloader\OTRHomeloader.exe [3567616 2014-02-28] (© onlinetvrecorder.com)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2015-01-14] (Samsung)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1565504 2015-01-14] (Samsung)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-24] (Google Inc.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SealOne] => C:\Users\Michael\AppData\Roaming\Seal One\SealOne.exe [281080 2014-09-26] (Seal One AG)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Amazon Music] => C:\Users\Michael\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: I - I:\SealOne.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {09289954-7ffb-11e1-9c21-806e6f6e6963} - H:\pushinst.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {395dacfd-4553-11e4-86d2-bc05430c7d61} - I:\SealOne.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {96c2a851-165b-11e1-910d-806e6f6e6963} - E:\Launcher.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c3c9aa0d-61ac-11e4-b8b5-bc05430c7d61} - J:\SealOne.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {cd508ebe-8611-11e1-8068-001a4f9f96e5} - J:\pushinst.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [HP Officejet Pro 8500 A910 (NET)] => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {c3c9aa0d-61ac-11e4-b8b5-bc05430c7d61} - I:\SealOne.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Officejet Pro 8500 A910 (NET)] => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c3c9aa0d-61ac-11e4-b8b5-bc05430c7d61} - I:\SealOne.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-24] (Google Inc.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: E - E:\Launcher.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {96c2a851-165b-11e1-910d-806e6f6e6963} - E:\Launcher.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-24] (Google Inc.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: E - E:\Launcher.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {96c2a851-165b-11e1-910d-806e6f6e6963} - E:\Launcher.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk [2012-04-07]
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2012-04-12]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Kerstin(1)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-05-26]
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Kerstin(1)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Netzwerk).lnk [2013-02-22]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2014-03-15]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-10-31]
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk [2012-04-06]
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Users\Michael\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe ()
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk [2012-04-14]
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012-05-17]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Kopie 1).lnk [2013-02-16]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Kopie 1).lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
GroupPolicyUsers\S-1-5-21-3665776361-1376430445-3332247537-1009\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3665776361-1376430445-3332247537-1005\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/webhp?rls=ig
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/webhp?rls=ig
HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> {B7D7CADB-B8B5-4318-B0D3-7207F64BFD6A} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=93a65f66-25f7-46af-8264-8a9eeddcee7f&apn_sauid=6B87D3E1-72B8-4340-A0A4-CB66C5EA381D
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000 -> DefaultScope {96823B65-B9E8-404A-AFE9-A36A99662E05} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000 -> {96823B65-B9E8-404A-AFE9-A36A99662E05} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {96823B65-B9E8-404A-AFE9-A36A99662E05} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {96823B65-B9E8-404A-AFE9-A36A99662E05} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {0ED92739-5703-40AD-8C2A-A3FFEC2B4F38} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {0ED92739-5703-40AD-8C2A-A3FFEC2B4F38} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {C4EC373D-3413-417E-A732-8CB19B478A77} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=93a65f66-25f7-46af-8264-8a9eeddcee7f&apn_sauid=6B87D3E1-72B8-4340-A0A4-CB66C5EA381D
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0ED92739-5703-40AD-8C2A-A3FFEC2B4F38} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0ED92739-5703-40AD-8C2A-A3FFEC2B4F38} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {C4EC373D-3413-417E-A732-8CB19B478A77} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=93a65f66-25f7-46af-8264-8a9eeddcee7f&apn_sauid=6B87D3E1-72B8-4340-A0A4-CB66C5EA381D
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2013-07-09] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: FRITZ!Box Addon BHO -> {C0C86BBE-9509-4296-8459-FDBFDAF4B673} -> C:\Program Files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll [2012-12-11] (AVM Berlin)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-11-07] (DVDVideoSoft Ltd.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2013-08-13] (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: FRITZ!Box Addon BHO -> {C0C86BBE-9509-4296-8459-FDBFDAF4B673} -> C:\Program Files (x86)\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll [2012-12-11] (AVM Berlin)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
BHO-x32: Avira SearchFree Toolbar plus Web Protection -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2013-04-30] (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-03-24] (DVDVideoSoft Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2013-04-30] (Ask)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2013-04-08] (pdfforge GmbH)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab
Handler-x32: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax [2011-10-20] (ACE GmbH)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2013-04-28] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8gcu6wpb.default-1421500931064
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-02] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-02] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-07-09] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @protectdisc.com/NPMPDRM -> C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll [2011-10-11] ( )
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll [2012-11-02] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Antonia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-25] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Antonia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-25] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\BENJAMIN.ABKM-2012\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\BENJAMIN.ABKM-2012\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-02-06] (Apple Inc.)
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8gcu6wpb.default-1421500931064\Extensions\2020Player_IKEA@2020Technologies.com [2015-03-21]
FF Extension: Bitdefender QuickScan - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8gcu6wpb.default-1421500931064\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2015-05-08]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8gcu6wpb.default-1421500931064\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-04-10]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-24]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-06-01]

Chrome: 
=======
CHR DefaultSearchKeyword: Default -> search.snapdo.com
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-28]
CHR Extension: (Skype Click to Call) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-07-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-28]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-01]
CHR HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Michael\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-01-24]
CHR HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Michael\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-01-24]
CHR HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Michael\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.11.0.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-03-15] (Adobe Systems) [File not signed]
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 avmident; C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe [76288 2011-09-27] (AVM Berlin) [File not signed]
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-05-28] () [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
R2 HPSLPSVC; C:\Users\Michael\AppData\Local\Temp\7zS5961\hpslpsvc64.dll [1039360 2012-11-14] (Hewlett-Packard Co.) [File not signed]
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-09] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-25] (AVM Berlin)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-10-30] () [File not signed]
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-25] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 VX6000; C:\Windows\System32\DRIVERS\VX6000Xp.sys [2143600 2010-05-20] (Microsoft Corporation
)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-09 15:13 - 2015-05-09 15:13 - 00000000 ____D () C:\FRST
2015-05-09 15:13 - 2015-05-09 15:13 - 00000000 _____ () C:\Users\Michael\defogger_reenable
2015-05-09 09:06 - 2015-05-09 15:13 - 00000000 ____D () C:\Users\Michael\Desktop\Trojan Tools
2015-05-09 08:48 - 2015-05-09 08:48 - 00000000 ____D () C:\Users\Michael\AppData\Local\{6E532C9A-877E-4FBF-863E-DBE4B323F5E7}
2015-05-09 08:46 - 2015-05-09 08:46 - 00000022 _____ () C:\Windows\S.dirmngr
2015-05-08 17:21 - 2015-05-08 17:23 - 00000000 ____D () C:\Users\Michael\Desktop\Antivir Rescue
2015-05-08 15:01 - 2015-05-08 15:01 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-08 14:03 - 2015-05-08 14:03 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-08 14:01 - 2015-05-08 14:01 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\QuickScan
2015-05-08 11:37 - 2015-05-08 11:37 - 00000000 ____D () C:\Users\Antonia\Desktop\runtime
2015-05-08 11:35 - 2015-05-08 11:40 - 00000000 ____D () C:\Users\Antonia\Desktop\game
2015-05-08 11:03 - 2015-05-08 11:03 - 00000000 ____D () C:\Users\Antonia\AppData\Local\{56D3392A-6DA5-4C13-BEB3-CF502A9CC135}
2015-05-08 09:47 - 2015-05-08 09:47 - 00000000 ____D () C:\Users\Michael\AppData\Local\{CF45AD25-98B3-4995-982B-C6BEBA338B61}
2015-05-03 17:21 - 2015-05-03 17:21 - 00000000 ____D () C:\Users\Antonia\AppData\Local\{6677D07C-D21C-4218-A05E-5F02BFC9FCE3}
2015-05-03 14:38 - 2015-05-03 14:38 - 00000000 ____D () C:\Users\Michael\AppData\Local\{357B4DF6-0AB5-4471-A1A9-B02E3AA3BF24}
2015-05-02 17:57 - 2015-05-02 17:57 - 00000000 ____D () C:\Users\Michael\AppData\Local\{4917958E-1019-4EFD-B113-7AA8FC872D1D}
2015-05-02 17:55 - 2015-05-02 17:55 - 00007158 _____ () C:\Users\Kerstin(1)\Desktop\Fliesen - Verknüpfung.lnk
2015-05-02 17:54 - 2015-05-02 17:55 - 00000000 ____D () C:\Users\Public\Documents\Sentastr
2015-05-01 15:13 - 2015-05-01 15:14 - 00000000 ____D () C:\Users\Michael\AppData\Local\{C2B60F9A-5E39-42A5-A1B3-A8D48669B688}
2015-05-01 11:58 - 2015-05-01 11:58 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Local\{84B21787-061C-4822-9126-03D044371819}
2015-04-27 09:18 - 2015-04-27 09:18 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Local\{BDC3A217-B9AD-45C9-8C79-C291528228E8}
2015-04-24 15:24 - 2015-04-24 15:24 - 00000000 ____D () C:\Users\BENJAMIN.ABKM-2012\AppData\Roaming\Unity
2015-04-24 15:08 - 2015-04-24 15:08 - 00000000 ____D () C:\Users\BENJAMIN.ABKM-2012\AppData\Local\Unity
2015-04-24 15:07 - 2015-04-24 15:08 - 01088384 _____ (Unity Technologies ApS) C:\Users\BENJAMIN.ABKM-2012\Downloads\UnityWebPlayer(2).exe
2015-04-24 15:07 - 2015-04-24 15:07 - 01088384 _____ (Unity Technologies ApS) C:\Users\BENJAMIN.ABKM-2012\Downloads\UnityWebPlayer(1).exe
2015-04-24 15:06 - 2015-04-24 15:06 - 01088384 _____ (Unity Technologies ApS) C:\Users\BENJAMIN.ABKM-2012\Downloads\UnityWebPlayer.exe
2015-04-24 12:04 - 2015-04-24 12:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-21 15:42 - 2015-04-21 15:42 - 00044032 ___SH () C:\Users\BENJAMIN.ABKM-2012\AppData\Roaming\Thumbs.db
2015-04-21 15:42 - 2015-04-21 15:42 - 00001526 _____ () C:\Users\BENJAMIN.ABKM-2012\AppData\Roaming\.minecraft - Verknüpfung.lnk
2015-04-21 15:28 - 2015-04-21 15:29 - 05263187 _____ () C:\Users\BENJAMIN.ABKM-2012\Downloads\FC Pack V8-1.7.10-4.8.0.zip
2015-04-21 10:31 - 2015-04-21 10:31 - 00000000 ____D () C:\Users\Michael\AppData\Local\{EA2EBA12-0315-4671-9513-358718E61F53}
2015-04-20 10:53 - 2015-04-20 10:54 - 00000000 ____D () C:\Users\Michael\AppData\Local\{8DB52E62-3E56-485F-9EFA-B9CB35B64210}
2015-04-19 12:46 - 2015-04-19 12:46 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B28C3F14-AD19-43B5-908D-4B409049E668}
2015-04-18 10:09 - 2015-04-18 10:09 - 00000000 ____D () C:\Users\Michael\AppData\Local\{D48DCE9E-1E8C-4998-99EB-AF93838C2C0F}
2015-04-15 09:20 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 09:20 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 09:20 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 09:20 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 09:20 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 09:20 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 09:20 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 09:20 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 09:20 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 09:20 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 09:20 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 09:20 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 09:20 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 09:20 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 09:20 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 09:20 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 09:20 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 09:20 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 09:20 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 09:20 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 09:20 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 09:20 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 09:20 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 09:20 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 09:20 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 09:20 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 09:20 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 09:20 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 09:20 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 09:20 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 09:20 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 09:20 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 09:20 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 09:20 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 09:20 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 09:20 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 09:20 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 09:20 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 09:20 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 09:20 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 09:20 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 09:20 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 09:20 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 09:20 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 09:20 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 09:20 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 09:20 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 09:20 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 09:20 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 09:20 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 09:20 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 09:20 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 09:20 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 09:20 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 09:20 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 09:20 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 09:20 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 09:20 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 09:20 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 09:20 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 09:20 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 09:20 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 09:20 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 09:20 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 09:20 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 09:20 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 09:20 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 09:20 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 09:20 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 09:20 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 09:20 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 09:20 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 09:20 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 09:20 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 09:20 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 09:20 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 09:20 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 09:20 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 09:20 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 09:20 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 09:20 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 09:20 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 09:20 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 09:20 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 09:20 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 09:20 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 09:20 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 09:20 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 09:20 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 09:20 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 09:20 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 09:20 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 09:20 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 09:20 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 09:20 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 09:20 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 09:20 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 09:20 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 09:20 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 09:20 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 09:20 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 09:20 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 09:20 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 09:20 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 09:20 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 09:20 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 09:20 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 09:20 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 09:20 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 09:20 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 09:20 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 09:20 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 09:20 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 09:20 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 09:20 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 09:20 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 09:20 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 09:19 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 09:19 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 09:19 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-13 15:45 - 2015-04-13 15:45 - 00000000 ____D () C:\Users\Michael\AppData\Local\{1B3B35ED-F750-462D-8F81-890BC573A716}
2015-04-12 23:27 - 2015-04-20 14:44 - 00000000 ____D () C:\Users\Michael\Documents\Sentastr
2015-04-12 22:56 - 2015-04-12 22:56 - 00000000 ____D () C:\Users\Michael\AppData\Local\{93EC67FB-AC66-4030-8AA8-9B714F29AD58}
2015-04-11 17:47 - 2015-04-11 17:47 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Local\{93E74171-0447-4F59-B006-BDD9A0710ABA}
2015-04-11 12:52 - 2015-04-11 12:52 - 00000000 ____D () C:\Users\Michael\AppData\Local\{CFCFB3BF-B88B-4EE4-8DB7-FD5158ACF71B}
2015-04-10 22:22 - 2015-04-10 22:22 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-10 22:22 - 2015-04-10 22:22 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-10 21:56 - 2015-04-10 21:56 - 00000000 ____D () C:\Users\Michael\AppData\Local\{8A502CF6-C1B4-45AD-870E-EB34C865CB2D}
2015-04-10 20:51 - 2015-04-10 20:54 - 08437760 _____ () C:\Users\Michael\AppData\Local\784ED66F_stp.CIS
2015-04-10 20:51 - 2015-04-10 20:51 - 00190611 _____ () C:\Users\Michael\AppData\Local\4A594BA6_stp.CIS
2015-04-10 20:51 - 2015-04-10 20:51 - 00000442 _____ () C:\Users\Michael\AppData\Local\784ED66F_stp.CIS.part
2015-04-10 20:51 - 2015-04-10 20:51 - 00000290 _____ () C:\Users\Michael\AppData\Local\4A594BA6_stp.CIS.part
2015-04-10 20:49 - 2015-04-10 20:54 - 00000000 ____D () C:\Users\Michael\AppData\Local\5D515C96_stp
2015-04-10 20:49 - 2015-04-10 20:49 - 00385602 _____ () C:\Users\Michael\AppData\Local\5D515C96_stp.CIS
2015-04-10 20:49 - 2015-04-10 20:49 - 00000220 _____ () C:\Users\Michael\AppData\Local\5D515C96_stp.CIS.part
2015-04-10 20:48 - 2015-04-10 20:48 - 03310280 _____ (DVDVideoSoft Ltd. ) C:\Users\Michael\Downloads\FreeStudio.exe
2015-04-10 16:41 - 2015-04-10 16:41 - 00000000 ____D () C:\Users\Antonia\Tracing
2015-04-10 12:51 - 2015-04-10 12:52 - 00000000 ____D () C:\Users\Michael\AppData\Local\Garmin_Ltd._or_its_subsid
2015-04-10 09:55 - 2015-04-10 09:55 - 00000000 ____D () C:\Users\Michael\AppData\Local\{0C4E06F7-CF93-4A58-96EC-AC2ECCBEF238}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-09 15:13 - 2012-04-06 17:17 - 00000000 ____D () C:\Users\Michael
2015-05-09 14:47 - 2012-04-06 20:14 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype
2015-05-09 13:43 - 2011-11-24 07:07 - 01989193 _____ () C:\Windows\WindowsUpdate.log
2015-05-09 08:58 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-09 08:58 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-09 08:51 - 2014-05-17 16:59 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-09 08:50 - 2015-01-24 16:25 - 00000000 ___RD () C:\Users\Michael\Google Drive
2015-05-09 08:50 - 2014-10-31 00:10 - 00000000 ___RD () C:\Users\Michael\Dropbox
2015-05-09 08:50 - 2013-05-26 21:11 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Dropbox
2015-05-09 08:48 - 2012-04-06 17:44 - 00652489 _____ () C:\Users\Michael\DesktopStCenter.txt
2015-05-09 08:47 - 2012-05-06 13:46 - 00000000 ____D () C:\Users\Michael\Tracing
2015-05-09 08:46 - 2009-07-14 06:51 - 00291793 _____ () C:\Windows\setupact.log
2015-05-08 22:54 - 2012-04-11 20:45 - 00000000 ____D () C:\Users\Michael\Documents\Outlook-Dateien
2015-05-08 22:47 - 2012-04-15 21:31 - 00000000 ____D () C:\Users\Kerstin(1)\Documents\Outlook-Dateien
2015-05-08 17:25 - 2011-11-20 07:23 - 00702980 _____ () C:\Windows\system32\perfh007.dat
2015-05-08 17:25 - 2011-11-20 07:23 - 00150620 _____ () C:\Windows\system32\perfc007.dat
2015-05-08 17:25 - 2009-07-14 07:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-08 16:55 - 2014-05-17 16:56 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-08 15:04 - 2012-12-09 12:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\DoNotTrackPlus
2015-05-08 15:01 - 2014-05-17 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-08 15:01 - 2014-05-17 16:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-08 13:28 - 2013-09-01 11:12 - 00000000 ____D () C:\Users\Antonia\AppData\Roaming\Skype
2015-05-08 13:18 - 2015-02-22 15:52 - 00000000 ____D () C:\Users\Antonia\AppData\Roaming\.minecraft
2015-05-08 07:55 - 2013-05-26 21:13 - 00000000 ___RD () C:\Users\Kerstin(1)\Dropbox
2015-05-08 07:55 - 2013-05-26 21:10 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Roaming\Dropbox
2015-05-05 17:45 - 2014-02-07 17:06 - 00000000 ____D () C:\Users\BENJAMIN.ABKM-2012\AppData\Roaming\.minecraft
2015-05-03 19:29 - 2008-09-14 11:36 - 00000000 ____D () C:\Users\Michael\Documents\WISO Mein Geld
2015-05-03 17:59 - 2013-09-01 11:21 - 00000000 ____D () C:\Users\Antonia\Documents\Outlook-Dateien
2015-05-03 14:40 - 2012-04-28 11:34 - 00000000 ____D () C:\Users\Michael\AppData\Local\CrashDumps
2015-05-03 14:39 - 2011-05-24 16:40 - 00000000 ____D () C:\Users\Michael\Documents\Mein Steuer-Sparbuch Heute
2015-05-02 18:01 - 2011-07-11 11:54 - 00000000 ____D () C:\ProgramData\Skype
2015-05-02 17:59 - 2012-04-11 20:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-02 17:58 - 2012-04-11 20:20 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-02 17:58 - 2011-07-11 12:28 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-01 15:57 - 2013-09-14 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-05-01 15:57 - 2012-11-30 11:52 - 00001620 _____ () C:\Users\Michael\Desktop\DivX Movies.lnk
2015-05-01 15:57 - 2012-06-03 18:53 - 00000000 ____D () C:\Program Files (x86)\DivX
2015-05-01 15:57 - 2012-06-03 18:52 - 00000000 ____D () C:\ProgramData\DivX
2015-05-01 15:21 - 2014-10-31 00:09 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-01 15:21 - 2013-05-26 21:11 - 00005971 _____ () C:\Windows\wininit.ini
2015-05-01 10:03 - 2010-11-21 05:47 - 01067052 _____ () C:\Windows\PFRO.log
2015-04-24 22:12 - 2012-06-08 16:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-24 07:09 - 2013-05-26 21:13 - 00001037 _____ () C:\Users\Kerstin(1)\Desktop\Dropbox.lnk
2015-04-24 07:09 - 2013-05-26 21:11 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-20 14:46 - 2008-09-14 11:36 - 00000000 ____D () C:\Users\Michael\Documents\Wielandstrasse
2015-04-19 13:24 - 2012-04-11 19:39 - 00000000 ____D () C:\Users\Michael\Documents\Computer
2015-04-15 17:03 - 2014-12-12 08:57 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 17:03 - 2014-05-01 10:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 17:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 11:18 - 2012-04-06 21:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 11:17 - 2014-01-18 17:19 - 01602852 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 11:14 - 2013-08-14 08:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 11:06 - 2012-04-14 17:33 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 11:06 - 2009-07-14 04:34 - 00000510 _____ () C:\Windows\win.ini
2015-04-14 09:37 - 2014-05-17 16:56 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2014-01-18 14:09 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-10 20:57 - 2013-06-08 11:21 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-04-10 20:57 - 2012-11-30 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-04-10 20:54 - 2014-11-22 13:18 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-04-10 20:54 - 2012-09-08 19:31 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\DVDVideoSoft
2015-04-10 16:41 - 2012-04-12 16:28 - 00000000 ____D () C:\Users\Antonia
2015-04-10 16:06 - 2012-05-04 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-04-10 12:52 - 2013-03-22 10:19 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-10 12:51 - 2012-05-04 23:09 - 00000000 ____D () C:\ProgramData\Garmin
2015-04-10 12:51 - 2012-05-04 23:07 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-04-10 12:50 - 2014-07-20 13:30 - 00000382 _____ () C:\Windows\Tasks\GarminUpdaterTask.job
2015-04-10 12:43 - 2011-07-11 11:55 - 00000000 ___RD () C:\Program Files (x86)\Skype

==================== Files in the root of some directories =======

2012-05-26 09:58 - 2014-11-08 15:44 - 0003258 _____ () C:\Users\Michael\AppData\Roaming\Rim.Desktop.Exception.log
2012-05-26 09:57 - 2013-09-08 15:08 - 0003361 _____ () C:\Users\Michael\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-05-26 09:58 - 2014-11-08 15:44 - 0000847 _____ () C:\Users\Michael\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-10-21 22:21 - 2014-11-08 15:44 - 0010010 _____ () C:\Users\Michael\AppData\Roaming\Rim.Transcoder.Exception.log
2015-04-10 20:51 - 2015-04-10 20:51 - 0190611 _____ () C:\Users\Michael\AppData\Local\4A594BA6_stp.CIS
2015-04-10 20:51 - 2015-04-10 20:51 - 0000290 _____ () C:\Users\Michael\AppData\Local\4A594BA6_stp.CIS.part
2015-04-10 20:49 - 2015-04-10 20:49 - 0385602 _____ () C:\Users\Michael\AppData\Local\5D515C96_stp.CIS
2015-04-10 20:49 - 2015-04-10 20:49 - 0000220 _____ () C:\Users\Michael\AppData\Local\5D515C96_stp.CIS.part
2015-04-10 20:51 - 2015-04-10 20:54 - 8437760 _____ () C:\Users\Michael\AppData\Local\784ED66F_stp.CIS
2015-04-10 20:51 - 2015-04-10 20:51 - 0000442 _____ () C:\Users\Michael\AppData\Local\784ED66F_stp.CIS.part
2012-04-13 19:18 - 2015-01-31 14:23 - 0026112 _____ () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-07 17:36 - 2014-12-07 17:36 - 0000017 _____ () C:\Users\Michael\AppData\Local\resmon.resmoncfg
2013-02-16 22:59 - 2013-02-16 22:59 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-11-24 07:21 - 2013-03-16 22:42 - 0002538 _____ () C:\ProgramData\ArcadeDeluxe5.log

Some content of TEMP:
====================
C:\Users\Antonia\AppData\Local\Temp\avgnt.exe
C:\Users\Antonia\AppData\Local\Temp\COMAP.EXE
C:\Users\Antonia\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Antonia\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Antonia\AppData\Local\Temp\drm_dyndata_7400008.dll
C:\Users\Antonia\AppData\Local\Temp\SkypeSetup.exe
C:\Users\BENJAMIN.ABKM-2012\AppData\Local\Temp\avgnt.exe
C:\Users\BENJAMIN.ABKM-2012\AppData\Local\Temp\drm_dyndata_7400008.dll
C:\Users\BENJAMIN.ABKM-2012\AppData\Local\Temp\LEGOBatman2.exe
C:\Users\BENJAMIN.ABKM-2012\AppData\Local\Temp\tmpC97E.exe
C:\Users\BENJAMIN.ABKM-2012\AppData\Local\Temp\ubi88E.tmp.exe
C:\Users\Kerstin(1)\AppData\Local\Temp\avgnt.exe
C:\Users\Kerstin(1)\AppData\Local\Temp\COMAP.EXE
C:\Users\Kerstin(1)\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzazvwl.dll
C:\Users\Kerstin(1)\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kerstin(1)\AppData\Local\Temp\tmp2BB1.exe
C:\Users\Kerstin(1)\AppData\Local\Temp\tmpF660.exe
C:\Users\Michael\AppData\Local\Temp\13-1_vista_win7_win8_64_dd_ccc_whql.exe
C:\Users\Michael\AppData\Local\Temp\avgnt.exe
C:\Users\Michael\AppData\Local\Temp\COMAP.EXE
C:\Users\Michael\AppData\Local\Temp\d1g_ja1l.dll
C:\Users\Michael\AppData\Local\Temp\DivXSetup.exe
C:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd2ysf8.dll
C:\Users\Michael\AppData\Local\Temp\ED9E.exe
C:\Users\Michael\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Michael\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_au_aih.exe
C:\Users\Michael\AppData\Local\Temp\install_flashplayer16x32_mssd_aaa_aih.exe
C:\Users\Michael\AppData\Local\Temp\install_flashplayer16x32_mssd_aaa_aih_1.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Michael\AppData\Local\Temp\LEGOBatman2.exe
C:\Users\Michael\AppData\Local\Temp\LT2Update2012-03-22.exe
C:\Users\Michael\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Michael\AppData\Local\Temp\ose00000.exe
C:\Users\Michael\AppData\Local\Temp\setup.exe
C:\Users\Michael\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Michael\AppData\Local\Temp\tmp16FB.exe
C:\Users\Michael\AppData\Local\Temp\tmp6C1B.exe
C:\Users\Michael\AppData\Local\Temp\tmp7AD4.exe
C:\Users\Michael\AppData\Local\Temp\tmp9DB3.exe
C:\Users\Michael\AppData\Local\Temp\tmpDC07.exe
C:\Users\Michael\AppData\Local\Temp\ubi6A6B.tmp.exe
C:\Users\Michael\AppData\Local\Temp\ubi7151.tmp.exe
C:\Users\Michael\AppData\Local\Temp\WISOMeinGeld2012SP1.exe
C:\Users\Michael\AppData\Local\Temp\_is455C.exe
C:\Users\Michael\AppData\Local\Temp\_is79E.exe
C:\Users\Michael\AppData\Local\Temp\_isF327.exe
C:\Users\Michael\AppData\Local\Temp\{25ADC254-E9FD-463C-A51F-A6D8D4A92759}vsscomproxy.dll
C:\Users\Michael\AppData\Local\Temp\{BF35ED85-438C-485A-B7DD-BDE20F4C6CA6}vsscom.dll
C:\Users\Michael\AppData\Local\Temp\{E5570292-2D9B-4B68-AB6D-3F7E80909148}vsscomproxy64.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-09-01 12:28

==================== End Of Log ============================
         
--- --- ---
Der Log zu FRST Additions und GMER findet sich gemaess anleitung in dem 3. Blog "Positiver Befall mit 4 Trojanern unter Windows7 #3"
__________________


Alt 09.05.2015, 16:06   #3
baeuerlein
 
Positiver Befall mit 4 Trojanern unter Windows7 #1 - Standard

Positiver Befall mit 4 Trojanern unter Windows7 #3



Fortsezung von Positiver Befall mit 4 Trojanern unter Windows7 #2FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015 01
Ran by Michael at 2015-05-09 15:14:41
Running from C:\Users\Michael\Desktop\Trojan Tools
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3665776361-1376430445-3332247537-500 - Administrator - Disabled)
Antonia (S-1-5-21-3665776361-1376430445-3332247537-1005 - Limited - Enabled) => C:\Users\Antonia
BENJAMIN (S-1-5-21-3665776361-1376430445-3332247537-1009 - Limited - Enabled) => C:\Users\BENJAMIN.ABKM-2012
Gast (S-1-5-21-3665776361-1376430445-3332247537-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3665776361-1376430445-3332247537-1002 - Limited - Enabled)
Kerstin(1) (S-1-5-21-3665776361-1376430445-3332247537-1008 - Limited - Enabled) => C:\Users\Kerstin(1)
Michael (S-1-5-21-3665776361-1376430445-3332247537-1000 - Administrator - Enabled) => C:\Users\Michael

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: FireWall (Disabled) {753F9273-B322-2907-AC37-03D0F1702F22}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2weistein (HKLM-x32\...\{307702F6-FD2C-484A-8F2E-A1DCE85FD9CC}_is1) (Version: - Brainmonster Studios)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3505 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)
Acronis*True*Image*Home 2012 (HKLM-x32\...\{243EF3E5-537D-4A15-8EE8-47D5473D9C73}Visible) (Version: 15.0.7133 - Acronis)
Acronis*True*Image*Home 2012 (x32 Version: 15.0.7133 - Acronis) Hidden
ActiveX контрола на Windows Live Mesh за отдалечени връзки (HKLM-x32\...\{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}) (Version: 15.4.5722.2 - Microsoft Corporation)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements (HKLM-x32\...\Adobe Photoshop Elements 1.0) (Version: 1.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe SVG Viewer (HKLM-x32\...\Adobe SVG Viewer) (Version: 1.0 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon Music (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
ANNO 1404 - Königsedition (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 3.10.0000 - Ubisoft)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10405 - ATI Technologies Inc.) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.6.45268 - Ask.com) <==== ATTENTION
Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.6.45268 - Ask.com) <==== ATTENTION
Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.3.30498 - Ask.com) <==== ATTENTION
Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.3.30498 - Ask.com) <==== ATTENTION
Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.4.37949 - Ask.com) <==== ATTENTION
Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.4.37949 - Ask.com) <==== ATTENTION
AVM FRITZ!Box AddOn (IE) (HKLM-x32\...\{CEAD06D8-D033-4D2A-9328-AF49089E129F}) (Version: 1.7.0 - AVM Berlin)
AVM FRITZ!Box AddOn (IE) (x64) (HKLM\...\{EC3671D7-98AC-4951-8FFD-5556BE066137}) (Version: 1.7.0 - AVM Berlin)
AVM FRITZ!Box-Kindersicherung (HKLM-x32\...\{7497BB4F-CE23-47D4-B2CB-62548080F74F}) (Version: 4.2.3 - AVM Berlin)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version: - AVM Berlin)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research in Motion Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
clear.fi (x32 Version: 1.5.3201_45059 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.9024 - CyberLink Corp.) Hidden
clear.fi (HKLM-x32\...\InstallShield_{37126D87-E4FD-4614-B908-A0BB7ECE3992}) (Version: 1.5.3318.35 - CyberLink Corp.)
clear.fi (x32 Version: 1.5.3318.35 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.05.3002 - Acer Incorporated)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Control ActiveX del Windows Live Mesh per a connexions remotes (HKLM-x32\...\{76C064E2-BB99-4453-8FDA-42BC01AD0734}) (Version: 15.4.5722.2 - Microsoft Corporation)
Control ActiveX Windows Live Mesh pentru conexiuni la distanță (HKLM-x32\...\{260E3D78-94E6-47EC-8E29-46301572BB1E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controle ActiveX do Windows Live Mesh para Conexões Remotas (HKLM-x32\...\{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Applications (HKLM-x32\...\Corel Applications) (Version: - )
Corel PaintShop Pro X4 (HKLM-x32\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.345 - Corel Corporation)
Corel PaintShop Pro X4 (x32 Version: 14.1.0.5 - Corel Corporation) Hidden
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Jagd nach dem blauen Kristall (HKLM-x32\...\Die Jagd nach dem blauen Kristall) (Version: - )
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC)
Dropbox (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Elevated Installer (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Etron USB3.0 Host Controller (x32 Version: 0.106 - Etron Technology) Hidden
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.0.8 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.0.8 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free Audio CD Burner version 2.0.24.827 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: 2.0.24.827 - DVDVideoSoft Ltd.)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free Audio Converter version 5.0.27.725 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.27.725 - DVDVideoSoft Ltd.)
Free Disc Burner version 3.0.18.1212 (HKLM-x32\...\Free Disc Burner_is1) (Version: 3.0.18.1212 - DVDVideoSoft Ltd.)
Free DVD Video Converter version 2.0.15.1125 (HKLM-x32\...\Free DVD Video Converter_is1) (Version: 2.0.15.1125 - DVDVideoSoft Ltd.)
Free MP4 Video Converter version 5.0.46.820 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.46.820 - DVDVideoSoft Ltd.)
Free Studio version 6.5.0.324 (HKLM-x32\...\Free Studio_is1) (Version: 6.5.0.324 - DVDVideoSoft Ltd.)
Free Video Call Recorder for Skype version 1.2.8.1230 (HKLM-x32\...\Free Video Call Recorder for Skype_is1) (Version: 1.2.8.1230 - DVDVideoSoft Ltd.)
Free Video Dub version 2.0.21.827 (HKLM-x32\...\Free Video Dub_is1) (Version: 2.0.21.827 - DVDVideoSoft Ltd.)
Free Video Flip and Rotate version 2.1.9.822 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 2.1.9.822 - DVDVideoSoft Ltd.)
Free Video to Android Converter version 5.0.32.1230 (HKLM-x32\...\Free Video to Android Converter_is1) (Version: 5.0.32.1230 - DVDVideoSoft Ltd.)
Free Video to DVD Converter version 5.0.45.716 (HKLM-x32\...\Free Video to DVD Converter_is1) (Version: 5.0.45.716 - DVDVideoSoft Ltd.)
Free Video to iPod Converter version 5.0.27.725 (HKLM-x32\...\Free Video to iPod Converter_is1) (Version: 5.0.27.725 - DVDVideoSoft Ltd.)
Free Video to Samsung Phones Converter version 5.0.32.1230 (HKLM-x32\...\Free Video to Samsung Phones Converter_is1) (Version: 5.0.32.1230 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.20.1230 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.20.1230 - DVDVideoSoft Ltd.)
Free YouTube to DVD Converter version 3.1.13.925 (HKLM-x32\...\Free YouTube to DVD Converter_is1) (Version: 3.1.13.925 - DVDVideoSoft Ltd.)
Free YouTube to iPhone Converter version 2.12.20.1230 (HKLM-x32\...\Free YouTube to iPhone Converter_is1) (Version: 2.12.20.1230 - DVDVideoSoft Ltd.)
Free YouTube to iPod Converter version 3.11.12.827 (HKLM-x32\...\Free YouTube to iPod Converter_is1) (Version: 3.11.12.827 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.50.1111 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1111 - DVDVideoSoft Ltd.)
FRITZ!DSL64 (HKLM\...\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}) (Version: 2.04.03 - AVM Berlin)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin City Navigator Europe NT 2013.10 Update (HKLM-x32\...\{EC28FA6E-E38D-4F72-80EF-1FBE66B05668}) (Version: 16.10.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2014.30 Update (HKLM-x32\...\{F956C0BB-D2FA-4BA5-80D7-AC08E7CD611B}) (Version: 17.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2015.40 (HKLM-x32\...\{04B2E836-EF35-438B-89B8-59F484090283}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Gpg4win (2.1.1) (HKLM-x32\...\GPG4Win) (Version: 2.1.1 - The Gpg4win Project)
Horse Life (HKLM-x32\...\Horse Life_is1) (Version: - )
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Acer Incorporated)
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (HKLM\...\{0A8BEF69-0DD7-4A8F-9AED-0CB91BEBCB58}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Hilfe (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Product Detection (HKLM-x32\...\{42D10994-A566-495D-A5E7-D0C6B5C6B35C}) (Version: 11.14.0006 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ICA (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
IPM_PSP_COM (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.3.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.3.0 - )
Kontrola Windows Live Mesh ActiveX za daljinske veze (HKLM-x32\...\{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}) (Version: 15.4.5722.2 - Microsoft Corporation)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
LEGO® Batman™ 2: DC Super Heroes (HKLM-x32\...\{4E2EA555-3DAE-4BE1-96BF-6A632ACFE8DE}) (Version: 1.0.0.0 - Warner Bros. Interactive Entertainment)
LEGO® Star Wars™: Die Komplette Saga (HKLM-x32\...\InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}) (Version: 1.00.0000 - LucasArts)
LEGO® Star Wars™: The Complete Saga (x32 Version: 1.00.0000 - LucasArts) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Marketsplash Schnellzugriffe (HKLM-x32\...\{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}) (Version: 1.0.1.7 - Hewlett-Packard)
Matrix Code Emulator 1.50 (HKLM-x32\...\Matrix Code Emulator_is1) (Version: - Reality Rift Studios)
Media Markt Download Player (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\4086596500.video-download.mediamarkt.de) (Version: - video-download.mediamarkt.de)
Media Markt Download Player (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\4086596500.video-download.mediamarkt.de) (Version: - video-download.mediamarkt.de)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4517.1509 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WorldWide Telescope (HKLM-x32\...\{02E7492D-C46F-4A34-A197-D1C3F19A1F4A}) (Version: 5.0.3 - Microsoft Research)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\MyFreeCodec) (Version: - )
MyFreeCodec (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MyFreeCodec) (Version: - )
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.15 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.15 - Egis Technology Inc.) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10800.6.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4517.1509 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4517.1509 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4517.1509 - Microsoft Corporation) Hidden
OTR Homeloader 1.5.8.146 (HKLM-x32\...\OTR Homeloader) (Version: 1.5.8.146 - © onlinetvrecorder.com)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM-x32\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}) (Version: 15.4.5722.2 - Microsoft Corporation)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Pearl Harbor: Fire on the Water (x32 Version: 2.2.0.110 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Pflanzen gegen Zombies (HKLM-x32\...\Pflanzen gegen Zombies) (Version: - PopCap Games)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PonyGirl2 (HKLM-x32\...\PonyGirl2) (Version: - )
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.10 - ProtectDisc Software GmbH)
PSPPContent (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
PSPPro64 (Version: 14.0.0.345 - Corel Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6242 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.1.1.11124_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.1.1.11124_17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Setup (x32 Version: 14.0.0.345 - Ihr Firmenname) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Snapfish Fotobuch (HKLM-x32\...\Snapfish Fotobuch) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Space Fighters 3D (HKLM-x32\...\SpaceFighters3D) (Version: 1.0D - Anders und Seim Neue Medien AG)
SPEEDLINK Strike 2 Gamepad (HKLM-x32\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.08.17 - )
Sweet Home 3D version 4.6 (HKLM\...\Sweet Home 3D_is1) (Version: - eTeks)
TKKG16 (HKLM-x32\...\TKKG16) (Version: Das unheimliche Zimmer" - Tivola Development GmbH)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Unity Web Player (HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\UnityWebPlayer) (Version: 5.0.1f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 5.0.1f1 - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Urruneko konexioetarako Windows Live Mesh ActiveX kontrola (HKLM-x32\...\{7BA6DF02-B094-45D7-A3C9-BE3684253922}) (Version: 15.4.5722.2 - Microsoft Corporation)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (x32 Version: 4.0.10.2 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wireshark 1.12.4 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.4 - The Wireshark developer community, hxxp://www.wireshark.org)
WISO Mein Geld 2014 Standard (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\WISO Mein Geld 2014 Standard) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2014 Standard (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WISO Mein Geld 2014 Standard) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2014 Standard (x32 Version: 16.0.1.0 - Buhl Data Service GmbH) Hidden
WISO Steuer-Sparbuch 2012 (HKLM-x32\...\{0CC1DAFB-40C8-4903-953D-471E541477C7}) (Version: 19.03.7334 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{1A51972F-7455-4EF7-9B62-FAF851E0BE13}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{D31520BA-35B4-41A9-A176-6A69F6BDB046}) (Version: 22.02.8861 - Buhl Data Service GmbH)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย) (HKLM-x32\...\{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06BD7732-AC4C-4D89-885B-23BA3DE7A669} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0FE833D6-1CC1-4D33-AD84-2DA4D5B307D0} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {13EDDADF-414A-4208-8B6A-08C5B5F9D110} - System32\Tasks\{AFE53008-C007-408D-AC1A-522FF6694D9D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{D596980D-17BE-4425-B8F0-5640719AADE9}\setup.exe" -c -runfromtemp -l0x0407
Task: {15080E1E-897B-4116-AC0B-A04DB15A74F3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {201022E4-9FC8-42D8-856E-97E0A2D248B6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-08-13] (Microsoft Corporation)
Task: {2BDB76D0-55AF-4A26-BD8B-612E7E9CE036} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {2F8C7232-6B89-4A83-A839-009522724610} - System32\Tasks\{BCA64A62-A2F0-4023-9FE4-D9BF2DD0AAB7} => pcalua.exe -a "C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2238UOIF\avm_fritz!wlan_usb_stick_x64_build_100906.exe" -d C:\Users\Michael\Desktop
Task: {38C5C3F5-7303-41FE-AA18-D55BF2CFDBF4} - System32\Tasks\hpUtility.exe_{9189978C-8FF7-42B9-8AE7-F38CEBEA73B8} => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\utils\hpUtility.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {415E614A-8D00-4D17-B889-DB9A42C89CC3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-02] (Adobe Systems Incorporated)
Task: {49735EFF-FBBD-4D0C-A45D-58A85253DDB6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-08-13] (Microsoft Corporation)
Task: {5C5FE30A-AAA1-4C2E-AD79-30544C05DA33} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {6453F120-7242-41F6-A713-3EB92534A46C} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-10-12] (CyberLink)
Task: {6DE97448-BB57-4261-979C-6E0D00BF1EFF} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-04-30] () <==== ATTENTION
Task: {6E263B84-6926-4989-BDD9-4979DC4D5614} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {7F8039A3-75EC-4376-8A96-CB13A28A4989} - System32\Tasks\{77A7DFBC-3C5C-48ED-A38F-6DEC9589FD7E} => pcalua.exe -a E:\Driver\setup.exe -d E:\Driver
Task: {85E724A5-C5C5-435F-9201-631A24F3514B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-06-09] (Microsoft Corporation)
Task: {AA4AA929-BC40-4A19-BB5F-40006A45D073} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2012-09-18] (Acer Incorporated)
Task: {B2AF022D-4264-4CA8-A432-4D08941B54DD} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {B39F4286-CB41-4E8B-A96C-9ECCDF09CFFF} - System32\Tasks\{21BF5564-D73B-44F0-B06A-09046295D728} => pcalua.exe -a E:\setup.exe -d E:\
Task: {B7B67FE5-1CFE-41C2-8E99-8764874A0FAE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {C081CBAD-DF50-432B-9B5A-A0BA1DADAC0F} - \BrowserDefendert No Task File <==== ATTENTION
Task: {C151A853-81EF-4C8D-A08D-0C27722E7D73} - \EPUpdater No Task File <==== ATTENTION
Task: {E3CC3F58-509D-42BD-AD54-2D2F937A5B0E} - System32\Tasks\Microsoft_Hardware_Launch_vVX6000_exe => C:\Windows\vVX6000.exe [2010-05-20] (Microsoft Corporation
)
Task: {ECC392DF-FFA3-4336-B2D6-8D41460E2B8B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {F0DE2495-7482-4D61-971A-AA04E7CFBF8E} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2012-09-18] (CyberLink Corp.)
Task: C:\Windows\Tasks\Adobe Acrobat Update Task.job => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GarminUpdaterTask.job => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf89f1fda08b48.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfeadeb7541613.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfff7a2e6aa93.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d041e914e2aa29.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-01-12 14:42 - 2006-02-23 12:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2013-01-12 14:42 - 2006-02-22 11:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-28 18:50 - 2013-05-28 18:50 - 00218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2009-01-22 01:45 - 2009-01-22 01:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2013-04-28 17:51 - 2013-06-20 13:03 - 00386216 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-04-28 17:51 - 2013-06-09 16:05 - 00518824 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-04-28 17:51 - 2013-06-09 16:05 - 00612520 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2015-01-02 19:00 - 2014-12-08 08:27 - 06277952 _____ () C:\Users\Michael\AppData\Local\Amazon Music\Amazon Music Helper.exe
2013-11-17 13:21 - 2014-07-02 10:13 - 01427736 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
2011-08-11 05:58 - 2011-08-11 05:58 - 00627304 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-05-28 18:44 - 2013-05-28 18:44 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2013-05-28 18:42 - 2013-05-28 18:42 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2013-05-28 18:41 - 2013-05-28 18:41 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2013-05-28 18:44 - 2013-05-28 18:44 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2013-05-28 18:45 - 2013-05-28 18:45 - 00627712 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 09789208 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 00035608 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 00309016 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 00322840 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2013-11-17 13:20 - 2014-07-02 10:14 - 03880216 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 00136472 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 02738456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 02116376 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01932568 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 04326168 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll
2013-11-17 13:20 - 2014-02-11 12:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll
2013-11-17 13:20 - 2014-02-11 12:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll
2013-11-17 13:20 - 2014-02-11 12:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01564952 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 05291288 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01698584 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01809688 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01627928 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01117976 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01341208 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01309464 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 07340824 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01286936 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01331480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll
2015-05-09 08:49 - 2015-05-09 08:49 - 00043008 _____ () c:\users\michael\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd2ysf8.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2012-06-28 16:58 - 2012-06-28 16:58 - 00435584 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
2011-08-11 05:57 - 2011-08-11 05:57 - 00151656 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2015-05-09 08:46 - 2015-05-09 08:46 - 00098816 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32api.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00110080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\pywintypes27.dll
2015-05-09 08:46 - 2015-05-09 08:46 - 00364544 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\pythoncom27.dll
2015-05-09 08:47 - 2015-05-09 08:47 - 00045568 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\_socket.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 01161216 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\_ssl.pyd
2015-05-09 08:46 - 2015-05-09 08:46 - 00320512 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32com.shell.shell.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00713216 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\_hashlib.pyd
2015-05-09 08:46 - 2015-05-09 08:46 - 01175040 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._core_.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00805888 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._gdi_.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00811008 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._windows_.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 01062400 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._controls_.pyd
2015-05-09 08:46 - 2015-05-09 08:46 - 00735232 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._misc_.pyd
2015-05-09 08:46 - 2015-05-09 08:46 - 00682496 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\pysqlite2._sqlite.pyd
2015-05-09 08:46 - 2015-05-09 08:46 - 00128512 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\_elementtree.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00127488 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\pyexpat.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00087552 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\_ctypes.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00119808 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32file.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00108544 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32security.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00007168 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\hashobjs_ext.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00167936 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32gui.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00018432 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32event.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00038912 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32inet.pyd
2015-05-09 08:46 - 2015-05-09 08:46 - 00011264 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32crypt.pyd
2015-05-09 08:46 - 2015-05-09 08:46 - 00070656 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._html2.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00027136 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\_multiprocessing.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00020480 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\_yappi.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00035840 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32process.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00686080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\unicodedata.pyd
2015-05-09 08:46 - 2015-05-09 08:46 - 00122368 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._wizard.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00024064 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32pipe.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00010240 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\select.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00025600 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32pdh.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00525640 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\windows._lib_cacheinvalidation.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00017408 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32profile.pyd
2015-05-09 08:46 - 2015-05-09 08:46 - 00022528 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32ts.pyd
2015-05-09 08:46 - 2015-05-09 08:46 - 00078336 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._animate.pyd
2014-10-15 21:15 - 2014-10-15 21:15 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2011-11-24 07:12 - 2010-11-06 00:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-05-02 17:58 - 2015-05-02 17:58 - 16863920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
2013-03-11 00:39 - 2013-03-11 00:39 - 00227192 _____ () C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPButton.dll
2013-03-11 00:39 - 2013-03-11 00:39 - 00051728 _____ () C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPServicePS.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\bayer.com -> hxxps://mymail.bayer.com

IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\123simsen.com -> www.123simsen.com

There are 6847 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Antonia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Antonia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Kerstin(1)\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Kerstin(1)\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\BENJAMIN.ABKM-2012\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\BENJAMIN.ABKM-2012\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{C9D242DC-25AF-4AF2-BB94-DAB940B3A60D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3C47A78D-7CCA-4D2E-A2B7-E41DEC3FB628}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{EF2AD903-CA8A-48B8-BA8D-AC8AF551734A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{7E9724D4-BBC2-4F08-A50C-B5CB49993F4A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9597C05A-1907-40A9-B1FA-916B94D1DCED}] => (Allow) LPort=2869
FirewallRules: [{600BA4A8-53A4-488A-A939-FD6B7E5939A7}] => (Allow) LPort=1900
FirewallRules: [{ED91579B-7073-4D88-BAA2-EF8754A652D9}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{388D3D32-53CD-44B6-9323-AB004EF5B290}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8FE7A59D-113B-4438-84C0-B111496F1CD5}] => (Allow) E:\fsetup.exe
FirewallRules: [{95FE17A3-C1D4-4425-88B5-F0028D7C06FF}] => (Allow) E:\fsetup.exe
FirewallRules: [{E759168D-02CB-4F7F-9789-A00E3C4C33ED}] => (Allow) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
FirewallRules: [{0DF8F296-597C-48D1-9378-706B92E8C884}] => (Allow) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
FirewallRules: [{04364AA0-AAC0-4CA3-9F35-373342E92752}] => (Allow) C:\Program Files\FRITZ!DSL\FBOXUPD.EXE
FirewallRules: [{9B275731-692F-439E-AFEB-1BADAB356C7A}] => (Allow) C:\Program Files\FRITZ!DSL\FBOXUPD.EXE
FirewallRules: [{176F6BD2-E313-4ACD-A144-59FD12CB2D72}] => (Allow) C:\Program Files\FRITZ!DSL\WebwaIgd.exe
FirewallRules: [{C2678EC3-1C35-4B04-B92C-D01FF239B191}] => (Allow) C:\Program Files\FRITZ!DSL\WebwaIgd.exe
FirewallRules: [{71DF01A8-3686-4D06-BEF4-56CDDFDB8AD3}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{763B9429-FF6F-4D99-BA7E-7E69B5EC8DB1}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{82F39FD0-930D-404E-8527-E4DE962866CE}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{D1A32A56-F835-4D22-9FB1-43F39DF56B9E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{0F0DEA32-5E0E-476B-B6F1-F125CB2BE877}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{E2F8D7EF-B881-4C99-9F39-22E35427B00C}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{3861C9F6-A5B8-4F20-B2DB-1E495564DB20}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{0500228A-C9AA-4EBD-9AD2-48446376E7F4}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{ADC8774B-A50A-43FC-B580-A6417F7DE597}] => (Allow) LPort=4481
FirewallRules: [{FE9A06C4-46CD-4772-8F35-BA3C46DBE2A1}] => (Allow) LPort=4481
FirewallRules: [{52BB8DF9-6381-4CC4-A793-831E1E6004BE}] => (Allow) LPort=4482
FirewallRules: [{3B34CFC9-0B67-49DC-9234-4E72BE801B5F}] => (Allow) LPort=4482
FirewallRules: [{E455E453-8EF5-4C02-B3B4-421ABC807F65}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{03E17A5A-B0CC-47E9-BAD5-C75A8C7C44B1}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{8DAE088C-D404-415E-8926-2F3507A41FA6}] => (Allow) LPort=4481
FirewallRules: [{568F1D79-2097-4DE4-BAD1-3B94093A530A}] => (Allow) LPort=4481
FirewallRules: [{EFDA4574-D805-45A3-89F3-730FDE578304}] => (Allow) LPort=4482
FirewallRules: [{69B928F6-04A0-4298-9B3C-6B7ACC7A6EC9}] => (Allow) LPort=4482
FirewallRules: [{D2E880E5-AEA1-46ED-898A-6A869E77B66D}] => (Allow) C:\Users\Michael\AppData\Local\Temp\_ISTMP3.DIR\_ISTMP0.DIR\igd_finder.exe
FirewallRules: [{3C4EA169-3582-4139-8D9E-B2289F585402}] => (Allow) C:\Users\Michael\AppData\Local\Temp\_ISTMP3.DIR\_ISTMP0.DIR\igd_finder.exe
FirewallRules: [{25DCF301-824F-4AAC-B756-B424AF758F22}] => (Allow) LPort=5031
FirewallRules: [{017C46D6-584C-4DA9-8532-7E57F5ACFF03}] => (Allow) C:\Users\Michael\AppData\Local\Temp\_ISTMP3.DIR\_INS5576._MP
FirewallRules: [{6C07132D-B959-40B0-A5E1-9381AB7B1C9C}] => (Allow) C:\Users\Michael\AppData\Local\Temp\_ISTMP3.DIR\_INS5576._MP
FirewallRules: [{8B142A97-0976-4D90-9368-DA57B6AAC677}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS5804\HPDiagnosticCoreUI.exe
FirewallRules: [{73889DA0-43A0-46C8-8CE2-901C1480D76B}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS5804\HPDiagnosticCoreUI.exe
FirewallRules: [{12064533-AE2E-4FD1-A04D-84761BD33E69}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS5961\hppiw.exe
FirewallRules: [{76FB54EB-A124-4BBB-BB3B-3FCE364671B7}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS5961\hppiw.exe
FirewallRules: [{12C49088-AC2B-41B3-9A8B-17329787105A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\FaxApplications.exe
FirewallRules: [{7D58C282-6184-40FA-B1E9-B88575459B1A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\DigitalWizards.exe
FirewallRules: [{51E6148A-6E4C-47FF-BA1B-B903F393D5AE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\SendAFax.exe
FirewallRules: [{7D085111-33A0-411D-A569-C9CA20B02D8A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe
FirewallRules: [{6A16B531-25B3-488F-80A0-42725A2DC96D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
FirewallRules: [{7D309AEE-D794-48BE-8F17-4615E3611BCD}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{B6323A56-ED26-4469-B3C2-FC140CE56DB0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{85BCD67E-C592-4F48-8988-FC32AC54D0D9}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{2F0214AC-E971-4A23-A7CA-81578925B65F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{F17E1B7C-2E36-47E8-AD0C-EA00A86910AA}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{2BBE5713-307F-4357-9FCA-95BCD3CBA5FE}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{81C86BF7-1306-48BB-9818-DD02A255512B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{9F570D08-D86B-4AE3-B9B4-C4F87AD1C4DF}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{EEE78BE8-8619-4972-BAD8-1C7F4D12C781}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{3B2F7565-7D7C-4780-8E4D-8743DEF9B36A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
FirewallRules: [{198864CE-CD10-4C99-BED4-2F4776406330}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\PlayMovie.exe
FirewallRules: [{CCBD6139-73A0-4808-941A-6A9AF6C22291}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{835101D6-156A-4027-B96D-9B62E562C48B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{6841C0F7-C1CD-44B5-84D4-4B980436EAA3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{E1732156-0092-4927-BEC2-CC4B98FD19F3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{8F42CF1E-43AE-4340-933F-B5B8B8949180}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{8828AAC2-9F98-41C5-B32B-24283D063037}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D6C4729D-BC9D-4EEE-8AD0-6303381D8574}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B0920B14-F1C9-405B-91FA-D9933AA65A04}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5B174C98-464A-433E-964D-8A5EE9C9E8EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E0957D46-DACD-4A59-AC15-A24D0DCBE9BE}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{92AE468D-DCF2-46CB-9BE5-354E1664C7C8}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{C24C8CBE-BC4D-4E17-A37E-CEA09DFA0A25}] => (Allow) C:\Users\Kerstin(1)\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{620AE8BA-C9EA-419E-94E0-00DECB5E0E06}] => (Allow) C:\Users\Kerstin(1)\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2CD4582C-2903-4A96-9401-AFEEA51CDB50}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{033B7368-8B98-4E99-A12E-5816EF7B5FCE}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{F09D235F-1111-4387-8B6A-CE939F3E0E6A}] => (Allow) C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe
FirewallRules: [{B38F3C9A-2096-469C-A305-21D6861FF3F7}] => (Allow) C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe
FirewallRules: [{F304595D-4C61-4B9A-BCE0-9FE19F073B2C}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Anno4.exe
FirewallRules: [{8CBC0F82-BF4E-4EC0-AC68-E3001567775A}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Anno4.exe
FirewallRules: [{3011FF30-5F17-48F9-8C84-3A4777535953}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Addon.exe
FirewallRules: [{FF96BB1B-558F-4990-91C8-4E4D2FA10254}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Addon.exe
FirewallRules: [{BFADD09D-72E5-4D79-8A44-B9A9645DBE87}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Anno4Web.exe
FirewallRules: [{BD150C6E-CDA3-4003-8A04-D98BE435618B}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Anno4Web.exe
FirewallRules: [{1512ADE2-6EFF-4D45-AD57-E9C5B220CA9D}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\AddonWeb.exe
FirewallRules: [{0130F6AD-FCE5-4E61-AD27-28B65163BFBC}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\AddonWeb.exe
FirewallRules: [{A77FEDFE-05A2-4A41-881B-EA2F378975D5}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Benchmark.exe
FirewallRules: [{A2C7781F-3A84-4476-980A-0B6CB2776ECE}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Benchmark.exe
FirewallRules: [{936CDF9C-21B0-49EC-B52D-F997BC42AABE}] => (Allow) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FCF49220-9855-4FD5-9828-6E734E926362}] => (Allow) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{2A51E31E-0825-4364-93A9-53B3111D4BEE}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{1DB5141C-2C7E-40E7-BD66-913BD4598F23}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{44CE2C93-06B4-46AF-AADB-422B81A0DAFB}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{BBD53D6A-1025-4870-B795-89896280248E}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{5238C553-D394-4075-9D3E-8D225137B983}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CF0DE276-C226-4232-A414-96F068B790DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{0A88D139-9D09-470A-B142-4F89F58DC8DF}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{7676DAC4-29C8-43B0-A342-7F48B24E1E83}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{BF9CF787-F1FD-4435-A239-8C46C3F0CF24}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{EC599DB0-83EE-44E2-B26A-DEBC3D01BEA9}C:\users\antonia\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\antonia\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{CAD62162-5C9A-4470-B683-DAED6BCB517A}C:\users\antonia\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\antonia\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{4A35D0C8-FFFB-40F6-95B1-B55D33815992}C:\users\kerstin(1)\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kerstin(1)\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{8F250A55-1BAA-45AF-A210-774AAC9CD52F}C:\users\kerstin(1)\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kerstin(1)\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{EA8692AD-A1CC-4676-AD47-FC393025FDAF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{1492FE07-7953-40AC-BCAE-81D5DE405213}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{FD22743B-FE4E-416C-97BF-EA8323EC93CF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Officejet Pro 8500 A910
Description: Officejet Pro 8500 A910
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Officejet Pro 8500 A910
Description: Officejet Pro 8500 A910
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/09/2015 08:47:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2015 05:17:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2015 01:56:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: da8

Startzeit: 01d089841a34ffc9

Endzeit: 4330

Anwendungspfad: C:\Windows\explorer.exe

Berichts-ID: 2898eb48-f579-11e4-85a3-bc05430c7d61

Error: (05/08/2015 01:42:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 127c

Startzeit: 01d089837c06038b

Endzeit: 0

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 51183c0b-f577-11e4-85a3-bc05430c7d61

Error: (05/08/2015 01:38:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2015 01:34:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1b58

Startzeit: 01d089828a6581c6

Endzeit: 31729

Anwendungspfad: C:\Windows\explorer.exe

Berichts-ID: 180a6614-f576-11e4-a1ad-bc05430c7d61

Error: (05/08/2015 01:31:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1218

Startzeit: 01d08981da41eb87

Endzeit: 0

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: c02377cb-f575-11e4-a1ad-bc05430c7d61

Error: (05/08/2015 01:26:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2015 01:19:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1064

Startzeit: 01d0896daae5d564

Endzeit: 60000

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: e89140fb-f573-11e4-b9d8-bc05430c7d61

Error: (05/08/2015 07:52:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/09/2015 10:12:00 AM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "" können nicht gelesen werden.

Error: (05/09/2015 08:52:22 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "HP Network Devices Support" wurde nicht richtig gestartet.

Error: (05/09/2015 08:47:23 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/08/2015 05:36:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (05/08/2015 05:19:25 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Acer" den Befehl "chkdsk" aus.

Error: (05/08/2015 05:19:18 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Acer" den Befehl "chkdsk" aus.

Error: (05/08/2015 05:17:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/08/2015 05:15:35 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎08.‎05.‎2015 um 17:13:24 unerwartet heruntergefahren.

Error: (05/08/2015 04:10:08 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (05/08/2015 01:42:43 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "HP Network Devices Support" wurde nicht richtig gestartet.


Microsoft Office Sessions:
=========================
Error: (05/09/2015 08:47:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2015 05:17:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2015 01:56:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.1.7601.17567da801d089841a34ffc94330C:\Windows\explorer.exe2898eb48-f579-11e4-85a3-bc05430c7d61

Error: (05/08/2015 01:42:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567127c01d089837c06038b0C:\Windows\Explorer.EXE51183c0b-f577-11e4-85a3-bc05430c7d61

Error: (05/08/2015 01:38:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2015 01:34:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.1.7601.175671b5801d089828a6581c631729C:\Windows\explorer.exe180a6614-f576-11e4-a1ad-bc05430c7d61

Error: (05/08/2015 01:31:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567121801d08981da41eb870C:\Windows\Explorer.EXEc02377cb-f575-11e4-a1ad-bc05430c7d61

Error: (05/08/2015 01:26:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2015 01:19:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567106401d0896daae5d56460000C:\Windows\Explorer.EXEe89140fb-f573-11e4-b9d8-bc05430c7d61

Error: (05/08/2015 07:52:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2013-12-30 22:58:28.892
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2013-12-30 22:58:28.817
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2013-12-30 22:58:26.548
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2013-12-30 22:58:26.472
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2013-12-30 22:58:24.288
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2013-12-30 22:58:24.213
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2013-12-30 22:58:22.059
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2013-12-30 22:58:21.995
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2013-12-30 22:58:19.844
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2013-12-30 22:58:19.765
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 62%
Total physical RAM: 4078.01 MB
Available physical RAM: 1547.28 MB
Total Pagefile: 8154.21 MB
Available Pagefile: 4597.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:455.45 GB) (Free:31.73 GB) NTFS
Drive d: (DATA) (Fixed) (Total:455.96 GB) (Free:238.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D991B2E7)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=456 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-09 15:22:05
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.77.0 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Michael\AppData\Local\Temp\kwloipoc.sys

---- Processes - GMER 2.1 ----

Library c:\users\michael\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd2ysf8.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216](2015-05-09 06:49:46) 0000000002e90000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:24) 0000000005a60000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216] (ICU I18N DLL/The ICU Project)(2015-03-04 21:45:30) 000000004a900000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216] (ICU Common DLL/The ICU Project)(2015-03-04 21:45:30) 0000000005e40000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216] (ICU Data DLL/The ICU Project)(2015-03-04 21:45:30) 000000004ad00000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 0000000064af0000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000006770000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216](2015-03-04 21:45:30) 000000000fb40000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000005fb0000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000006e20000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000000f3c0000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000065230000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000061b60000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216](2015-03-04 21:45:30) 000000000fe10000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 0000000004d20000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000629d0000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000000f2e0000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216](2015-03-04 21:45:30) 0000000004dc0000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216](2015-03-04 21:45:30) 0000000004ea0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\python27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048] (Python Core/Python Software Foundation)(2015-05-09 06:47:03) 000000001e000000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32api.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:46:59) 000000001e8c0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\pywintypes27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:03) 000000001e7a0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\pythoncom27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:46:59) 0000000000240000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\_socket.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:00) 00000000002b0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\_ssl.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:03) 0000000010000000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32com.shell.shell.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:46:59) 000000001e800000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\_hashlib.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:03) 00000000004a0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._core_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:46:59) 0000000002d10000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\wxbase294u_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048] (wxWidgets for MSW/wxWidgets development team)(2015-05-09 06:47:03) 0000000002e40000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\wxbase294u_net_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048] (wxWidgets for MSW/wxWidgets development team)(2015-05-09 06:47:04) 00000000002e0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\wxmsw294u_core_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048] (wxWidgets for MSW/wxWidgets development team)(2015-05-09 06:47:03) 0000000003030000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\wxmsw294u_adv_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048] (wxWidgets for MSW/wxWidgets development team)(2015-05-09 06:47:04) 00000000034d0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._gdi_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:03) 0000000003610000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._windows_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:03) 0000000003f20000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\wxmsw294u_html_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048] (wxWidgets for MSW/wxWidgets development team)(2015-05-09 06:47:05) 0000000003ff0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._controls_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:02) 00000000042b0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._misc_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:46:58) 00000000043c0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\pysqlite2._sqlite.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:46:59) 0000000004480000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\_elementtree.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:46:59) 000000001d100000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\pyexpat.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:01) 00000000005b0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\_ctypes.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:00) 000000001d1a0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32file.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:00) 000000001ea10000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32security.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:01) 000000001ec80000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\hashobjs_ext.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:03) 0000000000560000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32gui.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:00) 000000001ea40000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32event.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:01) 000000001e9b0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32inet.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:01) 000000001eaa0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32crypt.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:46:58) 000000001e980000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._html2.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:46:59) 0000000000600000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\wxmsw294u_webview_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048] (wxWidgets for MSW/wxWidgets development team)(2015-05-09 06:47:04) 00000000020b0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\_multiprocessing.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:03) 0000000001f90000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\_yappi.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:02) 00000000020d0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32process.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:03) 000000001ebf0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\unicodedata.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:01) 0000000005750000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._wizard.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:46:58) 00000000020e0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32pipe.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:03) 000000001eb90000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\select.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:01) 00000000036e0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32pdh.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:03) 000000001eb60000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32profile.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:01) 000000001ec20000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32ts.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:46:59) 000000001ed40000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._animate.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:46:59) 00000000036f0000
Library c:\users\michael\appdata\local\temp\7zs5961\hpslpsvc64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [7944] (HP Network Devices Support/Hewlett-Packard Co.)(2013-02-16 20:46:59) 0000000180000000
---- EOF - GMER 2.1 ----
         
--- --- ---
__________________

Alt 09.05.2015, 16:08   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Positiver Befall mit 4 Trojanern unter Windows7 #1 - Standard

Positiver Befall mit 4 Trojanern unter Windows7 #1



Hi,

bitte nur ein Thema, und nicht für jeden Post ein neues Thema eröffnen. Logs bitte immer in Codetags:


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.





Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.05.2015, 14:06   #5
baeuerlein
 
Positiver Befall mit 4 Trojanern unter Windows7 #1 - Standard

Positiver Befall mit 4 Trojanern unter Windows7 #1



Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.05.10.02
  rootkit: v2015.04.21.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17728
yyyyyyy:: xxxxxx [administrator]

10.05.2015 10:04:55
mbar-log-2015-05-10 (10-04-55).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 653413
Time elapsed: 1 hour(s), 27 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Code:
ATTFilter
11:39:29.0334 0x2150  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
11:39:33.0807 0x2150  ============================================================
11:39:33.0807 0x2150  Current date / time: 2015/05/10 11:39:33.0807
11:39:33.0807 0x2150  SystemInfo:
11:39:33.0807 0x2150  
11:39:33.0807 0x2150  OS Version: 6.1.7601 ServicePack: 1.0
11:39:33.0807 0x2150  Product type: Workstation
11:39:33.0807 0x2150  Windows directory: C:\Windows
11:39:33.0807 0x2150  System windows directory: C:\Windows
11:39:33.0807 0x2150  Running under WOW64
11:39:33.0807 0x2150  Processor architecture: Intel x64
11:39:33.0807 0x2150  Number of processors: 4
11:39:33.0807 0x2150  Page size: 0x1000
11:39:33.0807 0x2150  Boot type: Normal boot
11:39:33.0807 0x2150  ============================================================
11:39:34.0124 0x2150  KLMD registered as C:\Windows\system32\drivers\96751957.sys
11:39:35.0004 0x2150  System UUID: {E43104CE-1868-EBDF-27C7-AD63EED8B051}
11:39:36.0249 0x2150  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:39:36.0260 0x2150  Drive \Device\Harddisk4\DR4 - Size: 0x772800000 ( 29.79 Gb ), SectorSize: 0x200, Cylinders: 0xF30, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:39:36.0262 0x2150  ============================================================
11:39:36.0262 0x2150  \Device\Harddisk0\DR0:
11:39:36.0262 0x2150  MBR partitions:
11:39:36.0262 0x2150  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
11:39:36.0262 0x2150  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x38EE7000
11:39:36.0262 0x2150  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3B719800, BlocksNum 0x38FEC800
11:39:36.0262 0x2150  \Device\Harddisk4\DR4:
11:39:36.0263 0x2150  MBR partitions:
11:39:36.0263 0x2150  \Device\Harddisk4\DR4\Partition1: MBR, Type 0xC, StartLBA 0x880, BlocksNum 0x3B93780
11:39:36.0263 0x2150  ============================================================
11:39:36.0287 0x2150  C: <-> \Device\Harddisk0\DR0\Partition2
11:39:36.0327 0x2150  D: <-> \Device\Harddisk0\DR0\Partition3
11:39:36.0327 0x2150  ============================================================
11:39:36.0327 0x2150  Initialize success
11:39:36.0327 0x2150  ============================================================
11:41:36.0475 0x0e1c  ============================================================
11:41:36.0475 0x0e1c  Scan started
11:41:36.0475 0x0e1c  Mode: Manual; SigCheck; TDLFS; 
11:41:36.0475 0x0e1c  ============================================================
11:41:36.0475 0x0e1c  KSN ping started
11:41:39.0215 0x0e1c  KSN ping finished: true
11:41:41.0856 0x0e1c  ================ Scan system memory ========================
11:41:41.0856 0x0e1c  System memory - ok
11:41:41.0856 0x0e1c  ================ Scan services =============================
11:41:42.0046 0x0e1c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
11:41:42.0376 0x0e1c  1394ohci - ok
11:41:42.0456 0x0e1c  [ CF43E9BAEBD41844856D14DBE9C07CD7, C8DE2166B91F74B50EB20D7B588CC7CAAC29F0427D3012140BB7D56A3F4B3450 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
11:41:42.0566 0x0e1c  acedrv11 - ok
11:41:42.0596 0x0e1c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:41:42.0626 0x0e1c  ACPI - ok
11:41:42.0646 0x0e1c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
11:41:42.0726 0x0e1c  AcpiPmi - ok
11:41:42.0896 0x0e1c  [ 982ED373A7701B2FBC2121B30475279D, BB4E38E8AD5E8457DB5D0EE8C781F8064FC044A02FCB2F92587098F131F68888 ] AcrSch2Svc      C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
11:41:42.0936 0x0e1c  AcrSch2Svc - ok
11:41:43.0016 0x0e1c  [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
11:41:43.0066 0x0e1c  Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
11:41:45.0836 0x0e1c  Detect skipped due to KSN trusted
11:41:45.0836 0x0e1c  Adobe LM Service - ok
11:41:45.0896 0x0e1c  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:41:45.0906 0x0e1c  AdobeARMservice - ok
11:41:46.0036 0x0e1c  [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:41:46.0086 0x0e1c  AdobeFlashPlayerUpdateSvc - ok
11:41:46.0136 0x0e1c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
11:41:46.0156 0x0e1c  adp94xx - ok
11:41:46.0176 0x0e1c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
11:41:46.0206 0x0e1c  adpahci - ok
11:41:46.0226 0x0e1c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
11:41:46.0246 0x0e1c  adpu320 - ok
11:41:46.0266 0x0e1c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:41:46.0496 0x0e1c  AeLookupSvc - ok
11:41:46.0546 0x0e1c  [ B794DD8ACC5CC76177156463DAB4BEBB, F12580BB586657D517751C7E00D6AF091865254F6145C58ECA57D371FE04DC9F ] afcdp           C:\Windows\system32\DRIVERS\afcdp.sys
11:41:46.0566 0x0e1c  afcdp - ok
11:41:46.0696 0x0e1c  [ CD2B244F62BA9C4683597E3EDCB0FBE3, 7B6FD4E9B9D28A56B5A005D0ECF46586914AD3F42984918ADC2CDE27912B104C ] afcdpsrv        C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
11:41:46.0796 0x0e1c  afcdpsrv - ok
11:41:46.0856 0x0e1c  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
11:41:46.0926 0x0e1c  AFD - ok
11:41:46.0946 0x0e1c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
11:41:46.0976 0x0e1c  agp440 - ok
11:41:46.0996 0x0e1c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
11:41:47.0086 0x0e1c  ALG - ok
11:41:47.0136 0x0e1c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:41:47.0146 0x0e1c  aliide - ok
11:41:47.0176 0x0e1c  [ 4EAAAAB8759644D572522FBCDD196A13, EF1ECE8073B048C2286F639BA76C523B6B267B64447358383C042BD593194350 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:41:47.0256 0x0e1c  AMD External Events Utility - ok
11:41:47.0286 0x0e1c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
11:41:47.0296 0x0e1c  amdide - ok
11:41:47.0306 0x0e1c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
11:41:47.0356 0x0e1c  AmdK8 - ok
11:41:47.0686 0x0e1c  [ 22A14DF59FB8D0BE918C597988AF4296, 714BD1BB63D732C6D03DFA1C2D81A2E00659C04052E110F0BF1EB74A7CD39B1C ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
11:41:48.0136 0x0e1c  amdkmdag - ok
11:41:48.0176 0x0e1c  [ EE22D3ED6D55A855E709F811CCCA97ED, 179F34CF6E0C2F821EBC0AECF09AAA0867616CCBB5EA6B17891860B27D56AC66 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
11:41:48.0206 0x0e1c  amdkmdap - ok
11:41:48.0216 0x0e1c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
11:41:48.0246 0x0e1c  AmdPPM - ok
11:41:48.0286 0x0e1c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
11:41:48.0296 0x0e1c  amdsata - ok
11:41:48.0316 0x0e1c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
11:41:48.0336 0x0e1c  amdsbs - ok
11:41:48.0346 0x0e1c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
11:41:48.0376 0x0e1c  amdxata - ok
11:41:48.0546 0x0e1c  [ 62A6B0A393591878A1E00224EA698AD7, 691B6E248D0682477543455B67E85C768A4A53A92139E153320ED4E4CED1E010 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
11:41:48.0576 0x0e1c  AntiVirMailService - ok
11:41:48.0676 0x0e1c  [ F36D18EF1E66F92094AD89D17BEF007C, A5C793B340311CB7A301B77316E1976E3CD7CA9470CE5F1062CB003BCD4C155C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
11:41:48.0716 0x0e1c  AntiVirSchedulerService - ok
11:41:48.0796 0x0e1c  [ F36D18EF1E66F92094AD89D17BEF007C, A5C793B340311CB7A301B77316E1976E3CD7CA9470CE5F1062CB003BCD4C155C ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
11:41:48.0816 0x0e1c  AntiVirService - ok
11:41:48.0906 0x0e1c  [ 5B7924A162A604B43FFBEE9384ABE77B, 1A1A836C145BAD330EDC778D4FD18CE737EB10E4B22AE8A39CDDBAAC36B0FF11 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
11:41:48.0936 0x0e1c  AntiVirWebService - ok
11:41:48.0976 0x0e1c  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
11:41:49.0016 0x0e1c  AppID - ok
11:41:49.0036 0x0e1c  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:41:49.0056 0x0e1c  AppIDSvc - ok
11:41:49.0106 0x0e1c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
11:41:49.0146 0x0e1c  Appinfo - ok
11:41:49.0276 0x0e1c  [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:41:49.0306 0x0e1c  Apple Mobile Device Service - ok
11:41:49.0336 0x0e1c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
11:41:49.0366 0x0e1c  arc - ok
11:41:49.0396 0x0e1c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
11:41:49.0406 0x0e1c  arcsas - ok
11:41:49.0546 0x0e1c  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:41:49.0596 0x0e1c  aspnet_state - ok
11:41:49.0616 0x0e1c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:41:49.0656 0x0e1c  AsyncMac - ok
11:41:49.0716 0x0e1c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
11:41:49.0726 0x0e1c  atapi - ok
11:41:49.0756 0x0e1c  [ 437F55435623D4D54D36197F5AD8B435, CE004F1E3299E39AFD70C8618253901614C0F3DBD594B6F0E1BA294C7B47FAD6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
11:41:49.0796 0x0e1c  AtiHDAudioService - ok
11:41:49.0856 0x0e1c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:41:49.0936 0x0e1c  AudioEndpointBuilder - ok
11:41:49.0966 0x0e1c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
11:41:49.0986 0x0e1c  AudioSrv - ok
11:41:50.0056 0x0e1c  [ 00BF66D168E1A7AA7E1C9F458BBA0B34, 3D3C42E87B3649819EED685D93417D61EB84FE39B3F4D4943721AE74026DE11B ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
11:41:50.0086 0x0e1c  avgntflt - ok
11:41:50.0146 0x0e1c  [ 055D318220DD4593F2A8C8FF83707D36, 93566931D019D4D4C35C3E2E4E9BAF87BEF863E1B40B2B03ED87EF5C28F908DE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
11:41:50.0166 0x0e1c  avipbb - ok
11:41:50.0196 0x0e1c  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
11:41:50.0206 0x0e1c  avkmgr - ok
11:41:50.0276 0x0e1c  [ C6F4C466B654C1BE98AF31418BB5AC30, 62AA4456F8E22A6E508EB44DE4309615057117AAF923C13BBED15AA39630E76B ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
11:41:50.0316 0x0e1c  AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic ( 1 )
11:41:52.0847 0x0e1c  Detect skipped due to KSN trusted
11:41:52.0847 0x0e1c  AVM WLAN Connection Service - ok
11:41:52.0897 0x0e1c  [ 1DC2F715792CF33428AD7993ACBD224D, 129FBD517E016914CD61C35894C0B9B2074E680F1EB21201597E5C13CAF4529F ] avmeject        C:\Windows\system32\drivers\avmeject.sys
11:41:52.0897 0x0e1c  avmeject - ok
11:41:52.0957 0x0e1c  [ CE7793573FA4E70033D907DD919FF648, 3785CB15F95DAEA28ADE80A911C58D092499A116761AF9C8356ED0F2D19130E8 ] avmident        C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe
11:41:52.0987 0x0e1c  avmident - detected UnsignedFile.Multi.Generic ( 1 )
11:41:55.0737 0x0e1c  Detect skipped due to KSN trusted
11:41:55.0737 0x0e1c  avmident - ok
11:41:55.0807 0x0e1c  [ 13253E5E3B6BDF945B63B336A8C9489B, 671C716E43F89D4BDDAA2BE045CDEBBB569C85BC2BA334E1F550187B79A7740D ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
11:41:55.0827 0x0e1c  avnetflt - ok
11:41:55.0877 0x0e1c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:41:55.0957 0x0e1c  AxInstSV - ok
11:41:56.0007 0x0e1c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
11:41:56.0057 0x0e1c  b06bdrv - ok
11:41:56.0087 0x0e1c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
11:41:56.0127 0x0e1c  b57nd60a - ok
11:41:56.0177 0x0e1c  [ 87F3BCF82A63E900AF896CD930BF7E05, A68141E81D0541DDC1863FAC0DDBF0362641B8B0DBE06D645D00CC0DB36B30BB ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
11:41:56.0207 0x0e1c  BBSvc - ok
11:41:56.0247 0x0e1c  [ 78779EE07231C658B483B1F38B5088DF, 42DE06151DA17C218067CA3A22509BC626CB505F87238E39D024CE29554EF47D ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
11:41:56.0257 0x0e1c  BBUpdate - ok
11:41:56.0287 0x0e1c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
11:41:56.0337 0x0e1c  BDESVC - ok
11:41:56.0347 0x0e1c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:41:56.0367 0x0e1c  Beep - ok
11:41:56.0407 0x0e1c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
11:41:56.0487 0x0e1c  BFE - ok
11:41:56.0537 0x0e1c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
11:41:56.0677 0x0e1c  BITS - ok
11:41:56.0797 0x0e1c  [ 686045905787B68D829CE647A6DFAD2B, 09B925A3E02B3BA45D5D408B59A279D3255AC854B3B696E243DCD14EF18CEC92 ] Blackberry Device Manager C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
11:41:56.0827 0x0e1c  Blackberry Device Manager - detected UnsignedFile.Multi.Generic ( 1 )
11:41:59.0327 0x0e1c  Detect skipped due to KSN trusted
11:41:59.0327 0x0e1c  Blackberry Device Manager - ok
11:41:59.0347 0x0e1c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
11:41:59.0377 0x0e1c  blbdrive - ok
11:41:59.0457 0x0e1c  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:41:59.0487 0x0e1c  Bonjour Service - ok
11:41:59.0527 0x0e1c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:41:59.0567 0x0e1c  bowser - ok
11:41:59.0597 0x0e1c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
11:41:59.0607 0x0e1c  BrFiltLo - ok
11:41:59.0617 0x0e1c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
11:41:59.0627 0x0e1c  BrFiltUp - ok
11:41:59.0677 0x0e1c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
11:41:59.0737 0x0e1c  Browser - ok
11:41:59.0737 0x0e1c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
11:41:59.0787 0x0e1c  Brserid - ok
11:41:59.0787 0x0e1c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:41:59.0797 0x0e1c  BrSerWdm - ok
11:41:59.0807 0x0e1c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:41:59.0827 0x0e1c  BrUsbMdm - ok
11:41:59.0827 0x0e1c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:41:59.0857 0x0e1c  BrUsbSer - ok
11:41:59.0857 0x0e1c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
11:41:59.0877 0x0e1c  BTHMODEM - ok
11:41:59.0907 0x0e1c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
11:41:59.0937 0x0e1c  bthserv - ok
11:42:00.0067 0x0e1c  [ 1F79342D9EB530A48742F651E570983A, 99E0B613C23FA8591E248DFA6FF2D3EE19E262BE6E070A0E43E256B69687017F ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
11:42:00.0117 0x0e1c  c2cautoupdatesvc - ok
11:42:00.0197 0x0e1c  [ E4938E0A376CF0B9D989EE5C0A146891, 9DF6AB5781CD60862D9664CA9A8AF0696A1FB6D09D804CD8DE9630F40DE59E90 ] c2cpnrsvc       C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
11:42:00.0257 0x0e1c  c2cpnrsvc - ok
11:42:00.0267 0x0e1c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:42:00.0297 0x0e1c  cdfs - ok
11:42:00.0327 0x0e1c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:42:00.0357 0x0e1c  cdrom - ok
11:42:00.0387 0x0e1c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
11:42:00.0417 0x0e1c  CertPropSvc - ok
11:42:00.0427 0x0e1c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
11:42:00.0447 0x0e1c  circlass - ok
11:42:00.0497 0x0e1c  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
11:42:00.0527 0x0e1c  CLFS - ok
11:42:00.0587 0x0e1c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:42:00.0617 0x0e1c  clr_optimization_v2.0.50727_32 - ok
11:42:00.0687 0x0e1c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:42:00.0697 0x0e1c  clr_optimization_v2.0.50727_64 - ok
11:42:00.0797 0x0e1c  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:42:00.0827 0x0e1c  clr_optimization_v4.0.30319_32 - ok
11:42:00.0847 0x0e1c  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:42:00.0957 0x0e1c  clr_optimization_v4.0.30319_64 - ok
11:42:00.0967 0x0e1c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
11:42:00.0997 0x0e1c  CmBatt - ok
11:42:01.0017 0x0e1c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:42:01.0027 0x0e1c  cmdide - ok
11:42:01.0077 0x0e1c  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
11:42:01.0107 0x0e1c  CNG - ok
11:42:01.0127 0x0e1c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
11:42:01.0137 0x0e1c  Compbatt - ok
11:42:01.0157 0x0e1c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
11:42:01.0187 0x0e1c  CompositeBus - ok
11:42:01.0207 0x0e1c  COMSysApp - ok
11:42:01.0217 0x0e1c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
11:42:01.0247 0x0e1c  crcdisk - ok
11:42:01.0277 0x0e1c  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:42:01.0317 0x0e1c  CryptSvc - ok
11:42:01.0357 0x0e1c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:42:01.0407 0x0e1c  DcomLaunch - ok
11:42:01.0437 0x0e1c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
11:42:01.0507 0x0e1c  defragsvc - ok
11:42:01.0537 0x0e1c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:42:01.0587 0x0e1c  DfsC - ok
11:42:01.0637 0x0e1c  [ 30710AEFCE721CEEE0F35EB6A01C263C, FB062EC86474D38BBC38E11E2618A9505001C287430B495C482977BBE58017C8 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
11:42:01.0647 0x0e1c  dg_ssudbus - ok
11:42:01.0677 0x0e1c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:42:01.0737 0x0e1c  Dhcp - ok
11:42:01.0847 0x0e1c  [ 614D2BFDCD6EEB88EA136C0F4C9B0075, 7DDD878A5BF7C72561DCA2865E29F7D4E2DB2C4E912C2963F2515D252ADC1FC9 ] DirMngr         C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
11:42:01.0867 0x0e1c  DirMngr - detected UnsignedFile.Multi.Generic ( 1 )
11:42:04.0388 0x0e1c  Detect skipped due to KSN trusted
11:42:04.0388 0x0e1c  DirMngr - ok
11:42:04.0398 0x0e1c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
11:42:04.0438 0x0e1c  discache - ok
11:42:04.0468 0x0e1c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
11:42:04.0488 0x0e1c  Disk - ok
11:42:04.0508 0x0e1c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:42:04.0548 0x0e1c  Dnscache - ok
11:42:04.0568 0x0e1c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:42:04.0608 0x0e1c  dot3svc - ok
11:42:04.0628 0x0e1c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
11:42:04.0658 0x0e1c  DPS - ok
11:42:04.0698 0x0e1c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:42:04.0718 0x0e1c  drmkaud - ok
11:42:04.0768 0x0e1c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:42:04.0808 0x0e1c  DXGKrnl - ok
11:42:04.0878 0x0e1c  [ 1BEF2C2E229452EC49FFE5A27283341D, 7010273570BD38E578FCF1DD2EB00C21E8FA3504CE2342AEE3755F6EFC4581E9 ] e1cexpress      C:\Windows\system32\DRIVERS\e1c62x64.sys
11:42:04.0898 0x0e1c  e1cexpress - ok
11:42:04.0908 0x0e1c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
11:42:04.0958 0x0e1c  EapHost - ok
11:42:05.0058 0x0e1c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
11:42:05.0208 0x0e1c  ebdrv - ok
11:42:05.0238 0x0e1c  [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] EFS             C:\Windows\System32\lsass.exe
11:42:05.0278 0x0e1c  EFS - ok
11:42:05.0328 0x0e1c  [ 18DD872DD46ACB24E106DC2C9C270466, 7531A880DE4EFA08828B7927A687A10B71BA272C9E88631ED39EAE42E2FF9AD2 ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
11:42:05.0368 0x0e1c  EgisTec Ticket Service - ok
11:42:05.0438 0x0e1c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:42:05.0508 0x0e1c  ehRecvr - ok
11:42:05.0528 0x0e1c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
11:42:05.0568 0x0e1c  ehSched - ok
11:42:05.0608 0x0e1c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
11:42:05.0628 0x0e1c  elxstor - ok
11:42:05.0628 0x0e1c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:42:05.0648 0x0e1c  ErrDev - ok
11:42:05.0688 0x0e1c  [ E10EC316FBA637E824C76ECEFA1C2526, 942CFE98118133921D6CF8D56540F824694427B2E6FE1A44B581192A08FE8443 ] EtronHub3       C:\Windows\system32\Drivers\EtronHub3.sys
11:42:05.0728 0x0e1c  EtronHub3 - ok
11:42:05.0758 0x0e1c  [ 1520F844CC40D1B9C830AEC1AE963182, E43406B8278E21B5AA5AE03787888E0540F03913ECF76EC5F175D4B39FB79B07 ] EtronXHCI       C:\Windows\system32\Drivers\EtronXHCI.sys
11:42:05.0768 0x0e1c  EtronXHCI - ok
11:42:05.0808 0x0e1c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
11:42:05.0878 0x0e1c  EventSystem - ok
11:42:05.0898 0x0e1c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
11:42:05.0928 0x0e1c  exfat - ok
11:42:05.0938 0x0e1c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:42:05.0988 0x0e1c  fastfat - ok
11:42:06.0018 0x0e1c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
11:42:06.0048 0x0e1c  Fax - ok
11:42:06.0058 0x0e1c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
11:42:06.0068 0x0e1c  fdc - ok
11:42:06.0088 0x0e1c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
11:42:06.0138 0x0e1c  fdPHost - ok
11:42:06.0158 0x0e1c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:42:06.0208 0x0e1c  FDResPub - ok
11:42:06.0228 0x0e1c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:42:06.0238 0x0e1c  FileInfo - ok
11:42:06.0248 0x0e1c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:42:06.0298 0x0e1c  Filetrace - ok
11:42:06.0298 0x0e1c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
11:42:06.0308 0x0e1c  flpydisk - ok
11:42:06.0328 0x0e1c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:42:06.0338 0x0e1c  FltMgr - ok
11:42:06.0368 0x0e1c  [ D4463A74E1BFBF3FB9B4FC6CF5390152, 88797B2C3AA5AF8F8A4FF1E25B23D9947A687EB6B4286C9A1F81177244664A58 ] fltsrv          C:\Windows\system32\DRIVERS\fltsrv.sys
11:42:06.0378 0x0e1c  fltsrv - ok
11:42:06.0458 0x0e1c  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
11:42:06.0538 0x0e1c  FontCache - ok
11:42:06.0588 0x0e1c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:42:06.0628 0x0e1c  FontCache3.0.0.0 - ok
11:42:06.0648 0x0e1c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:42:06.0658 0x0e1c  FsDepends - ok
11:42:06.0748 0x0e1c  [ DDEE99DC54EFA20BD5A442CD733C4462, 941D6C5D91F6419198F1A53BF7D33AA2D9118CEAC028B6ED8E5308751810B9B5 ] FsUsbExDisk     C:\Windows\SysWOW64\FsUsbExDisk.SYS
11:42:06.0788 0x0e1c  FsUsbExDisk - detected UnsignedFile.Multi.Generic ( 1 )
11:42:09.0298 0x0e1c  Detect skipped due to KSN trusted
11:42:09.0298 0x0e1c  FsUsbExDisk - ok
11:42:09.0338 0x0e1c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:42:09.0358 0x0e1c  Fs_Rec - ok
11:42:09.0418 0x0e1c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:42:09.0438 0x0e1c  fvevol - ok
11:42:09.0468 0x0e1c  [ 444534CBA693DD23C1CC589681E01656, DF8ED7FFA66E0A88EBB58A491A177D8CEB35B08B0911D7A1F4B8865755DC27CE ] FWLANUSB        C:\Windows\system32\DRIVERS\fwlanusb.sys
11:42:09.0528 0x0e1c  FWLANUSB - ok
11:42:09.0588 0x0e1c  [ 15585492E45E2F30768B2D5B57929D99, C5E6A943C78AAFE10FD9C913324083DD4B3D2F1D998A38C8B69FDEAF22246527 ] fwlanusbn       C:\Windows\system32\DRIVERS\fwlanusbn.sys
11:42:09.0668 0x0e1c  fwlanusbn - ok
11:42:09.0708 0x0e1c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
11:42:09.0718 0x0e1c  gagp30kx - ok
11:42:09.0768 0x0e1c  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
11:42:09.0798 0x0e1c  GamesAppService - ok
11:42:09.0908 0x0e1c  [ 805DAC448BEBDA900BF5520AB27D9616, C0A2935C75EC4B3D860E68ABAE6756D6D4B31BA9AFD742FF9C0B6ED11BEFD163 ] Garmin Device Interaction Service C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
11:42:09.0958 0x0e1c  Garmin Device Interaction Service - ok
11:42:09.0988 0x0e1c  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:42:09.0998 0x0e1c  GEARAspiWDM - ok
11:42:10.0038 0x0e1c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
11:42:10.0098 0x0e1c  gpsvc - ok
11:42:10.0148 0x0e1c  [ C9B2D1D3F86FD3673EF847DEF73B6F9E, 9D3822A6464F685F770F8D02A8AE623A676888F135E8425C3BAF1CC077429A7F ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
11:42:10.0168 0x0e1c  GREGService - ok
11:42:10.0218 0x0e1c  [ B9893A68032A6D9ADDB5B98287C630F7, F0280764D7B31F1EA634E91397229B1C064A7C1B3A77A6BBD123CEA74180789F ] grmnusb         C:\Windows\system32\drivers\grmnusb.sys
11:42:10.0228 0x0e1c  grmnusb - ok
11:42:10.0278 0x0e1c  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:42:10.0278 0x0e1c  gupdate - ok
11:42:10.0288 0x0e1c  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:42:10.0298 0x0e1c  gupdatem - ok
11:42:10.0368 0x0e1c  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:42:10.0398 0x0e1c  gusvc - ok
11:42:10.0428 0x0e1c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:42:10.0468 0x0e1c  hcw85cir - ok
11:42:10.0498 0x0e1c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:42:10.0538 0x0e1c  HdAudAddService - ok
11:42:10.0568 0x0e1c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
11:42:10.0598 0x0e1c  HDAudBus - ok
11:42:10.0608 0x0e1c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
11:42:10.0648 0x0e1c  HidBatt - ok
11:42:10.0658 0x0e1c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
11:42:10.0678 0x0e1c  HidBth - ok
11:42:10.0678 0x0e1c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
11:42:10.0698 0x0e1c  HidIr - ok
11:42:10.0728 0x0e1c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
11:42:10.0768 0x0e1c  hidserv - ok
11:42:10.0828 0x0e1c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:42:10.0858 0x0e1c  HidUsb - ok
11:42:10.0878 0x0e1c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:42:10.0908 0x0e1c  hkmsvc - ok
11:42:10.0938 0x0e1c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:42:10.0988 0x0e1c  HomeGroupListener - ok
11:42:11.0018 0x0e1c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:42:11.0068 0x0e1c  HomeGroupProvider - ok
11:42:11.0078 0x0e1c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:42:11.0098 0x0e1c  HpSAMD - ok
11:42:11.0408 0x0e1c  [ F37882F128EFACEFE353E0BAE2766909, 2F9D21613500F092DFC0DB879180B549EE615D9B07408A5CC1A7F84663B2F47A ] HPSLPSVC        C:\Users\Michael\AppData\Local\Temp\7zS5961\hpslpsvc64.dll
11:42:11.0458 0x0e1c  HPSLPSVC - detected UnsignedFile.Multi.Generic ( 1 )
11:42:13.0989 0x0e1c  Detect skipped due to KSN trusted
11:42:13.0989 0x0e1c  HPSLPSVC - ok
11:42:14.0129 0x0e1c  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:42:14.0199 0x0e1c  HTTP - ok
11:42:14.0229 0x0e1c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:42:14.0239 0x0e1c  hwpolicy - ok
11:42:14.0259 0x0e1c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
11:42:14.0289 0x0e1c  i8042prt - ok
11:42:14.0329 0x0e1c  [ D7921D5A870B11CC1ADAB198A519D50A, 5DF99EB5D5504E9D9EB21658E8B4A58DEE2AD143A1875DB7F9B7BF4877FCB57F ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
11:42:14.0349 0x0e1c  iaStor - ok
11:42:14.0419 0x0e1c  [ 8FFF9083252C16FE3960173722605E9E, 6546FDA34B9AF94C5E86E5269BBC2F02F1E78D6D4BE5B5EC01F4B284CC934994 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
11:42:14.0419 0x0e1c  IAStorDataMgrSvc - ok
11:42:14.0459 0x0e1c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
11:42:14.0479 0x0e1c  iaStorV - ok
11:42:14.0579 0x0e1c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:42:14.0629 0x0e1c  idsvc - ok
11:42:14.0669 0x0e1c  IEEtwCollectorService - ok
11:42:14.0749 0x0e1c  [ AC9EBDE25DB39A35E1CEB0441BA7A464, 6C53EC55E8FB4B23FE418613DC3458B4E0D2828304A478D57D992A3048899435 ] IGDCTRL         C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
11:42:14.0759 0x0e1c  IGDCTRL - ok
11:42:14.0769 0x0e1c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
11:42:14.0779 0x0e1c  iirsp - ok
11:42:14.0829 0x0e1c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
11:42:14.0889 0x0e1c  IKEEXT - ok
11:42:14.0979 0x0e1c  [ 82D0C8C47F6A52B695F405661D1DF50E, 338894EC24CB4D04926DDB2A7E4281D8F0FDBC5E491ACB38132899CA8AA1A608 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:42:15.0099 0x0e1c  IntcAzAudAddService - ok
11:42:15.0129 0x0e1c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
11:42:15.0139 0x0e1c  intelide - ok
11:42:15.0159 0x0e1c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:42:15.0189 0x0e1c  intelppm - ok
11:42:15.0209 0x0e1c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:42:15.0259 0x0e1c  IPBusEnum - ok
11:42:15.0279 0x0e1c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:42:15.0329 0x0e1c  IpFilterDriver - ok
11:42:15.0369 0x0e1c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:42:15.0429 0x0e1c  iphlpsvc - ok
11:42:15.0439 0x0e1c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
11:42:15.0469 0x0e1c  IPMIDRV - ok
11:42:15.0489 0x0e1c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
11:42:15.0529 0x0e1c  IPNAT - ok
11:42:15.0639 0x0e1c  [ 87F8EDF63C97BF0BF21359A3D8ABF0C7, BAAAE1DE50EBD1BCE46F33C5F3A7F3C39F61AB21416D78DAA7F8A19F38F67269 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
11:42:15.0659 0x0e1c  iPod Service - ok
11:42:15.0679 0x0e1c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:42:15.0699 0x0e1c  IRENUM - ok
11:42:15.0709 0x0e1c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:42:15.0729 0x0e1c  isapnp - ok
11:42:15.0769 0x0e1c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
11:42:15.0789 0x0e1c  iScsiPrt - ok
11:42:15.0809 0x0e1c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:42:15.0829 0x0e1c  kbdclass - ok
11:42:15.0839 0x0e1c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
11:42:15.0869 0x0e1c  kbdhid - ok
11:42:15.0899 0x0e1c  [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] KeyIso          C:\Windows\system32\lsass.exe
11:42:15.0909 0x0e1c  KeyIso - ok
11:42:15.0929 0x0e1c  [ 063C09DB965E3DFD6F4F08416F6DB8F5, 0BE015C59288397536B3941BA55EFE0CF06714BC43FF3A33A1D844B4E0F16097 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:42:15.0939 0x0e1c  KSecDD - ok
11:42:15.0959 0x0e1c  [ 1FA627E63195BF3BF636BFEF0D7190D4, 794456605303F4916E81BE899E0B05CB070094E719ADA8BE8072A761E35CA8E9 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
11:42:15.0989 0x0e1c  KSecPkg - ok
11:42:15.0999 0x0e1c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
11:42:16.0029 0x0e1c  ksthunk - ok
11:42:16.0059 0x0e1c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:42:16.0099 0x0e1c  KtmRm - ok
11:42:16.0139 0x0e1c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
11:42:16.0189 0x0e1c  LanmanServer - ok
11:42:16.0209 0x0e1c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:42:16.0259 0x0e1c  LanmanWorkstation - ok
11:42:16.0299 0x0e1c  [ B705C7097F9A0EC941D02DCE7C7D426C, 1A137BEA25BF7BA1EF190212CD6E556B53293D6388E9F7E790BF53F641F3CF89 ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
11:42:16.0309 0x0e1c  Live Updater Service - ok
11:42:16.0329 0x0e1c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:42:16.0369 0x0e1c  lltdio - ok
11:42:16.0399 0x0e1c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:42:16.0449 0x0e1c  lltdsvc - ok
11:42:16.0469 0x0e1c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:42:16.0509 0x0e1c  lmhosts - ok
11:42:16.0549 0x0e1c  [ 2ED1786B7542CDA261029F6B526EDF44, C6131B65B045EF5B4F62CF6CF089DF0921BA6A8EFC83BCBA45D5DDE78E9D78E2 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
11:42:16.0559 0x0e1c  LMS - ok
11:42:16.0599 0x0e1c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
11:42:16.0609 0x0e1c  LSI_FC - ok
11:42:16.0619 0x0e1c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
11:42:16.0629 0x0e1c  LSI_SAS - ok
11:42:16.0649 0x0e1c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
11:42:16.0659 0x0e1c  LSI_SAS2 - ok
11:42:16.0659 0x0e1c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
11:42:16.0679 0x0e1c  LSI_SCSI - ok
11:42:16.0699 0x0e1c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
11:42:16.0729 0x0e1c  luafv - ok
11:42:16.0769 0x0e1c  [ 1E9E32AEC3E1EB1B31B8169F33168B56, 39114585E1FDBBA31E1F781C6A627281907183F94626EB347B08D1F78992ED2A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
11:42:16.0799 0x0e1c  MBAMProtector - ok
11:42:16.0879 0x0e1c  [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
11:42:16.0929 0x0e1c  MBAMService - ok
11:42:16.0959 0x0e1c  [ F49FB3C88E263AE9A246593B0BB29294, FB53D6FA4A98B98334DCFF81E40712265256D31A9E9FF36022887BABD50F39EB ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
11:42:16.0969 0x0e1c  MBAMWebAccessControl - ok
11:42:16.0979 0x0e1c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:42:17.0009 0x0e1c  Mcx2Svc - ok
11:42:17.0029 0x0e1c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
11:42:17.0039 0x0e1c  megasas - ok
11:42:17.0069 0x0e1c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
11:42:17.0089 0x0e1c  MegaSR - ok
11:42:17.0119 0x0e1c  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
11:42:17.0129 0x0e1c  MEIx64 - ok
         


Alt 10.05.2015, 14:07   #6
baeuerlein
 
Positiver Befall mit 4 Trojanern unter Windows7 #1 - Standard

Positiver Befall mit 4 Trojanern unter Windows7 #1



Code:
ATTFilter
11:42:17.0189 0x0e1c  Microsoft SharePoint Workspace Audit Service - ok
11:42:17.0219 0x0e1c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
11:42:17.0269 0x0e1c  MMCSS - ok
11:42:17.0289 0x0e1c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
11:42:17.0319 0x0e1c  Modem - ok
11:42:17.0349 0x0e1c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:42:17.0359 0x0e1c  monitor - ok
11:42:17.0369 0x0e1c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:42:17.0379 0x0e1c  mouclass - ok
11:42:17.0409 0x0e1c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
11:42:17.0429 0x0e1c  mouhid - ok
11:42:17.0469 0x0e1c  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:42:17.0479 0x0e1c  mountmgr - ok
11:42:17.0539 0x0e1c  [ 03D14BF1DC59130002F6B8BA3AD89DB9, 1729CCD8AAF51CDB86ED67569974D0B6B1CFFA5F90EF6E6004B0D8A305D88C27 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:42:17.0599 0x0e1c  MozillaMaintenance - ok
11:42:17.0619 0x0e1c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:42:17.0639 0x0e1c  mpio - ok
11:42:17.0659 0x0e1c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:42:17.0689 0x0e1c  mpsdrv - ok
11:42:17.0709 0x0e1c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:42:17.0779 0x0e1c  MpsSvc - ok
11:42:17.0809 0x0e1c  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:42:17.0849 0x0e1c  MRxDAV - ok
11:42:17.0869 0x0e1c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:42:17.0919 0x0e1c  mrxsmb - ok
11:42:17.0939 0x0e1c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:42:17.0959 0x0e1c  mrxsmb10 - ok
11:42:17.0969 0x0e1c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:42:17.0999 0x0e1c  mrxsmb20 - ok
11:42:18.0019 0x0e1c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
11:42:18.0029 0x0e1c  msahci - ok
11:42:18.0079 0x0e1c  [ 41FB1D61DF09C36CCAB0B04EEC66F6D5, C6D0F6B8429656C56A142F95AF0B4A85DD4B78A735664C8775F49C3B04C564B7 ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS64.exe
11:42:18.0089 0x0e1c  MSCamSvc - ok
11:42:18.0119 0x0e1c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:42:18.0149 0x0e1c  msdsm - ok
11:42:18.0169 0x0e1c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
11:42:18.0199 0x0e1c  MSDTC - ok
11:42:18.0219 0x0e1c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:42:18.0269 0x0e1c  Msfs - ok
11:42:18.0289 0x0e1c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
11:42:18.0329 0x0e1c  mshidkmdf - ok
11:42:18.0369 0x0e1c  [ BB590070D606AE6F008341FC9A7B2AD7, CF1073A093E679C5BCA19681789FBB85A8286E356F2C0609E0B446DF65A86E29 ] MSHUSBVideo     C:\Windows\system32\Drivers\nx6000.sys
11:42:18.0379 0x0e1c  MSHUSBVideo - ok
11:42:18.0389 0x0e1c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:42:18.0399 0x0e1c  msisadrv - ok
11:42:18.0429 0x0e1c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:42:18.0459 0x0e1c  MSiSCSI - ok
11:42:18.0459 0x0e1c  msiserver - ok
11:42:18.0479 0x0e1c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:42:18.0509 0x0e1c  MSKSSRV - ok
11:42:18.0519 0x0e1c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:42:18.0549 0x0e1c  MSPCLOCK - ok
11:42:18.0549 0x0e1c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:42:18.0579 0x0e1c  MSPQM - ok
11:42:18.0589 0x0e1c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:42:18.0609 0x0e1c  MsRPC - ok
11:42:18.0609 0x0e1c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
11:42:18.0619 0x0e1c  mssmbios - ok
11:42:18.0619 0x0e1c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:42:18.0659 0x0e1c  MSTEE - ok
11:42:18.0659 0x0e1c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
11:42:18.0669 0x0e1c  MTConfig - ok
11:42:18.0689 0x0e1c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
11:42:18.0699 0x0e1c  Mup - ok
11:42:18.0719 0x0e1c  [ C009123B206C56854F4E88596035231D, 670403A40B425F77C90ECB048A0C8BC11FB19E40A8CECC2C3DCF79175B745863 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
11:42:18.0739 0x0e1c  mwlPSDFilter - ok
11:42:18.0769 0x0e1c  [ BF3739EEB9F008B1DEBAC115089A53F8, 8546AB69087656259BBE17D6F80F4AB164B04171673CE2BF9FFD1B5C9584E9A4 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
11:42:18.0779 0x0e1c  mwlPSDNServ - ok
11:42:18.0799 0x0e1c  [ 38DD143D95E7A01B86F219DDA9C28779, 5FA8C0595CCF835DBCE1CC5322E8FD4BFB6DFB6CF869BB7CB73F919445D469AA ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
11:42:18.0809 0x0e1c  mwlPSDVDisk - ok
11:42:18.0839 0x0e1c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
11:42:18.0889 0x0e1c  napagent - ok
11:42:18.0929 0x0e1c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:42:18.0949 0x0e1c  NativeWifiP - ok
11:42:19.0019 0x0e1c  [ E59AFB64C2F6E0C99350E1C944C75088, 10A9044192D0A83857A57286EABB05037922860483DA2B05AFCC485A8311E4EF ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
11:42:19.0039 0x0e1c  NAUpdate - ok
11:42:19.0099 0x0e1c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:42:19.0119 0x0e1c  NDIS - ok
11:42:19.0129 0x0e1c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
11:42:19.0169 0x0e1c  NdisCap - ok
11:42:19.0199 0x0e1c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:42:19.0259 0x0e1c  NdisTapi - ok
11:42:19.0289 0x0e1c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:42:19.0319 0x0e1c  Ndisuio - ok
11:42:19.0329 0x0e1c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:42:19.0359 0x0e1c  NdisWan - ok
11:42:19.0369 0x0e1c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:42:19.0389 0x0e1c  NDProxy - ok
11:42:19.0409 0x0e1c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:42:19.0429 0x0e1c  NetBIOS - ok
11:42:19.0449 0x0e1c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
11:42:19.0489 0x0e1c  NetBT - ok
11:42:19.0519 0x0e1c  [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] Netlogon        C:\Windows\system32\lsass.exe
11:42:19.0539 0x0e1c  Netlogon - ok
11:42:19.0569 0x0e1c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
11:42:19.0619 0x0e1c  Netman - ok
11:42:19.0729 0x0e1c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:42:19.0799 0x0e1c  NetMsmqActivator - ok
11:42:19.0819 0x0e1c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:42:19.0829 0x0e1c  NetPipeActivator - ok
11:42:19.0839 0x0e1c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
11:42:19.0919 0x0e1c  netprofm - ok
11:42:19.0959 0x0e1c  [ B72BB9496A126FCFC7FC5945DED9B411, FA5CC4E93761FB2B59B9B34C699B1486560BDB39280AB1125DE42DB7C4BE303A ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
11:42:20.0009 0x0e1c  netr28x - ok
11:42:20.0029 0x0e1c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:42:20.0039 0x0e1c  NetTcpActivator - ok
11:42:20.0039 0x0e1c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:42:20.0049 0x0e1c  NetTcpPortSharing - ok
11:42:20.0069 0x0e1c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
11:42:20.0079 0x0e1c  nfrd960 - ok
11:42:20.0109 0x0e1c  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:42:20.0139 0x0e1c  NlaSvc - ok
11:42:20.0249 0x0e1c  [ 5839A8027D6D324A7CD494051A96628C, 474F2D0BB463ABE68D7C4D2C630860AED4B722EC62C616C91EE00AA965378382 ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
11:42:20.0319 0x0e1c  NOBU - ok
11:42:20.0389 0x0e1c  [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] NPF             C:\Windows\system32\drivers\npf.sys
11:42:20.0399 0x0e1c  NPF - ok
11:42:20.0419 0x0e1c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:42:20.0459 0x0e1c  Npfs - ok
11:42:20.0469 0x0e1c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
11:42:20.0509 0x0e1c  nsi - ok
11:42:20.0529 0x0e1c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:42:20.0569 0x0e1c  nsiproxy - ok
11:42:20.0639 0x0e1c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:42:20.0709 0x0e1c  Ntfs - ok
11:42:20.0729 0x0e1c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
11:42:20.0769 0x0e1c  Null - ok
11:42:20.0799 0x0e1c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:42:20.0819 0x0e1c  nvraid - ok
11:42:20.0859 0x0e1c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:42:20.0879 0x0e1c  nvstor - ok
11:42:20.0899 0x0e1c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:42:20.0909 0x0e1c  nv_agp - ok
11:42:21.0079 0x0e1c  [ 5239571EC40C990C6FC4B03685D56777, DF252AF0ACB2E3792892E4589F06ECE09F4B6EECE7CCBBD0E438BBB8B7FB472C ] OfficeSvc       C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
11:42:21.0139 0x0e1c  OfficeSvc - ok
11:42:21.0149 0x0e1c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:42:21.0179 0x0e1c  ohci1394 - ok
11:42:21.0260 0x0e1c  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:42:21.0290 0x0e1c  ose - ok
11:42:21.0480 0x0e1c  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:42:21.0590 0x0e1c  osppsvc - ok
11:42:21.0630 0x0e1c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:42:21.0670 0x0e1c  p2pimsvc - ok
11:42:21.0710 0x0e1c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
11:42:21.0760 0x0e1c  p2psvc - ok
11:42:21.0770 0x0e1c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
11:42:21.0810 0x0e1c  Parport - ok
11:42:21.0830 0x0e1c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:42:21.0840 0x0e1c  partmgr - ok
11:42:21.0880 0x0e1c  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:42:21.0930 0x0e1c  PcaSvc - ok
11:42:21.0950 0x0e1c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
11:42:21.0970 0x0e1c  pci - ok
11:42:21.0990 0x0e1c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
11:42:22.0000 0x0e1c  pciide - ok
11:42:22.0020 0x0e1c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
11:42:22.0040 0x0e1c  pcmcia - ok
11:42:22.0050 0x0e1c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
11:42:22.0060 0x0e1c  pcw - ok
11:42:22.0170 0x0e1c  [ 20372BE109FEE1C37E2D5216680DB9EB, 2C3737FB3C6BCF81D0A7293667412DDEA649A8AEA40B7ADCFCB9893E8B3C4AF3 ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
11:42:22.0200 0x0e1c  PDF Architect Helper Service - ok
11:42:22.0250 0x0e1c  [ B90A279073A815A4AA2C45A09EE004FA, 9EA27630C47F5FF99CBBE513C113F3ED01FABA0D59B9D9637764027BCC6EA24A ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
11:42:22.0270 0x0e1c  PDF Architect Service - ok
11:42:22.0310 0x0e1c  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:42:22.0340 0x0e1c  PEAUTH - ok
11:42:22.0440 0x0e1c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
11:42:22.0480 0x0e1c  PerfHost - ok
11:42:22.0550 0x0e1c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
11:42:22.0660 0x0e1c  pla - ok
11:42:22.0700 0x0e1c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:42:22.0730 0x0e1c  PlugPlay - ok
11:42:22.0740 0x0e1c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
11:42:22.0770 0x0e1c  PNRPAutoReg - ok
11:42:22.0800 0x0e1c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
11:42:22.0820 0x0e1c  PNRPsvc - ok
11:42:22.0840 0x0e1c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:42:22.0900 0x0e1c  PolicyAgent - ok
11:42:22.0930 0x0e1c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
11:42:22.0960 0x0e1c  Power - ok
11:42:22.0980 0x0e1c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:42:23.0020 0x0e1c  PptpMiniport - ok
11:42:23.0040 0x0e1c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
11:42:23.0050 0x0e1c  Processor - ok
11:42:23.0090 0x0e1c  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
11:42:23.0130 0x0e1c  ProfSvc - ok
11:42:23.0150 0x0e1c  [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:42:23.0160 0x0e1c  ProtectedStorage - ok
11:42:23.0170 0x0e1c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:42:23.0220 0x0e1c  Psched - ok
11:42:23.0260 0x0e1c  [ 543A4EF0923BF70D126625B034EF25AF, 9CC82C5221F11850419A796D48D5452B3DEE0C8E8E85A818F4AAA869673F9740 ] PSI_SVC_2       c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
11:42:23.0270 0x0e1c  PSI_SVC_2 - ok
11:42:23.0340 0x0e1c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
11:42:23.0410 0x0e1c  ql2300 - ok
11:42:23.0450 0x0e1c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
11:42:23.0470 0x0e1c  ql40xx - ok
11:42:23.0490 0x0e1c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
11:42:23.0520 0x0e1c  QWAVE - ok
11:42:23.0530 0x0e1c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:42:23.0540 0x0e1c  QWAVEdrv - ok
11:42:23.0560 0x0e1c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:42:23.0600 0x0e1c  RasAcd - ok
11:42:23.0630 0x0e1c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
11:42:23.0660 0x0e1c  RasAgileVpn - ok
11:42:23.0680 0x0e1c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
11:42:23.0710 0x0e1c  RasAuto - ok
11:42:23.0730 0x0e1c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:42:23.0770 0x0e1c  Rasl2tp - ok
11:42:23.0810 0x0e1c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
11:42:23.0840 0x0e1c  RasMan - ok
11:42:23.0860 0x0e1c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:42:23.0920 0x0e1c  RasPppoe - ok
11:42:23.0960 0x0e1c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:42:24.0000 0x0e1c  RasSstp - ok
11:42:24.0030 0x0e1c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:42:24.0070 0x0e1c  rdbss - ok
11:42:24.0080 0x0e1c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
11:42:24.0110 0x0e1c  rdpbus - ok
11:42:24.0130 0x0e1c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:42:24.0170 0x0e1c  RDPCDD - ok
11:42:24.0200 0x0e1c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:42:24.0240 0x0e1c  RDPENCDD - ok
11:42:24.0260 0x0e1c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:42:24.0290 0x0e1c  RDPREFMP - ok
11:42:24.0410 0x0e1c  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
11:42:24.0450 0x0e1c  RdpVideoMiniport - ok
11:42:24.0480 0x0e1c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:42:24.0500 0x0e1c  RDPWD - ok
11:42:24.0530 0x0e1c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:42:24.0540 0x0e1c  rdyboost - ok
11:42:24.0570 0x0e1c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:42:24.0600 0x0e1c  RemoteAccess - ok
11:42:24.0630 0x0e1c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:42:24.0660 0x0e1c  RemoteRegistry - ok
11:42:24.0690 0x0e1c  [ 6D850FAD4CC9498D1F382B77BA4035CC, 689B8D90BFA404F2ABEF3F7CD098382DAA81A4CF6BF3784C9CC24DAF33F10660 ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
11:42:24.0720 0x0e1c  RimUsb - ok
11:42:24.0760 0x0e1c  [ 344604E6913BD6E4EAEC34AF2E0943D7, 4ADFE13AFECD0F263A27F647FC6BA1AB47B2A28F9D70FCAC90F23D0A2FB8C493 ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
11:42:24.0800 0x0e1c  RimVSerPort - ok
11:42:24.0820 0x0e1c  [ 388D3DD1A6457280F3BADBA9F3ACD6B1, 5C534EA15195B1301C917904627AF09FE2ABA3FEE1641B5C87E8F3191BC49058 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
11:42:24.0860 0x0e1c  ROOTMODEM - ok
11:42:24.0930 0x0e1c  [ 83A6C2CAFE236652D1559640594A0EA8, 52360F17C9C70C9CEA3316560B40C4D89FD705ED7E6B6088C99FC54D4CC35EB5 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
11:42:24.0970 0x0e1c  rpcapd - ok
11:42:24.0990 0x0e1c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:42:25.0050 0x0e1c  RpcEptMapper - ok
11:42:25.0080 0x0e1c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
11:42:25.0090 0x0e1c  RpcLocator - ok
11:42:25.0110 0x0e1c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
11:42:25.0140 0x0e1c  RpcSs - ok
11:42:25.0150 0x0e1c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:42:25.0190 0x0e1c  rspndr - ok
11:42:25.0210 0x0e1c  [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] SamSs           C:\Windows\system32\lsass.exe
11:42:25.0220 0x0e1c  SamSs - ok
11:42:25.0230 0x0e1c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:42:25.0240 0x0e1c  sbp2port - ok
11:42:25.0270 0x0e1c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:42:25.0320 0x0e1c  SCardSvr - ok
11:42:25.0350 0x0e1c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:42:25.0390 0x0e1c  scfilter - ok
11:42:25.0440 0x0e1c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
11:42:25.0510 0x0e1c  Schedule - ok
11:42:25.0540 0x0e1c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:42:25.0560 0x0e1c  SCPolicySvc - ok
11:42:25.0570 0x0e1c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:42:25.0620 0x0e1c  SDRSVC - ok
11:42:25.0640 0x0e1c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:42:25.0680 0x0e1c  secdrv - ok
11:42:25.0700 0x0e1c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
11:42:25.0730 0x0e1c  seclogon - ok
11:42:25.0750 0x0e1c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
11:42:25.0780 0x0e1c  SENS - ok
11:42:25.0790 0x0e1c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:42:25.0830 0x0e1c  SensrSvc - ok
11:42:25.0850 0x0e1c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
11:42:25.0860 0x0e1c  Serenum - ok
11:42:25.0890 0x0e1c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
11:42:25.0910 0x0e1c  Serial - ok
11:42:25.0940 0x0e1c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
11:42:25.0950 0x0e1c  sermouse - ok
11:42:25.0980 0x0e1c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
11:42:26.0020 0x0e1c  SessionEnv - ok
11:42:26.0020 0x0e1c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:42:26.0030 0x0e1c  sffdisk - ok
11:42:26.0040 0x0e1c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:42:26.0060 0x0e1c  sffp_mmc - ok
11:42:26.0060 0x0e1c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:42:26.0080 0x0e1c  sffp_sd - ok
11:42:26.0090 0x0e1c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
11:42:26.0110 0x0e1c  sfloppy - ok
11:42:26.0150 0x0e1c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:42:26.0200 0x0e1c  SharedAccess - ok
11:42:26.0230 0x0e1c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:42:26.0260 0x0e1c  ShellHWDetection - ok
11:42:26.0270 0x0e1c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
11:42:26.0280 0x0e1c  SiSRaid2 - ok
11:42:26.0300 0x0e1c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
11:42:26.0310 0x0e1c  SiSRaid4 - ok
11:42:26.0410 0x0e1c  [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
11:42:26.0450 0x0e1c  SkypeUpdate - ok
11:42:26.0480 0x0e1c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:42:26.0500 0x0e1c  Smb - ok
11:42:26.0560 0x0e1c  [ F26AAD9ADFC9B62AC59A004A913C92DA, BECD2B5E4A99F31A4BE28D9535A49BE517DD9F94A7A0C122A8FAEA4382C62595 ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
11:42:26.0580 0x0e1c  snapman - ok
11:42:26.0610 0x0e1c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:42:26.0650 0x0e1c  SNMPTRAP - ok
11:42:26.0670 0x0e1c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:42:26.0680 0x0e1c  spldr - ok
11:42:26.0720 0x0e1c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
11:42:26.0770 0x0e1c  Spooler - ok
11:42:26.0870 0x0e1c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
11:42:27.0030 0x0e1c  sppsvc - ok
11:42:27.0040 0x0e1c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
11:42:27.0090 0x0e1c  sppuinotify - ok
11:42:27.0120 0x0e1c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:42:27.0170 0x0e1c  srv - ok
11:42:27.0190 0x0e1c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:42:27.0230 0x0e1c  srv2 - ok
11:42:27.0250 0x0e1c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:42:27.0290 0x0e1c  srvnet - ok
11:42:27.0320 0x0e1c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:42:27.0370 0x0e1c  SSDPSRV - ok
11:42:27.0390 0x0e1c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:42:27.0420 0x0e1c  SstpSvc - ok
11:42:27.0470 0x0e1c  [ 91310683D7B6B292B746D60734B59322, 2C56C3E4AA7356FB544B52F80ABDA39A80473390CB2059C69BDCCAD40FE56325 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
11:42:27.0490 0x0e1c  ssudmdm - ok
11:42:27.0640 0x0e1c  [ 9DA3B55B17B54789AFB8C657D4ACE4D7, 5E4599E682327E3B8097A88A69ED73F96254A29054744D5DFB782054863F131E ] ss_conn_service C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
11:42:27.0670 0x0e1c  ss_conn_service - ok
11:42:27.0710 0x0e1c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
11:42:27.0720 0x0e1c  stexstor - ok
11:42:27.0760 0x0e1c  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\drivers\serscan.sys
11:42:27.0810 0x0e1c  StillCam - ok
11:42:27.0840 0x0e1c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
11:42:27.0900 0x0e1c  stisvc - ok
11:42:27.0920 0x0e1c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
11:42:27.0930 0x0e1c  swenum - ok
11:42:27.0960 0x0e1c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
11:42:28.0020 0x0e1c  swprv - ok
11:42:28.0250 0x0e1c  [ 9AD49345CBCAFB82DBE0CC9CDD55E3D2, 64B43B25F1E45EC46E383063F17FDD2A6548C563F24CB6D024AA7AD039A0FC89 ] syncagentsrv    C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
11:42:28.0360 0x0e1c  syncagentsrv - ok
11:42:28.0420 0x0e1c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
11:42:28.0500 0x0e1c  SysMain - ok
11:42:28.0520 0x0e1c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:42:28.0540 0x0e1c  TabletInputService - ok
11:42:28.0570 0x0e1c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:42:28.0620 0x0e1c  TapiSrv - ok
11:42:28.0640 0x0e1c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
11:42:28.0670 0x0e1c  TBS - ok
11:42:28.0770 0x0e1c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:42:28.0890 0x0e1c  Tcpip - ok
11:42:28.0950 0x0e1c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:42:28.0980 0x0e1c  TCPIP6 - ok
11:42:29.0020 0x0e1c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:42:29.0030 0x0e1c  tcpipreg - ok
11:42:29.0050 0x0e1c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:42:29.0090 0x0e1c  TDPIPE - ok
11:42:29.0170 0x0e1c  [ 7BC43335C778370FD0040D5224D8EDEB, 2CE371C9E255EF524E441A4F8D35404D7546E3B5C54D28D3A49FC724447AB61F ] tdrpman         C:\Windows\system32\DRIVERS\tdrpman.sys
11:42:29.0230 0x0e1c  tdrpman - ok
11:42:29.0260 0x0e1c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:42:29.0290 0x0e1c  TDTCP - ok
11:42:29.0330 0x0e1c  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:42:29.0380 0x0e1c  tdx - ok
11:42:29.0400 0x0e1c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
11:42:29.0410 0x0e1c  TermDD - ok
11:42:29.0470 0x0e1c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
11:42:29.0510 0x0e1c  TermService - ok
11:42:29.0540 0x0e1c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
11:42:29.0550 0x0e1c  Themes - ok
11:42:29.0570 0x0e1c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
11:42:29.0590 0x0e1c  THREADORDER - ok
11:42:29.0650 0x0e1c  [ 7D68EAB50DF8B71408B645BA8581800E, 3EA2B9E834318FB006761D25BC314387F319C59DAF81A4101DB2D292EC56AAF8 ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
11:42:29.0690 0x0e1c  timounter - ok
11:42:29.0710 0x0e1c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
11:42:29.0750 0x0e1c  TrkWks - ok
11:42:29.0800 0x0e1c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:42:29.0850 0x0e1c  TrustedInstaller - ok
11:42:29.0880 0x0e1c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:42:29.0910 0x0e1c  tssecsrv - ok
11:42:29.0940 0x0e1c  [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
11:42:29.0970 0x0e1c  TsUsbFlt - ok
11:42:30.0010 0x0e1c  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
11:42:30.0040 0x0e1c  TsUsbGD - ok
11:42:30.0080 0x0e1c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:42:30.0110 0x0e1c  tunnel - ok
11:42:30.0130 0x0e1c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
11:42:30.0140 0x0e1c  uagp35 - ok
11:42:30.0160 0x0e1c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:42:30.0200 0x0e1c  udfs - ok
11:42:30.0230 0x0e1c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:42:30.0240 0x0e1c  UI0Detect - ok
11:42:30.0260 0x0e1c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:42:30.0270 0x0e1c  uliagpkx - ok
11:42:30.0290 0x0e1c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
11:42:30.0300 0x0e1c  umbus - ok
11:42:30.0330 0x0e1c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
11:42:30.0340 0x0e1c  UmPass - ok
11:42:30.0440 0x0e1c  [ 7E5E1603D0FF2D240AE70295C5C3FEFC, 1E5F8E415ACE3C6DFBE636473DBE051329174F2A085516B6FC1515A54014D02B ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
11:42:30.0500 0x0e1c  UNS - ok
11:42:30.0520 0x0e1c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
11:42:30.0560 0x0e1c  upnphost - ok
11:42:30.0600 0x0e1c  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
11:42:30.0620 0x0e1c  USBAAPL64 - ok
11:42:30.0670 0x0e1c  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
11:42:30.0710 0x0e1c  usbaudio - ok
11:42:30.0760 0x0e1c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:42:30.0790 0x0e1c  usbccgp - ok
11:42:30.0830 0x0e1c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:42:30.0880 0x0e1c  usbcir - ok
11:42:30.0900 0x0e1c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
11:42:30.0930 0x0e1c  usbehci - ok
11:42:30.0960 0x0e1c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:42:30.0990 0x0e1c  usbhub - ok
11:42:31.0010 0x0e1c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
11:42:31.0040 0x0e1c  usbohci - ok
11:42:31.0060 0x0e1c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:42:31.0070 0x0e1c  usbprint - ok
11:42:31.0100 0x0e1c  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
11:42:31.0130 0x0e1c  usbscan - ok
11:42:31.0150 0x0e1c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:42:31.0200 0x0e1c  USBSTOR - ok
11:42:31.0220 0x0e1c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
11:42:31.0240 0x0e1c  usbuhci - ok
11:42:31.0290 0x0e1c  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
11:42:31.0310 0x0e1c  usbvideo - ok
11:42:31.0330 0x0e1c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
11:42:31.0370 0x0e1c  UxSms - ok
11:42:31.0390 0x0e1c  [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] VaultSvc        C:\Windows\system32\lsass.exe
11:42:31.0390 0x0e1c  VaultSvc - ok
11:42:31.0400 0x0e1c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
11:42:31.0410 0x0e1c  vdrvroot - ok
11:42:31.0440 0x0e1c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
11:42:31.0490 0x0e1c  vds - ok
11:42:31.0510 0x0e1c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:42:31.0520 0x0e1c  vga - ok
11:42:31.0530 0x0e1c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:42:31.0570 0x0e1c  VgaSave - ok
11:42:31.0590 0x0e1c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
11:42:31.0610 0x0e1c  vhdmp - ok
11:42:31.0650 0x0e1c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
11:42:31.0660 0x0e1c  viaide - ok
11:42:31.0670 0x0e1c  [ ACBCBD8421920D20F1F40B6F76A4C213, 4BF6684BBB4107C638DB8A34154234A0179130D489CB1B5CC15C24240454CB86 ] vididr          C:\Windows\system32\DRIVERS\vididr.sys
11:42:31.0690 0x0e1c  vididr - ok
11:42:31.0750 0x0e1c  [ 905DD422D28A32FACE8AE695B3823843, 7C3742B668CE02B9229A366EC5F2EDADD613ECDCD035FF8A2E6D1DA4406715FC ] vidsflt67       C:\Windows\system32\DRIVERS\vsflt67.sys
11:42:31.0760 0x0e1c  vidsflt67 - ok
11:42:31.0780 0x0e1c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:42:31.0790 0x0e1c  volmgr - ok
11:42:31.0810 0x0e1c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:42:31.0840 0x0e1c  volmgrx - ok
11:42:31.0850 0x0e1c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:42:31.0870 0x0e1c  volsnap - ok
11:42:31.0900 0x0e1c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
11:42:31.0910 0x0e1c  vsmraid - ok
11:42:31.0970 0x0e1c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
11:42:32.0060 0x0e1c  VSS - ok
11:42:32.0090 0x0e1c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
11:42:32.0100 0x0e1c  vwifibus - ok
11:42:32.0120 0x0e1c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
11:42:32.0130 0x0e1c  vwififlt - ok
11:42:32.0220 0x0e1c  [ 07E6731FF9399A3B72D64150D4C5F71A, 8D12F4160E661C5AB6184A917924F7863E31F0739803E59A12F85558DE1A14B8 ] VX6000          C:\Windows\system32\DRIVERS\VX6000Xp.sys
11:42:32.0330 0x0e1c  VX6000 - ok
11:42:32.0360 0x0e1c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
11:42:32.0430 0x0e1c  W32Time - ok
11:42:32.0440 0x0e1c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
11:42:32.0470 0x0e1c  WacomPen - ok
11:42:32.0500 0x0e1c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:42:32.0530 0x0e1c  WANARP - ok
11:42:32.0530 0x0e1c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:42:32.0550 0x0e1c  Wanarpv6 - ok
11:42:32.0660 0x0e1c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
11:42:32.0730 0x0e1c  WatAdminSvc - ok
11:42:32.0790 0x0e1c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
11:42:32.0900 0x0e1c  wbengine - ok
11:42:32.0930 0x0e1c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:42:32.0970 0x0e1c  WbioSrvc - ok
11:42:32.0990 0x0e1c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:42:33.0020 0x0e1c  wcncsvc - ok
11:42:33.0040 0x0e1c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:42:33.0090 0x0e1c  WcsPlugInService - ok
11:42:33.0100 0x0e1c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
11:42:33.0110 0x0e1c  Wd - ok
11:42:33.0150 0x0e1c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:42:33.0190 0x0e1c  Wdf01000 - ok
11:42:33.0220 0x0e1c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:42:33.0250 0x0e1c  WdiServiceHost - ok
11:42:33.0250 0x0e1c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:42:33.0260 0x0e1c  WdiSystemHost - ok
11:42:33.0300 0x0e1c  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
11:42:33.0350 0x0e1c  WebClient - ok
11:42:33.0370 0x0e1c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:42:33.0420 0x0e1c  Wecsvc - ok
11:42:33.0440 0x0e1c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:42:33.0470 0x0e1c  wercplsupport - ok
11:42:33.0490 0x0e1c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:42:33.0510 0x0e1c  WerSvc - ok
11:42:33.0520 0x0e1c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:42:33.0540 0x0e1c  WfpLwf - ok
11:42:33.0550 0x0e1c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:42:33.0560 0x0e1c  WIMMount - ok
11:42:33.0580 0x0e1c  WinDefend - ok
11:42:33.0600 0x0e1c  WinHttpAutoProxySvc - ok
11:42:33.0640 0x0e1c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:42:33.0700 0x0e1c  Winmgmt - ok
11:42:33.0780 0x0e1c  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
11:42:33.0940 0x0e1c  WinRM - ok
11:42:33.0980 0x0e1c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
11:42:34.0000 0x0e1c  WinUsb - ok
11:42:34.0040 0x0e1c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:42:34.0100 0x0e1c  Wlansvc - ok
11:42:34.0180 0x0e1c  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:42:34.0190 0x0e1c  wlcrasvc - ok
11:42:34.0310 0x0e1c  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:42:34.0350 0x0e1c  wlidsvc - ok
11:42:34.0360 0x0e1c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
11:42:34.0390 0x0e1c  WmiAcpi - ok
11:42:34.0430 0x0e1c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:42:34.0460 0x0e1c  wmiApSrv - ok
11:42:34.0480 0x0e1c  WMPNetworkSvc - ok
11:42:34.0490 0x0e1c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:42:34.0520 0x0e1c  WPCSvc - ok
11:42:34.0530 0x0e1c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:42:34.0570 0x0e1c  WPDBusEnum - ok
11:42:34.0580 0x0e1c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:42:34.0610 0x0e1c  ws2ifsl - ok
11:42:34.0620 0x0e1c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
11:42:34.0640 0x0e1c  wscsvc - ok
11:42:34.0670 0x0e1c  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
11:42:34.0680 0x0e1c  WSDPrintDevice - ok
11:42:34.0690 0x0e1c  WSearch - ok
11:42:34.0780 0x0e1c  [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv        C:\Windows\system32\wuaueng.dll
11:42:34.0930 0x0e1c  wuauserv - ok
11:42:34.0960 0x0e1c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:42:34.0980 0x0e1c  WudfPf - ok
11:42:35.0010 0x0e1c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:42:35.0040 0x0e1c  WUDFRd - ok
11:42:35.0070 0x0e1c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:42:35.0090 0x0e1c  wudfsvc - ok
11:42:35.0120 0x0e1c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
11:42:35.0170 0x0e1c  WwanSvc - ok
11:42:35.0190 0x0e1c  ================ Scan global ===============================
11:42:35.0210 0x0e1c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
11:42:35.0230 0x0e1c  [ EA32F4EA3AE06EDD122FBCD5A489E457, C6E464170121D1714A367CFC80C5EA15D42AD34909039FDB114EAD3B878A47F6 ] C:\Windows\system32\winsrv.dll
11:42:35.0240 0x0e1c  [ EA32F4EA3AE06EDD122FBCD5A489E457, C6E464170121D1714A367CFC80C5EA15D42AD34909039FDB114EAD3B878A47F6 ] C:\Windows\system32\winsrv.dll
11:42:35.0261 0x0e1c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
11:42:35.0281 0x0e1c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
11:42:35.0291 0x0e1c  [ Global ] - ok
11:42:35.0291 0x0e1c  ================ Scan MBR ==================================
11:42:35.0301 0x0e1c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:42:35.0591 0x0e1c  \Device\Harddisk0\DR0 - ok
11:42:35.0591 0x0e1c  [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk4\DR4
11:42:35.0831 0x0e1c  \Device\Harddisk4\DR4 - ok
11:42:35.0831 0x0e1c  ================ Scan VBR ==================================
11:42:35.0831 0x0e1c  [ 50201ACF21AC0AE206E9511EF933E2B5 ] \Device\Harddisk0\DR0\Partition1
11:42:35.0851 0x0e1c  \Device\Harddisk0\DR0\Partition1 - ok
11:42:35.0851 0x0e1c  [ 85B9FDA5F195E1743F7E1CED94E472EB ] \Device\Harddisk0\DR0\Partition2
11:42:35.0861 0x0e1c  \Device\Harddisk0\DR0\Partition2 - ok
11:42:35.0861 0x0e1c  [ 62F6CFE750883C60404DCC31989DFFF2 ] \Device\Harddisk0\DR0\Partition3
11:42:35.0861 0x0e1c  \Device\Harddisk0\DR0\Partition3 - ok
11:42:35.0871 0x0e1c  [ 1126086D1A74738828BDCB6DB1488D15 ] \Device\Harddisk4\DR4\Partition1
11:42:35.0871 0x0e1c  \Device\Harddisk4\DR4\Partition1 - ok
11:42:35.0871 0x0e1c  ================ Scan generic autorun ======================
11:42:36.0201 0x0e1c  [ B70154747BEB45DAAB358C802F7A9142, 00AD5A8EE5FEDF8D97D6D623362282AEAF8684776D370705659E8526D1E7B57C ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
11:42:36.0401 0x0e1c  RtHDVCpl - ok
11:42:36.0451 0x0e1c  [ 30890F842E7D5026A41C49AEA1207B2D, F8E0C49852A07EE01C9DA394FAB9532C42470711CAA1C03EF9CF49AACD1B898B ] C:\Windows\vVX6000.exe
11:42:36.0461 0x0e1c  VX6000 - ok
11:42:36.0521 0x0e1c  [ 9654FC42A5FBF7EAEB112FD890485E14, 7314D9942CE7D2EFCF9EA8B58A90A3D1B6AE75E055F649E3214DD76319F7FC45 ] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
11:42:36.0531 0x0e1c  Acronis Scheduler2 Service - ok
11:42:36.0601 0x0e1c  [ FF0FAB199882C00D6DC54CA035865C49, BF4D65D96F8DC0057042C2A4B70106D156B0D13C75839935BC9051089363C495 ] C:\Program Files\iTunes\iTunesHelper.exe
11:42:36.0611 0x0e1c  iTunesHelper - ok
11:42:36.0641 0x0e1c  [ 177B43D22BF388B0D5ED8DD39D51604B, 04C0E713B258A5E152620B4DAB08F68B495F15D25E5097603EE2CB4038B92EDA ] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
11:42:36.0651 0x0e1c  SuiteTray - ok
11:42:36.0691 0x0e1c  [ 7540A112B052AC8DB4BC02F1039B235B, BD32CA1FB07AB0544A41921702B55D41F3302837449916908F1011C5A66FAACB ] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
11:42:36.0701 0x0e1c  EgisTecPMMUpdate - ok
11:42:36.0721 0x0e1c  [ 6A8ABD13B2C30DED1125919576AA5E59, 4A41E03D044C0F0CDC86ABA1BBA8EE548E71D1E7096A811427F7950E96F13399 ] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
11:42:36.0731 0x0e1c  EgisUpdate - ok
11:42:36.0771 0x0e1c  [ D3E69D500466C17498AAF7F83D12FFF0, F5723FC28396489EADDDCAD67A0E46B56D859590823E3CFA7254BA6709DC5AE6 ] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
11:42:36.0821 0x0e1c  Norton Online Backup - ok
11:42:36.0891 0x0e1c  [ D023BA081C44B44FDB19C890283882B5, ECD568F43D1AF99202A1FA721D55B9C80823FC03C86B52F6D24CBDE23592A5D2 ] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
11:42:36.0901 0x0e1c  ArcadeMovieService - ok
11:42:36.0931 0x0e1c  [ 278C64B644C224B28E601381103811A6, FF80C2DCDBB6954C84223B01B430A3A250A3937E6A77AD63627C1BDD94E86C6B ] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
11:42:36.0951 0x0e1c  Hotkey Utility - ok
11:42:37.0061 0x0e1c  [ 504C916D52ABA407FD4DC1E709AEA71E, 8F279620247481F28DF7D9FD4A81173396E39EB807E24587E89CAF1172CC846C ] C:\Program Files (x86)\avmwlanstick\wlangui.exe
11:42:37.0131 0x0e1c  AVMWlanClient - detected UnsignedFile.Multi.Generic ( 1 )
11:42:39.0821 0x0e1c  Detect skipped due to KSN trusted
11:42:39.0821 0x0e1c  AVMWlanClient - ok
11:42:39.0891 0x0e1c  [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
11:42:39.0931 0x0e1c  BCSSync - ok
11:42:39.0971 0x0e1c  [ FA87C6A22F3339B9EDC2F2079BC1E996, 86084094C9576D0BF48B299E048649D930214EDEC9B7462C9242D360A720AB00 ] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
11:42:40.0011 0x0e1c  LifeCam - ok
11:42:40.0211 0x0e1c  [ 40D3A1563D808FF10A27352C5EB05C33, EB8325073678F31F6713EE6E185BBA0219C2C9FE6E383068DAF10B5EECC0C405 ] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
11:42:40.0321 0x0e1c  TrueImageMonitor.exe - ok
11:42:40.0401 0x0e1c  [ BED38B0ADFF5F5CC6E988A6491017E83, B2C0EFDEC9320D7EB5882F244E5ACF11A61C1A0AFED83D080C8BB8F7F1AC7E79 ] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
11:42:40.0411 0x0e1c  RIMBBLaunchAgent.exe - ok
11:42:40.0451 0x0e1c  [ 5F5B8AC273DB64B16C761189BF94065A, CA2182E7545E54361107DD3C33D022D8FE4A23EFFBB90E56B5B528FA8A058186 ] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
11:42:40.0471 0x0e1c  AcronisTimounterMonitor - ok
11:42:40.0611 0x0e1c  [ C8D2344DAED56FCE1504D006669F2F34, 4BD6D75E94D7171D9248BBFA3696C53317FBEEA556396564B60B9A84E374B465 ] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
11:42:40.0651 0x0e1c  DivXMediaServer - ok
11:42:40.0821 0x0e1c  [ 3E23D1F7E91627DBD44AC82077E2BA7C, 09235370B85EF5FEA24F1291B9ADAD805C8D7357A78EF8CE3BA0E913F59145EC ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
11:42:40.0831 0x0e1c  avgnt - ok
11:42:40.0921 0x0e1c  [ 4CB7CEE3F7540B0BEDBD158D75F06509, 73348467A976AF06928B402E12A622BB1B5BD8BB2AC6446117E1FD1EEAFED217 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
11:42:41.0011 0x0e1c  StartCCC - ok
11:42:41.0071 0x0e1c  [ 5DC17B47CCA5E655F8359111A5BCB4A1, 7A343995DE90C4D3BEBB2D09534D83B7ACFBB3F1C4B552A0BCE7C521DF4A2766 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
11:42:41.0091 0x0e1c  APSDaemon - ok
11:42:41.0191 0x0e1c  [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
11:42:41.0251 0x0e1c  Adobe ARM - ok
11:42:41.0361 0x0e1c  [ 53EBC5A93B96B8590BC7F02D7316A9EE, 40E2FF18A57128A197502A2D52808F326C4250B0CE9C310232A92139AF039D89 ] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
11:42:41.0371 0x0e1c  KiesTrayAgent - ok
11:42:41.0551 0x0e1c  [ 16AFB34618E1286FF856DC600AC49C79, 431EC110507685A0F4472EAE35383B4C1E3DC0B56E01CDECFB18F753181DC995 ] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
11:42:41.0601 0x0e1c  DivXUpdate - ok
11:42:41.0671 0x0e1c  [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
11:42:41.0681 0x0e1c  HP Software Update - ok
11:42:41.0751 0x0e1c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
11:42:41.0821 0x0e1c  Sidebar - ok
11:42:41.0841 0x0e1c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
11:42:41.0851 0x0e1c  mctadmin - ok
11:42:41.0851 0x0e1c  IsMyWinLockerReboot - ok
11:42:41.0881 0x0e1c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
11:42:41.0911 0x0e1c  Sidebar - ok
11:42:41.0911 0x0e1c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
11:42:41.0921 0x0e1c  mctadmin - ok
11:42:41.0931 0x0e1c  IsMyWinLockerReboot - ok
11:42:42.0001 0x0e1c  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
11:42:42.0071 0x0e1c  Sidebar - ok
11:42:42.0121 0x0e1c  [ 168531BB1255C1B45DF47694409F9DE1, DB8AD75FA5A4D455FE220E2D8940572D08490D5E6535F7EF2C94C1DFAC2D7CA2 ] C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
11:42:42.0141 0x0e1c  OfficeSyncProcess - ok
11:42:42.0291 0x0e1c  [ 24B1666FD14CC71C7B0679AC61625B90, 4243F0B91BF9EAB365BBC724F5984FEB3AD74DF91EAF15F36A44DEA0AEDB7D20 ] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
11:42:42.0371 0x0e1c  msnmsgr - ok
11:42:42.0701 0x0e1c  [ E845B2A28F140F258602AF50D7C707C2, DDDC4005CEF160EF8EFD72707E350503ED30858D114E135A3D65DD40AE5C2F99 ] C:\Program Files (x86)\OTRHomeloader\OTRHomeloader.exe
11:42:42.0791 0x0e1c  OTR Homeloader - detected UnsignedFile.Multi.Generic ( 1 )
11:42:45.0351 0x0e1c  OTR Homeloader ( UnsignedFile.Multi.Generic ) - warning
11:42:47.0901 0x0e1c  [ 8C3D31B1A374F8B909A749C0195BE779, 7309DD85C2F77EF8998B477F708B87BA90FDFE8A836DEFC2218E345CFFB989AA ] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
11:42:47.0981 0x0e1c  KiesPDLR - ok
11:42:48.0071 0x0e1c  [ 99C03F5D726A415253DBF09AFDA0A72E, 860DEF308AA90385763AF0F91F9CEFC3AFDB3C7DFB317B4A5C94429FD0F9707E ] C:\Program Files (x86)\Samsung\Kies\Kies.exe
11:42:48.0101 0x0e1c  KiesPreload - ok
11:42:48.0171 0x0e1c  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
11:42:48.0201 0x0e1c  swg - ok
11:42:48.0241 0x0e1c  [ B22CB67919EBAD88B0E8BB9CDA446010, 2F744FEAC48EDE7D6B6D2727F7DDFA80B26D9E3B0009741B00992B19AD85E128 ] C:\Windows\System32\StikyNot.exe
11:42:48.0271 0x0e1c  RESTART_STICKY_NOTES - ok
11:42:48.0321 0x0e1c  Skype - ok
11:42:48.0411 0x0e1c  [ BA4E2510958244BEB4CAAB5430FAA994, 2D0ACCC1F0DD24CCB217EE54C5E16596635FC197AC8442B6E2C6D4637F063474 ] C:\Users\Michael\AppData\Roaming\Seal One\SealOne.exe
11:42:48.0451 0x0e1c  SealOne - ok
11:42:49.0422 0x0e1c  [ C7C42AC946E25EC04BC671516A347FF9, 03DCB98F1764862A0DFC1B3A6CD34BA583DA512E8E4556E891A228832C0F8DE1 ] C:\Users\Michael\AppData\Local\Amazon Music\Amazon Music Helper.exe
11:42:49.0552 0x0e1c  Amazon Music - ok
11:42:49.0602 0x0e1c  GoogleDriveSync - ok
11:42:49.0752 0x0e1c  [ EC58C1A9A3281CE0C8FCC05BDBFECB37, 3738BBC112346B32F686F1CB4B4AAD89B06AA1F8FB2D333BC2D2F554212A0A59 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
11:42:49.0782 0x0e1c  iCloudServices - ok
11:42:49.0902 0x0e1c  [ BE7B5CF20BEFEF6D61158C1108D0D1BA, C40807EF3D4D2EFFEC206F3085500908ABB71C3FE9BFF37DA933FE1841863EF9 ] C:\Program Files (x86)\Garmin\Express Tray\tray.exe
11:42:49.0982 0x0e1c  GarminExpressTrayApp - ok
11:42:50.0022 0x0e1c  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
11:42:50.0052 0x0e1c  Sidebar - ok
11:42:50.0062 0x0e1c  Skype - ok
11:42:50.0172 0x0e1c  [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe
11:42:50.0292 0x0e1c  HP Officejet Pro 8500 A910 (NET) - ok
11:42:50.0312 0x0e1c  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
11:42:50.0312 0x0e1c  swg - ok
11:42:50.0312 0x0e1c  Waiting for KSN requests completion. In queue: 10
11:42:51.0312 0x0e1c  Waiting for KSN requests completion. In queue: 10
11:42:52.0312 0x0e1c  Waiting for KSN requests completion. In queue: 10
11:42:53.0652 0x0e1c  AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.9.460 ), 0x41000 ( enabled : updated )
11:42:53.0662 0x0e1c  FW detected via SS2: FireWall, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.9.460 ), 0x40010 ( disabled )
11:42:53.0662 0x0e1c  Win FW state via NFP2: enabled
11:42:56.0172 0x0e1c  ============================================================
11:42:56.0172 0x0e1c  Scan finished
11:42:56.0172 0x0e1c  ============================================================
11:42:56.0172 0x1c6c  Detected object count: 1
11:42:56.0172 0x1c6c  Actual detected object count: 1
12:15:32.0736 0x1c6c  OTR Homeloader ( UnsignedFile.Multi.Generic ) - skipped by user
12:15:32.0736 0x1c6c  OTR Homeloader ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 11.05.2015, 09:39   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Positiver Befall mit 4 Trojanern unter Windows7 #1 - Standard

Positiver Befall mit 4 Trojanern unter Windows7 #1



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.05.2015, 09:53   #8
baeuerlein
 
Positiver Befall mit 4 Trojanern unter Windows7 #1 - Standard

Positiver Befall mit 4 Trojanern unter Windows7 #1



Code:
ATTFilter
ComboFix 15-05-13.01 - Michael 14.05.2015   9:43.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4078.1803 [GMT 2:00]
ausgeführt von:: c:\users\Michael\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
FW: FireWall *Disabled* {753F9273-B322-2907-AC37-03D0F1702F22}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\DFR22E.tmp
C:\DFR238.tmp
C:\DFR23E.tmp
C:\DFR25F.tmp
C:\DFR287.tmp
C:\DFR28C.tmp
c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\users\Antonia\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4C3CD35B-0AEF-42AB-810E-715589E43DF3}.xps
c:\users\Antonia\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CB57B7D2-5295-41A2-977E-89E1F9D7DB0B}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0948B347-CDC6-4A50-8CAB-B567F7A8C2AE}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{155092C3-97EA-4F33-8B54-330B96864BF6}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1B721773-D4DD-4865-A6E9-98671B5A896D}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{25B5B7B4-D01C-431A-A207-C8EC150A1D07}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{349D9C32-E74E-49D6-8B8D-64C1F5FF0B84}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3ECAB25E-C9DF-4409-B8D6-46A2FFFAE80F}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4C579C2B-A4B1-4488-9C1D-32D1C418B6BC}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6DC93B31-A912-41EB-8752-60D5E9F3AD59}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AA374F53-D161-4B57-B642-C6E11469F29C}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B2FD1BFA-E62D-4860-96EC-77BB74F1EE58}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C7380766-2401-4CB6-8463-1E156A82B423}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D1131B9A-A5B9-4C5E-83B5-8256A1CD5C6F}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D982ADE7-9C56-422F-9977-A77292DEE133}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EE3FF310-4080-4CC1-A2C0-8D3ACDC17B14}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F1C5F265-678B-47C7-816E-A25DE418B6A8}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FBE4AD88-8097-4D8C-97FC-8CF7C21A8DF5}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FD0B4329-87F2-4A63-8345-F78EB925205B}.xps
c:\users\Michael\AppData\Local\Temp\_MEI59922\_ctypes.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\_elementtree.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\_hashlib.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\_multiprocessing.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\_psutil_windows.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\_socket.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\_ssl.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\_yappi.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\common.time34.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\hashobjs_ext.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\pyexpat.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\pysqlite2._sqlite.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\python27.dll
c:\users\Michael\AppData\Local\Temp\_MEI59922\pythoncom27.dll
c:\users\Michael\AppData\Local\Temp\_MEI59922\PyWinTypes27.dll
c:\users\Michael\AppData\Local\Temp\_MEI59922\select.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\unicodedata.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\usb_ext.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\win32api.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\win32com.shell.shell.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\win32crypt.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\win32event.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\win32file.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\win32gui.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\win32inet.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\win32pdh.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\win32pipe.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\win32process.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\win32profile.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\win32security.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\win32ts.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\windows._lib_cacheinvalidation.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\wx._animate.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\wx._controls_.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\wx._core_.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\wx._gdi_.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\wx._html2.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\wx._misc_.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\wx._windows_.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\wx._wizard.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\wxbase294u_net_vc90.dll
c:\users\Michael\AppData\Local\Temp\_MEI59922\wxbase294u_vc90.dll
c:\users\Michael\AppData\Local\Temp\_MEI59922\wxmsw294u_adv_vc90.dll
c:\users\Michael\AppData\Local\Temp\_MEI59922\wxmsw294u_core_vc90.dll
c:\users\Michael\AppData\Local\Temp\_MEI59922\wxmsw294u_html_vc90.dll
c:\users\Michael\AppData\Local\Temp\_MEI59922\wxmsw294u_webview_vc90.dll
c:\users\Michael\AppData\Local\Temp\7zS5961\HPSLPSVC64.DLL
c:\windows\IsUn0407.exe
D:\install.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
-------\Service_HPSLPSVC
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-04-14 bis 2015-05-14  ))))))))))))))))))))))))))))))
.
.
2015-05-14 08:16 . 2015-05-14 08:16	--------	d-----w-	c:\users\Kerstin(1)\AppData\Local\temp
2015-05-14 08:16 . 2015-05-14 08:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-05-14 08:16 . 2015-05-14 08:16	--------	d-----w-	c:\users\BENJAMIN.ABKM-2012\AppData\Local\temp
2015-05-14 08:16 . 2015-05-14 08:16	--------	d-----w-	c:\users\Antonia\AppData\Local\temp
2015-05-13 22:24 . 2015-05-01 13:17	124112	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 22:24 . 2015-05-01 13:16	102608	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 13:00 . 2015-04-13 03:28	328704	----a-w-	c:\windows\system32\services.exe
2015-05-13 12:59 . 2015-04-20 03:17	1647104	----a-w-	c:\windows\system32\DWrite.dll
2015-05-10 08:04 . 2015-05-10 09:34	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-05-09 13:13 . 2015-05-09 13:15	--------	d-----w-	C:\FRST
2015-05-08 12:01 . 2015-05-08 12:01	--------	d-----w-	c:\users\Michael\AppData\Roaming\QuickScan
2015-05-01 18:10 . 2015-05-01 18:10	229608	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2015-04-24 13:24 . 2015-04-24 13:24	--------	d-----w-	c:\users\BENJAMIN.ABKM-2012\AppData\Roaming\Unity
2015-04-24 13:08 . 2015-04-24 13:08	--------	d-----w-	c:\users\BENJAMIN.ABKM-2012\AppData\Local\Unity
2015-04-15 07:19 . 2015-03-04 04:55	367552	----a-w-	c:\windows\system32\clfs.sys
2015-04-15 07:19 . 2015-03-04 04:41	79360	----a-w-	c:\windows\system32\clfsw32.dll
2015-04-15 07:19 . 2015-03-04 04:10	58880	----a-w-	c:\windows\SysWow64\clfsw32.dll
2015-04-15 00:35 . 2015-04-15 00:35	18645184	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-13 22:28 . 2012-04-14 15:33	140425016	----a-w-	c:\windows\system32\MRT.exe
2015-05-12 07:51 . 2013-03-28 11:10	152744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2015-05-12 07:51 . 2013-03-28 11:10	132120	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-05-10 08:04 . 2014-05-17 14:59	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-10 08:03 . 2014-05-17 14:56	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-05-02 15:58 . 2012-04-11 18:20	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-05-02 15:58 . 2011-07-11 10:28	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-27 19:04 . 2015-05-13 13:00	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-04-14 07:37 . 2014-05-17 14:56	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-04-14 07:37 . 2014-01-18 12:09	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-04-14 01:38 . 2015-04-14 01:38	1217192	----a-w-	c:\windows\SysWow64\FM20.DLL
2015-03-05 09:01 . 2013-05-06 09:00	44088	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2015-03-04 04:41 . 2015-05-13 12:59	309248	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41 . 2015-05-13 12:59	103424	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10 . 2015-05-13 12:59	470528	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-13 12:59	2178560	----a-w-	c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-13 12:59	2560	----a-w-	c:\windows\apppatch\AcRes.dll
2015-02-20 04:41 . 2015-03-11 10:19	41984	----a-w-	c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-11 10:19	100864	----a-w-	c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-11 10:19	14336	----a-w-	c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-11 10:19	46080	----a-w-	c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-11 10:19	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-11 10:19	10240	----a-w-	c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-11 10:19	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-11 10:19	25600	----a-w-	c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-11 10:19	372224	----a-w-	c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-11 10:19	299008	----a-w-	c:\windows\SysWow64\atmfd.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-04-30 10:02	1521800	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2015-03-24 19:34	297128	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-08-13 17:32	1724616	----a-w-	c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-08-13 17:32	1724616	----a-w-	c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-08-13 17:32	1724616	----a-w-	c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2015-03-18 720064]
"OTR Homeloader"="c:\program files (x86)\OTRHomeloader\OTRHomeloader.exe" [2014-02-28 3567616]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2015-01-14 845120]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2015-01-14 1565504]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-24 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-04-17 31280256]
"SealOne"="c:\users\Michael\AppData\Roaming\Seal One\SealOne.exe" [2014-09-26 281080]
"Amazon Music"="c:\users\Michael\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-12-08 6277952]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2015-04-28 25700400]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-11-21 43816]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\tray.exe" [2015-04-08 1010008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2012-09-19 188944]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2011-08-11 627304]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-06-28 5955088]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-06-28 1171336]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2015-04-08 448520]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-05-12 728312]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-01-20 60712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2015-01-14 311616]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 43374104]
FRITZ!DSL Startcenter.lnk - c:\users\Michael\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe [2012-4-6 80896]
Microsoft SharePoint Workspace.lnk - c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE /TrayOnly [2013-12-19 30814400]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Kopie 1).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet Pro 8500 A910\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN14GBM16G;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe [2013-11-17 1427736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 Blackberry Device Manager;Blackberry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys;c:\windows\SYSNATIVE\DRIVERS\VX6000Xp.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt67.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 avmident;AVM FRITZ!Box-Kindersicherung;c:\program files (x86)\FRITZ!Box-Kindersicherung\avmident.exe;c:\program files (x86)\FRITZ!Box-Kindersicherung\avmident.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE;c:\program files\FRITZ!DSL\IGDCTRL.EXE [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 OfficeSvc;Microsoft Office-Dienst;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusbn.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-01 08:07	988488	----a-w-	c:\program files (x86)\Google\Chrome\Application\42.0.2311.135\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-25 c:\windows\Tasks\Adobe Acrobat Update Task.job
- c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 07:48]
.
2015-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 15:58]
.
2014-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf89f1fda08b48.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 14:20]
.
2014-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cfeadeb7541613.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 14:20]
.
2015-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cfff7a2e6aa93.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 14:20]
.
2015-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d041e914e2aa29.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 14:20]
.
2013-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 14:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-11-07 17:08	357376	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-08-13 17:32	2328776	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-08-13 17:32	2328776	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-08-13 17:32	2328776	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-04-28 09:34	774984	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-04-28 09:34	774984	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-04-28 09:34	774984	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-04-28 09:34	774984	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-04-28 09:34	774984	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-11 11580520]
"VX6000"="c:\windows\vVX6000.exe" [2010-05-20 764784]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-06-28 403144]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-01-27 169768]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.de/webhp?rls=ig
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = fritz.box;*.local
uSearchAssistant = hxxp://www.google.com
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to iPod Converter - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: FRITZ!Box Dial - c:\program files\FRITZ!Box\AddOn (IE)\fb_addon_dial_ie.htm
IE: FRITZ!Box Dial\Contexts - 16 (0x10)
IE: FRITZ!Box Dial\Flags
IE: Mit FRITZ!Box Anrufen - c:\program files (x86)\FRITZ!Box\AddOn (IE)\fb_addon_dial_ie.htm
IE: Mit FRITZ!Box Anrufen\Contexts - 16 (0x10)
IE: Mit FRITZ!Box Anrufen\Flags
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {{328ECD19-C167-40eb-A0C7-16FE7634105F} - {CC68A724-B5F7-4bd3-865C-7D97141A140F} - c:\program files (x86)\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
Trusted Zone: bayer.com\mymail
TCP: DhcpNameServer = 192.168.178.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8gcu6wpb.default-1421500931064\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
AddRemove-Adobe Photoshop Elements 1.0 - c:\windows\ISUN0407.EXE
AddRemove-Adobe SVG Viewer - c:\windows\IsUn0407.exe
AddRemove-Free Disc Burner_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
AddRemove-4086596500.video-download.mediamarkt.de - c:\program files (x86)\Microsoft Silverlight\5.1.20513.0\Silverlight.Configuration.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}"=hex:51,66,7a,6c,4c,1d,38,12,27,28,80,
   ea,f2,9b,77,08,dc,cc,8d,48,4c,7b,c9,f2
"{C0C86BBE-9509-4296-8459-FDBFDAF4B673}"=hex:51,66,7a,6c,4c,1d,38,12,d0,68,db,
   c4,3b,db,f8,07,fb,4f,be,ff,df,aa,f2,67
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}"=hex:51,66,7a,6c,4c,1d,38,12,ce,98,c3,
   35,c7,5c,a0,09,c1,9c,6a,63,e2,38,41,ce
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{25A3A431-30BB-47C8-AD6A-E1063801134F}"=hex:51,66,7a,6c,4c,1d,38,12,5f,a7,b0,
   21,89,7e,a6,02,d2,7c,a2,46,3d,5f,57,5b
"{3A2D5EBA-F86D-4BD3-A177-019765996711}"=hex:51,66,7a,6c,4c,1d,38,12,d4,5d,3e,
   3e,5f,b6,bd,0e,de,61,42,d7,60,c7,23,05
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b0,c0,92,76,3e,d7,95,4d,8f,72,6c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b0,c0,92,76,3e,d7,95,4d,8f,72,6c,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b0,c0,92,76,3e,d7,95,4d,8f,72,6c,\
.
[HKEY_USERS\S-1-5-21-3665776361-1376430445-3332247537-1000\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_0079&PID_0006\Calibration\0\Type\Axes]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-05-14  10:47:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-05-14 08:47
.
Vor Suchlauf: 13 Verzeichnis(se), 52.982.484.992 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 81.804.185.600 Bytes frei
.
- - End Of File - - 2A7736E5D1630C816712E1E59E6F26A0
         

Alt 14.05.2015, 20:48   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Positiver Befall mit 4 Trojanern unter Windows7 #1 - Standard

Positiver Befall mit 4 Trojanern unter Windows7 #1



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.05.2015, 07:26   #10
baeuerlein
 
Positiver Befall mit 4 Trojanern unter Windows7 #1 - Standard

Positiver Befall mit 4 Trojanern unter Windows7 #1



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 14.05.2015
Suchlauf-Zeit: 22:31:17
Logdatei: Malwarebytes Scan.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.14.05
Rootkit Datenbank: v2015.04.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Michael

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 637095
Verstrichene Zeit: 1 Std, 15 Min, 40 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
Code:
ATTFilter
# AdwCleaner v4.204 - Bericht erstellt 15/05/2015 um 07:41:04
# Aktualisiert 12/05/2015 von Xplode
# Datenbank : 2015-05-12.2 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Michael - ABKM-2012
# Gestarted von : C:\Users\Michael\Desktop\Trojan Tools\AdwCleaner_4.204.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aaaaabfjnbeinlpljodiajipidiompfl_0.localstorage
Datei Gefunden : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aaaaabfjnbeinlpljodiajipidiompfl_0.localstorage-journal
Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\Users\Antonia\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\BENJAMIN.ABKM-2012\AppData\Local\AskToolbar
Ordner Gefunden : C:\Users\BENJAMIN.ABKM-2012\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Kerstin(1)\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Michael\AppData\Local\AskToolbar
Ordner Gefunden : C:\Users\Michael\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Michael\AppData\Roaming\pdfforge
Ordner Gefunden : C:\Users\Michael\Documents\Updater
Ordner Gefunden : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

***** [ Geplante Tasks ] *****

Task Gefunden : BrowserDefendert
Task Gefunden : EPUpdater
Task Gefunden : Scheduled Update for Ask Toolbar

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - fritz.box;*.local
Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\d4dddeb53fbf42
Schlüssel Gefunden : HKCU\Software\DriverTuner
Schlüssel Gefunden : HKCU\Software\DriverTuner_Init
Schlüssel Gefunden : HKCU\Software\Free Video Converter
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\apnwidgets.ask.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\apnwidgets.ask.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\linkuryjs.info
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Myfree Codec
Schlüssel Gefunden : HKCU\Software\Optimizer Pro
Schlüssel Gefunden : HKCU\Software\systweak
Schlüssel Gefunden : [x64] HKCU\Software\APN
Schlüssel Gefunden : [x64] HKCU\Software\Ask.com
Schlüssel Gefunden : [x64] HKCU\Software\AskToolbar
Schlüssel Gefunden : [x64] HKCU\Software\Conduit
Schlüssel Gefunden : [x64] HKCU\Software\DriverTuner
Schlüssel Gefunden : [x64] HKCU\Software\DriverTuner_Init
Schlüssel Gefunden : [x64] HKCU\Software\Free Video Converter
Schlüssel Gefunden : [x64] HKCU\Software\Myfree Codec
Schlüssel Gefunden : [x64] HKCU\Software\Optimizer Pro
Schlüssel Gefunden : [x64] HKCU\Software\systweak
Schlüssel Gefunden : HKLM\SOFTWARE\APN
Schlüssel Gefunden : HKLM\SOFTWARE\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gefunden : HKLM\SOFTWARE\d4dddeb53fbf42
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaabfjnbeinlpljodiajipidiompfl
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gefunden : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gefunden : HKLM\SOFTWARE\Uniblue
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKU\.DEFAULT\Software\AskToolbar
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v37.0.2 (x86 en-US)

[0ac9rfex.default] - Zeile Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
[0ac9rfex.default] - Zeile Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");
[psnh2fe3.default] - Zeile Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
[psnh2fe3.default] - Zeile Gefunden : user_pref("browser.search.order.1", "Ask.com");
[psnh2fe3.default] - Zeile Gefunden : user_pref("browser.search.selectedEngine", "Ask.com");
[psnh2fe3.default] - Zeile Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");
[3uzryizw.default] - Zeile Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
[3uzryizw.default] - Zeile Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");

-\\ Google Chrome v42.0.2311.152

[C:\Users\Antonia\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=c0d35548-3270-4529-a1c6-7a1bdfc98397&searchtype=ds&q={searchTerms}&installDate=08/06/2013
[C:\Users\Antonia\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=5ce1fed2-a278-4f92-9880-45c962fcbb88&searchtype=ds&q={searchTerms}&installDate=01/01/1970
[C:\Users\Kerstin(1)\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=c0d35548-3270-4529-a1c6-7a1bdfc98397&searchtype=ds&q={searchTerms}&installDate=08/06/2013
[C:\Users\Kerstin(1)\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=5ce1fed2-a278-4f92-9880-45c962fcbb88&searchtype=ds&q={searchTerms}&installDate=01/01/1970
[C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=c0d35548-3270-4529-a1c6-7a1bdfc98397&searchtype=ds&q={searchTerms}&installDate=08/06/2013
[C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=5ce1fed2-a278-4f92-9880-45c962fcbb88&searchtype=ds&q={searchTerms}&installDate=01/01/1970

*************************

AdwCleaner[R0].txt - [15950 Bytes] - [15/05/2015 07:41:04]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [16010 Bytes] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.1 (05.14.2015:1)
OS: Windows 7 Home Premium x64
Ran by Michael on 15.05.2015 at  8:01:24,10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\Scheduled Update for Ask Toolbar



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3665776361-1376430445-3332247537-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\APN
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\AskToolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Ask.com
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AskToolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Classes\TypeLib\{006ad7b2-968a-11de-88c9-5bde55d89593}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\APN
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\AskToolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3A2D5EBA-F86D-4BD3-A177-019765996711}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}



~~~ Files

Successfully deleted: [File] C:\Windows\wininit.ini



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{000AF36F-2D49-4047-BB46-FE8CF465CCDB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{005C5DC7-B86F-422A-AE34-A89F5D8CA105}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{00E96E51-04AA-4B68-A1A4-4B6DA8A3D26E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{010AF5DB-D919-4739-B2BB-B94EF65EA7A7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{02E3D459-7E67-440C-92D7-C97A6556FF71}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{04813E90-CE30-43B7-BD30-CFC2FD9C8C12}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{05A0BC2B-132C-4A1E-AB4B-A3AEC551085D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{061172A0-139A-414C-ABE9-0BB648825BA9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{08F9919C-7625-44D5-B885-7196167D3B28}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0AC27E47-657E-4BBF-B02F-44BCFABBA1ED}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0B1AD96D-5268-4A62-B57C-C6A20B2274CD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0C4E06F7-CF93-4A58-96EC-AC2ECCBEF238}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0D14382C-F593-46AF-B91E-C913872D111D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0D198CE3-86F7-4C8F-B798-DC40B9D2B720}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0E0CA180-A549-484E-BF06-110B8312D916}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0E7EF0EA-AE52-4D23-8D24-A14EE77A02EB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0E80881C-AC3A-4F58-AF77-7445C33CDB70}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0EBC58F0-444A-413D-82D2-75613D5FE5DA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0FF8951B-89BC-4AC1-968F-7F85407813A7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{110994AC-2C05-45AA-9AFE-086A70BDFE25}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{14735579-9479-457E-B716-422EE640E19B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1704BDA1-6F8D-49F6-ABE3-F511A161381A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{18185846-33C1-4627-8A31-597984A73AED}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1919E9A3-30D9-4D69-956D-AE65F93B70A6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{194981C2-58EC-4FA8-AEAD-DE8C9E3D2A62}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1AEF6657-3145-4957-8CA5-617FCACF540A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1B3B35ED-F750-462D-8F81-890BC573A716}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1BCBAAFB-20E6-489E-9D62-42E6E191CBE8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1BE8A2EA-20AF-4B39-B840-5877C8F9EB50}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1C9928FB-3F67-45D3-9C21-20D1C3380A61}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1D0CC8EF-EF11-4ED2-AD8B-0B5164F6B535}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1DAF7AFF-3DE0-4677-A7E5-520B604A2D88}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{204D68C0-017B-4419-BD14-D9A8C3B0C5BC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2173D849-8D5D-41F7-BA1D-604FD3344462}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{21F726EB-6DBB-47A2-A74B-C9B6CAB25DCA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2224F3C4-1B80-4DAE-A409-0725C70A9E25}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{23273003-20DD-48FD-A14D-8937A75D0767}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{23907934-A79C-46FE-94B8-28A05064A508}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2430433A-0D41-4F3D-B444-2BAB75692C50}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{243BC27C-52CA-498C-9237-A1FE78AB53EF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2561D4A6-4769-43B6-833B-080F9A189E05}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{272B0C82-7DDA-4A80-9277-CE6D2B1CF74C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2832E109-8805-44D8-A867-BA9985FCBF68}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2852D498-5487-49E4-8CE4-FDC126344AEA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{290576B4-C151-469E-8637-613730C2CD2E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2A1450E1-AD7C-4C76-B3C6-43BA3DD5893E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2B511FF1-D61C-49CF-AA54-B47042D01F58}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2CC333B7-77F7-4A06-A4DC-1B9DCC8A8170}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3065A67D-0879-4855-B6F2-C4E6569632F5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{30B405FD-E7EC-410A-A2BD-736C7A4773E5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{30E48391-70AD-41B6-854C-026DB6FFCC71}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3293D3B3-58CB-4BB5-996F-E777100BC5A3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{34BA41D6-6436-40D2-8DB5-1B35E6C19E68}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{350FC8F6-F5AD-4C34-A1A3-94C9C0643D78}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{357B4DF6-0AB5-4471-A1A9-B02E3AA3BF24}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{35BF10CC-F0C3-42C2-9883-FC2D738D2172}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{37011C0E-A917-45D8-B8BE-9DE5B735973A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3946F6EB-923E-4475-BFEF-6649985275C0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{39DCC3D1-5BF0-402C-A186-2EB626121E98}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3ADDB359-C9AD-4257-B286-1C416EAFE2AD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3AEE9A9E-5A95-4CFF-A5A4-204C64AD8948}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3B82BF26-6FB3-480E-B3E5-16B7FCC0A53F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3BE54D64-3086-4952-B876-66AE8CF63CA4}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{40E48459-8A50-48B5-ADAF-D2DEF391640C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4213142C-F15D-4B7E-BE28-B779FE006A76}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{43B1F860-291E-40CA-8641-2D8BFE2229EE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{445E19C9-A32D-402A-9C1C-F8D44C5F592F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{44F741DA-A9AC-4ED2-B5C8-2A41068F4C0E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4529A683-8E55-4956-8105-D75116FE22D1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{45425EF8-CB09-4296-AD41-10A93F1662D9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4563CA98-9D08-4847-8504-5DCDE58AB200}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{459A2762-3639-454C-9D83-49D6D9DD66E0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{477C352C-E92A-447E-A47B-2DE6C4C20EEB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{478372D9-7D12-4910-B611-1B0BF48FAD05}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{48E478D2-5D89-4976-9938-6C53E600721A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4917958E-1019-4EFD-B113-7AA8FC872D1D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{49C515CF-6498-4344-ACA1-961DF68E0E42}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4A31F116-EF1D-4711-B1C7-251E58B56846}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4BAAC4B2-A6EE-4BF2-8AB9-019F2106AE13}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4CBF23B3-B5B5-4D14-9724-CCDBC563BCDA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4DC9007F-9EBE-4505-A674-9F1662C6E3AE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4E3BBB86-F528-431E-88AB-B09EC741FF9C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4E4E45BB-B6A5-436A-BF0D-467AF8948118}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4E4F1734-5153-4DA3-B02E-27C43A689622}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4E502F69-CA52-4150-B420-9A78FB27586E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5002F1D3-B21A-4826-8BB9-F9F48A2CA9D7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{51C49C57-C79A-4607-A746-A18B0C608EE8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{521E9C73-D95B-4860-A5A4-B372616AE2FA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{52465F34-025F-46EA-92A7-743461541967}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{52A799EE-223F-446A-8D22-ABF90F0DE5DC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{55A75EE3-7B7F-44B2-9645-A7CF5DE8ED1F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{55D5D621-C512-43FB-802B-72B0A310D62B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{56031319-A24C-4932-93C9-DF582175213A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{566D2758-F8AD-4E49-A0EE-5B6D9A09E09A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{56E41075-1AC2-4F13-8CA5-7C60AEA7406F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{57B22EE2-7FBD-4D5A-8D34-95CF2B316F14}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{582D91EE-5247-4DCC-9FAE-C6DB162F75C5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{58D5D425-830F-449D-B82B-B5E003D58250}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{59269A16-37EE-4A62-B3F7-6F7336DAF117}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5CA5F328-FEB6-4597-A743-C5995A06347A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5CC7CB64-02DC-4C65-BECE-831B7D923704}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5D59DCC9-510F-4272-88EE-8023CBEDBD84}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5E2BFDA1-8E29-407B-A37E-A2971A96CE66}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5E8C9B65-A7E2-4C79-8521-9E4635D029A5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5F262F01-B2BC-4420-9C3B-DCD6BA0FC790}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5F66CB5C-3B8D-4DBE-BCF7-464D0B858C1F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5F728A5A-10B8-432A-B540-773E94EA07AB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5F92E659-E31A-499A-95E6-A71D5BCD8046}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{611B5D6B-906A-4328-8C4F-E1DBCAB78B2F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{61569947-201C-47B0-A417-DFDFFA3AFCAA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{619AB44C-E2B2-4845-81D5-9D58A626862A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{63C04F05-008B-4312-B16E-A130A1A94E01}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{642D1B92-7E0C-4DA9-8808-CAE6E7760F0D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6556B80D-5AC5-4755-AA54-BCFD98E7E65D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{67F6EFCE-D169-4022-BCB6-34299246C4D8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6852CDE9-D50A-42FC-B625-63470B5A2825}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{69767B47-B9DE-4750-9B3B-D6E4DD8018A5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6A227EF8-D0A1-4EB9-A0CB-D471C9D21DD8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6A827B06-B331-443A-AACB-2EC80D815ED7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6B274291-6255-4BB8-BF46-C7845583542E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6BD1CA1D-2D2D-4FB4-B2F5-6338150D66B6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6C93B4D1-DC3F-4710-9F6B-AEF21069A01C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6E532C9A-877E-4FBF-863E-DBE4B323F5E7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6E8321A7-A700-4328-9B05-88EE6E63834A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6F7C11E9-1E85-408E-AB0D-19F5E20780A3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{725ABADA-627D-42BD-B83E-D59557FC399D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{73C147A7-31EA-42BB-840A-9394A2018828}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{765E7271-C422-496B-B2FD-A05EA0E476E5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{76F66E32-F6D1-47BF-94D1-CDDF65FA4116}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{795F0907-44AD-4987-947E-296C2B54B9A7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7CB83092-FD10-46D6-8F05-ADE5FEDDAE07}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7E44056E-6C6B-4630-86F6-DAE367D12F45}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7E8705A2-18B2-4143-9ECF-3547F8A06E89}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{80B9428B-DD70-41CB-952E-8133B48BCDAF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{81292572-2F20-401C-93C4-173FEC2897F0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{81B7E283-20AA-4E01-B371-6BD21741B2C3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{81B9B1AA-8FFD-4C80-AEF6-10E3F3B898FE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{83D58E2B-D082-4033-8D0A-C9933B5EFC7B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8713FAC3-EA39-4610-9DAC-A9D23B97A225}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{88D84127-6B98-4764-B117-84926232E9A1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{88FFBA72-2534-429C-BDAB-962C788ECE0B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{89394E07-6891-4662-963A-5718036C8C37}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{89DFE551-9EB1-4D88-9C18-70000DAEE3FE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8A502CF6-C1B4-45AD-870E-EB34C865CB2D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8BBFCAD1-CA6F-420F-AB2F-6D16B6F8EF8B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8C3B8D37-C90F-4737-85FA-A3F33AE015D1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8DB52E62-3E56-485F-9EFA-B9CB35B64210}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8F5E95B3-CE9F-4394-94ED-ADBE15E2E92C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9321877D-52BF-4603-9309-9849E0FBE4B9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{93EC67FB-AC66-4030-8AA8-9B714F29AD58}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{94B27883-406C-45C5-918B-D8A2B666B5E0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{95B0F9F9-02DE-4A81-A183-6026C3C6E062}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{96EF75C7-5046-4ECD-A282-FAC50341A227}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{988741C0-E97C-443B-9216-5C314F3D9270}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{98E10EF7-69A0-4359-991A-FAFB28146CEB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{993671A0-A4FA-4B68-86F1-D0B08F2DA00A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9A120705-824F-4ADB-9404-06F3FFAF31D2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9F7C7865-C765-4EBA-A8F9-CE85EFF5BA21}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A1C1345F-079C-4100-BB92-B6926628F080}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A1D50CF0-8AE6-4AB2-93D2-BD1419075BF6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A2A4E140-3361-47BF-8F11-48F20BDA078D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A3F8D4B6-DB9D-4FFB-B382-E7859F3F5308}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A44BC937-05DE-4580-A0A6-B8F9BBF8422E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A5A2AD3A-DB23-4978-B53B-3D37331AABC9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A605492F-BE33-41FC-9CB7-4EA36865E539}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A631564A-4944-472F-9145-C82A0A6BABE5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A9A2F0AD-8576-4498-832E-38729F4BA8BC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{ABE19ED3-BE9E-4CA8-9046-C6D433FB7D6B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AC96C373-6AEC-423A-9F7B-A75D904DE05D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AE3C3A0E-0CEC-4C47-B05B-416463B4FC12}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AE3C88E3-C071-4D59-A4C7-7737A981344B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AE875BDE-0D4D-4875-A695-CC986383393E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B0C13734-9357-4D6D-A242-5CE4F32077BF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B14CB146-834C-4E25-B605-02D7913987B4}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B28C3F14-AD19-43B5-908D-4B409049E668}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B2B89F51-D45D-4FF1-B7B5-B50200844EB5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B3BAE988-677C-4A50-AF63-1279AAB92ED0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B3C0CF51-1A2A-4D63-BEF1-F8D17DC80FF7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B425F9F4-A435-4A32-AFAD-F135679C015F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B4DB4034-3786-427C-9D6F-169A075FA0BF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B5135604-2B98-4156-B4DC-C07E7EEE346D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B5D8CFB5-0961-4681-9B2B-5AB6AA56C78E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B5F3CAFB-CF49-45BF-B219-F1542071DF50}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B68BCF17-F815-46AE-97F5-1731479AEFB0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B9D1EFF5-973A-4C08-8D4F-63DFD457C60A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B9E62D55-BDD7-46CA-969D-BF434364A045}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BCDE82EE-4C42-4151-9D86-24D399548BE2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BD2E3547-E215-42CC-BDD1-1F02BBC4B0B3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BD8B38D6-BE4A-4449-B345-401297AEB4E9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BDC72780-E7CF-433B-BC4D-121512BAF78B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BE2263B0-D038-46B6-94A9-4C6E16AF46E9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BE80DAC8-BC15-419C-A1DA-45292C54E5D8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BFF0D7E1-6D40-427D-A725-7CEF575B816C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C1D9F769-C318-4D35-A682-006F5D1957CD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C272D2BF-B367-41EB-8B64-3E1665ABCEEE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C2B60F9A-5E39-42A5-A1B3-A8D48669B688}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C2F05901-7005-4DCE-AE6A-E0BCA2BA576F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C44AC4B5-ECD6-4D93-842A-2D50FCF2CBF7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C49F6AAC-0D00-4B99-8517-EF6A79B4C270}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C5D5B2C6-9477-4842-ABFB-905CABFDB40F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C7407E8F-6773-4197-9509-1FA972836FFA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C752CA0D-0C8C-4BD3-8FFA-DD83C58FCC77}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C7C9CE20-200B-4FAF-A7C1-6A94568563A4}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C86B5B53-1CA3-4473-BEFA-83125FC764F8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C8E0F899-153D-4E88-B439-A588E86D29DD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CCB0CC96-0BE1-48B8-BBA1-65AA788940FF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CE958FD0-4905-4F42-95F8-BC8CA269EEB0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CEA271FC-F427-49B3-92A1-8A4A5FC154A1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CF45AD25-98B3-4995-982B-C6BEBA338B61}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CF7D3D56-511D-4E10-8941-123A252CFFE7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CFCFB3BF-B88B-4EE4-8DB7-FD5158ACF71B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D2274F29-FFCF-4B35-8659-4FA1DFC5853E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D253CA3F-D535-41CD-BB39-CB4B12DB4BFB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D28D4133-5B7A-49BC-8D36-7A6FF6318651}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D2BA93EF-9BF0-4898-8252-CAF8E38892FB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D30EAD54-2C9D-4449-B7BD-EFC52EC5C85C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D34DC55A-68CD-417D-A3D1-88BBB119C08C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D48DCE9E-1E8C-4998-99EB-AF93838C2C0F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D647AC80-F0C3-408E-A719-A3508FC1A8F4}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D808EBCD-1CD6-4DF6-81FF-A4842F2543DC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D883FACE-F036-4F0A-B8E2-EC3A5AA811F3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D897F718-F5DF-4422-A5CC-574DA9242C71}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D9A1D825-17D9-48E2-9C87-CD0CE457ED34}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DA29F67F-04D8-4A39-850D-6F903444ECFD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DA564153-B4FF-4EF1-BABA-F124761644E9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DAD4DB08-1A2B-4F13-BD6B-7C4DDF31F560}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DBEAD07E-895F-4EB9-9239-AD26622ACCAF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DBEB0CA3-4B46-4495-A3DA-1AD0FB01394D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DE9CB018-8660-42E8-9785-FC6AE8CEB999}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E31031EB-7B43-4BF3-9472-906CC1244C1B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E39A4E20-91C5-46E2-9BE7-CC40E5ACC43C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E44E6449-0481-4B45-B17C-7431D1FB1D9A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E637B49D-48A3-4B2B-8068-9A0904486645}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E6420D90-D985-4EA8-85A6-D5AD1A47010A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E70D3B98-F226-4F8B-8A2D-7F76141C2C41}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E71B3051-B6A8-463A-AB5C-08B5CF7837C6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E79F85F0-2CDD-46DD-BDEC-D4283CA23666}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E88D6C16-E32B-4A87-AC03-1663262A9C61}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E93B4D73-1595-462C-9358-F8399ACD9D26}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E9449978-250F-412E-9D2B-916833194389}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E97E7519-D80B-4510-B2DF-B266005E584A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{EA2EBA12-0315-4671-9513-358718E61F53}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{EBA9A5B0-847F-4CB3-9257-41D158151B37}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{ECF9BFEC-4C06-40E7-83E0-1CA8CF19A756}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F1FC2C16-82B4-4CC2-933E-E19390832A72}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F28FC461-4733-4CA4-8DF8-D6CEEA0B67FE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F37F16D7-7A37-4727-BD80-CC6F81B7CAE1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F38EF0DB-6E58-4E80-BC01-708C56CA0C54}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F542F348-1037-4591-ABCE-EAA5E614E4E8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F67325D9-385B-4D0E-9B90-57954A31A4EF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F7E1DFAA-2C91-4DA7-B803-1875ED5777B9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FBBB17F2-E3E6-4F14-993D-D3CC410F1047}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FC450153-02FB-4225-BC8E-5926D298A994}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FF251299-1F6A-4627-A6AF-B6EFB6042DFB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FF339EDC-7689-4B2D-94DD-99DB626C862B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FF577B66-ECB4-4876-AB24-C985872786FA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FF813D90-BBCA-4D10-B30E-6B29DA22023A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FFD7135D-5345-4FD0-B474-026FF6F6706F}
Successfully deleted: [Folder] C:\Program Files (x86)\ask.com
Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec
Successfully deleted: [Folder] C:\Users\Michael\AppData\Roaming\pdfforge



~~~ FireFox

Emptied folder: C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\8gcu6wpb.default-1421500931064\minidumps [1 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.05.2015 at  8:04:12,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Weiterhin ist erneut aufgetreten:
Antivir ist aktiv, meldet aber, dass es kein Update durchführen kann (kein Internet).

Code:
ATTFilter
# AdwCleaner v4.204 - Bericht erstellt 15/05/2015 um 08:14:35
# Aktualisiert 12/05/2015 von Xplode
# Datenbank : 2015-05-12.2 [Lokal]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Michael - ABKM-2012
# Gestarted von : C:\Users\Michael\Desktop\Trojan Tools\AdwCleaner_4.204.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\Antonia\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\BENJAMIN.ABKM-2012\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\BENJAMIN.ABKM-2012\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Kerstin(1)\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Michael\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Michael\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Michael\Documents\Updater
Datei Gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aaaaabfjnbeinlpljodiajipidiompfl_0.localstorage
Datei Gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aaaaabfjnbeinlpljodiajipidiompfl_0.localstorage-journal

***** [ Geplante Tasks ] *****

Task Gelöscht : BrowserDefendert
Task Gelöscht : EPUpdater
Task Gelöscht : Scheduled Update for Ask Toolbar

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaabfjnbeinlpljodiajipidiompfl
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\apnwidgets.ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Schlüssel Gelöscht : HKCU\Software\d4dddeb53fbf42
Schlüssel Gelöscht : HKLM\SOFTWARE\d4dddeb53fbf42
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Free Video Converter
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\DriverTuner_Init
Schlüssel Gelöscht : HKCU\Software\DriverTuner
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKU\.DEFAULT\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\apnwidgets.ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\linkuryjs.info
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - fritz.box;*.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v37.0.2 (x86 en-US)

[0ac9rfex.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
[0ac9rfex.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
[psnh2fe3.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
[psnh2fe3.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1", "Ask.com");
[psnh2fe3.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
[psnh2fe3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
[3uzryizw.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
[3uzryizw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");

-\\ Google Chrome v42.0.2311.152

[C:\Users\Antonia\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=c0d35548-3270-4529-a1c6-7a1bdfc98397&searchtype=ds&q={searchTerms}&installDate=08/06/2013
[C:\Users\Antonia\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=5ce1fed2-a278-4f92-9880-45c962fcbb88&searchtype=ds&q={searchTerms}&installDate=01/01/1970
[C:\Users\Kerstin(1)\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=c0d35548-3270-4529-a1c6-7a1bdfc98397&searchtype=ds&q={searchTerms}&installDate=08/06/2013
[C:\Users\Kerstin(1)\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=5ce1fed2-a278-4f92-9880-45c962fcbb88&searchtype=ds&q={searchTerms}&installDate=01/01/1970
[C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=c0d35548-3270-4529-a1c6-7a1bdfc98397&searchtype=ds&q={searchTerms}&installDate=08/06/2013
[C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=5ce1fed2-a278-4f92-9880-45c962fcbb88&searchtype=ds&q={searchTerms}&installDate=01/01/1970

*************************

AdwCleaner[R0].txt - [16266 Bytes] - [15/05/2015 07:41:04]
AdwCleaner[R1].txt - [15036 Bytes] - [15/05/2015 08:11:36]
AdwCleaner[S0].txt - [14503 Bytes] - [15/05/2015 08:14:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14563  Bytes] ##########
         

Alt 15.05.2015, 07:36   #11
baeuerlein
 
Positiver Befall mit 4 Trojanern unter Windows7 #1 - Standard

Positiver Befall mit 4 Trojanern unter Windows7 #1



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 02
Ran by Michael (administrator) on ABKM-2012 on 15-05-2015 08:28:51
Running from C:\Users\Michael\Desktop\Trojan Tools
Loaded Profiles: Michael (Available profiles: Michael & Antonia & Kerstin(1) & BENJAMIN)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation
) C:\Windows\vVX6000.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Seal One AG) C:\Users\Michael\AppData\Local\Temp\Seal One\SealOne.exe
() C:\Users\Michael\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
(Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-11] (Realtek Semiconductor)
HKLM\...\Run: [VX6000] => C:\Windows\vVX6000.exe [764784 2010-05-20] (Microsoft Corporation
)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403144 2012-06-28] (Acronis)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [188944 2012-09-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-11] ()
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5955088 2012-06-28] (Acronis)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1171336 2012-06-28] (Acronis)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-04-08] (DivX, LLC)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-01-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [OTR Homeloader] => C:\Program Files (x86)\OTRHomeloader\OTRHomeloader.exe [3567616 2014-02-28] (© onlinetvrecorder.com)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2015-01-14] (Samsung)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1565504 2015-01-14] (Samsung)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-24] (Google Inc.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [SealOne] => C:\Users\Michael\AppData\Roaming\Seal One\SealOne.exe [281080 2014-09-26] (Seal One AG)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [Amazon Music] => C:\Users\Michael\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2012-04-12]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Kerstin(1)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-05-26]
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Kerstin(1)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Netzwerk).lnk [2013-02-22]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-10-31]
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk [2012-04-06]
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Users\Michael\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe ()
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk [2012-04-14]
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012-05-17]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Kopie 1).lnk [2013-02-16]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Kopie 1).lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
GroupPolicyUsers\S-1-5-21-3665776361-1376430445-3332247537-1009\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3665776361-1376430445-3332247537-1005\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000 -> DefaultScope {96823B65-B9E8-404A-AFE9-A36A99662E05} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000 -> {96823B65-B9E8-404A-AFE9-A36A99662E05} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2013-07-09] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: FRITZ!Box Addon BHO -> {C0C86BBE-9509-4296-8459-FDBFDAF4B673} -> C:\Program Files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll [2012-12-11] (AVM Berlin)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2013-08-13] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: FRITZ!Box Addon BHO -> {C0C86BBE-9509-4296-8459-FDBFDAF4B673} -> C:\Program Files (x86)\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll [2012-12-11] (AVM Berlin)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab
Handler-x32: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax [2011-10-20] (ACE GmbH)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2013-04-28] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8gcu6wpb.default-1421500931064
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-02] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-02] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-07-09] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @protectdisc.com/NPMPDRM -> C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll [2011-10-11] ( )
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll [2012-11-02] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-02-06] (Apple Inc.)
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8gcu6wpb.default-1421500931064\Extensions\2020Player_IKEA@2020Technologies.com [2015-03-21]
FF Extension: Bitdefender QuickScan - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8gcu6wpb.default-1421500931064\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2015-05-08]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8gcu6wpb.default-1421500931064\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-04-10]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-24]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-06-01]

Chrome: 
=======
CHR DefaultSearchKeyword: Default -> search.snapdo.com
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-28]
CHR Extension: (Skype Click to Call) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-07-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-28]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-01]
CHR HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Michael\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-01-24]
CHR HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-03-15] (Adobe Systems) [File not signed]
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-12] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 avmident; C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe [76288 2011-09-27] (AVM Berlin) [File not signed]
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-05-28] () [File not signed]
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-09] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-25] (AVM Berlin)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-10-30] () [File not signed]
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-25] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 VX6000; C:\Windows\System32\DRIVERS\VX6000Xp.sys [2143600 2010-05-20] (Microsoft Corporation
)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-15 08:04 - 2015-05-15 08:04 - 00031977 _____ () C:\Users\Michael\Desktop\JRT.txt
2015-05-15 08:01 - 2015-05-15 08:01 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ABKM-2012-Windows-7-Home-Premium-(64-bit).dat
2015-05-15 08:01 - 2015-05-15 08:01 - 00000000 ____D () C:\RegBackup
2015-05-15 07:40 - 2015-05-15 08:14 - 00000000 ____D () C:\AdwCleaner
2015-05-14 22:16 - 2015-05-15 08:16 - 00000022 _____ () C:\Windows\S.dirmngr
2015-05-14 10:47 - 2015-05-14 10:47 - 00048438 _____ () C:\ComboFix.txt
2015-05-14 09:38 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-14 09:38 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-14 09:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-14 09:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-14 09:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-14 09:38 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-14 09:38 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-14 09:38 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-14 09:37 - 2015-05-14 10:47 - 00000000 ____D () C:\Qoobox
2015-05-14 09:37 - 2015-05-14 10:45 - 00000000 ____D () C:\Windows\erdnt
2015-05-14 09:34 - 2015-05-14 09:34 - 05623645 ____R (Swearware) C:\Users\Michael\Desktop\ComboFix.exe
2015-05-14 00:24 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 00:24 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 15:01 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 15:01 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 15:01 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 15:01 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 15:01 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 15:01 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 15:01 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 15:01 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 15:01 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 15:01 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 15:01 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 15:01 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 15:01 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 15:01 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 15:01 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 15:01 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 15:01 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 15:01 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 15:01 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 15:01 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 15:01 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 15:01 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 15:01 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 15:01 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 15:01 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 15:01 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 15:01 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 15:01 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 15:01 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 15:01 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 15:01 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 15:01 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 15:01 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 15:01 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 15:01 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 15:01 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 15:01 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 15:01 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 15:01 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 15:01 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 15:01 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 15:01 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 15:01 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 15:01 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 15:01 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 15:01 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 15:01 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 15:01 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 15:01 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 15:01 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 15:01 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 15:01 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 15:01 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 15:01 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 15:01 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 15:01 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 15:01 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 15:01 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 15:01 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 15:01 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 15:01 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 15:01 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 15:01 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 15:01 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 15:00 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 15:00 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 15:00 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 15:00 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 15:00 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 15:00 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 15:00 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 15:00 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 15:00 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 15:00 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 15:00 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 15:00 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 15:00 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 15:00 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 15:00 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 15:00 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 15:00 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 15:00 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 15:00 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 15:00 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 15:00 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 15:00 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 15:00 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 15:00 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 15:00 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 15:00 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 15:00 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 15:00 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 15:00 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 15:00 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 15:00 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 15:00 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 15:00 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 14:59 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 14:59 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 14:59 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 14:59 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 14:59 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 14:59 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 14:59 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 14:59 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 14:59 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 14:59 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 14:59 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 14:59 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 14:59 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 14:59 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 14:59 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 09:53 - 2015-05-12 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-11 19:12 - 2015-05-11 19:12 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Local\{7914B217-5846-49DC-892A-F5C07EC41841}
2015-05-10 10:04 - 2015-05-10 11:34 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-09 15:13 - 2015-05-15 08:28 - 00000000 ____D () C:\FRST
2015-05-09 15:13 - 2015-05-09 15:13 - 00000000 _____ () C:\Users\Michael\defogger_reenable
2015-05-09 09:06 - 2015-05-15 08:27 - 00000000 ____D () C:\Users\Michael\Desktop\Trojan Tools
2015-05-08 17:21 - 2015-05-09 17:38 - 00000000 ____D () C:\Users\Michael\Desktop\Antivir Rescue
2015-05-08 15:01 - 2015-05-08 15:01 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-08 14:03 - 2015-05-08 14:03 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-08 14:01 - 2015-05-08 14:01 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\QuickScan
2015-05-08 11:37 - 2015-05-08 11:37 - 00000000 ____D () C:\Users\Antonia\Desktop\runtime
2015-05-08 11:35 - 2015-05-08 11:40 - 00000000 ____D () C:\Users\Antonia\Desktop\game
2015-05-08 11:03 - 2015-05-08 11:03 - 00000000 ____D () C:\Users\Antonia\AppData\Local\{56D3392A-6DA5-4C13-BEB3-CF502A9CC135}
2015-05-03 17:21 - 2015-05-03 17:21 - 00000000 ____D () C:\Users\Antonia\AppData\Local\{6677D07C-D21C-4218-A05E-5F02BFC9FCE3}
2015-05-02 17:55 - 2015-05-02 17:55 - 00007158 _____ () C:\Users\Kerstin(1)\Desktop\Fliesen - Verknüpfung.lnk
2015-05-02 17:54 - 2015-05-02 17:55 - 00000000 ____D () C:\Users\Public\Documents\Sentastr
2015-05-01 11:58 - 2015-05-01 11:58 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Local\{84B21787-061C-4822-9126-03D044371819}
2015-04-27 09:18 - 2015-04-27 09:18 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Local\{BDC3A217-B9AD-45C9-8C79-C291528228E8}
2015-04-24 15:24 - 2015-04-24 15:24 - 00000000 ____D () C:\Users\BENJAMIN.ABKM-2012\AppData\Roaming\Unity
2015-04-24 15:08 - 2015-04-24 15:08 - 00000000 ____D () C:\Users\BENJAMIN.ABKM-2012\AppData\Local\Unity
2015-04-24 15:07 - 2015-04-24 15:08 - 01088384 _____ (Unity Technologies ApS) C:\Users\BENJAMIN.ABKM-2012\Downloads\UnityWebPlayer(2).exe
2015-04-24 15:07 - 2015-04-24 15:07 - 01088384 _____ (Unity Technologies ApS) C:\Users\BENJAMIN.ABKM-2012\Downloads\UnityWebPlayer(1).exe
2015-04-24 15:06 - 2015-04-24 15:06 - 01088384 _____ (Unity Technologies ApS) C:\Users\BENJAMIN.ABKM-2012\Downloads\UnityWebPlayer.exe
2015-04-24 12:04 - 2015-04-24 12:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-21 15:42 - 2015-04-21 15:42 - 00044032 ___SH () C:\Users\BENJAMIN.ABKM-2012\AppData\Roaming\Thumbs.db
2015-04-21 15:42 - 2015-04-21 15:42 - 00001526 _____ () C:\Users\BENJAMIN.ABKM-2012\AppData\Roaming\.minecraft - Verknüpfung.lnk
2015-04-21 15:28 - 2015-04-21 15:29 - 05263187 _____ () C:\Users\BENJAMIN.ABKM-2012\Downloads\FC Pack V8-1.7.10-4.8.0.zip
2015-04-15 09:20 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 09:20 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 09:20 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 09:20 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 09:20 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 09:20 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 09:20 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 09:20 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 09:20 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 09:20 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 09:20 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 09:20 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 09:20 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 09:20 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 09:20 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 09:20 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 09:20 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 09:20 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 09:20 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 09:20 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 09:20 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 09:20 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 09:20 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 09:20 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 09:19 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 09:19 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 09:19 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-15 08:26 - 2011-11-24 07:07 - 01224214 _____ () C:\Windows\WindowsUpdate.log
2015-05-15 08:23 - 2012-04-06 20:14 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype
2015-05-15 08:21 - 2015-01-24 16:25 - 00000000 ___RD () C:\Users\Michael\Google Drive
2015-05-15 08:21 - 2014-10-31 00:10 - 00000000 ___RD () C:\Users\Michael\Dropbox
2015-05-15 08:21 - 2013-05-26 21:11 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Dropbox
2015-05-15 08:17 - 2012-04-28 11:34 - 00000000 ____D () C:\Users\Michael\AppData\Local\CrashDumps
2015-05-15 08:16 - 2012-04-06 17:44 - 00654759 _____ () C:\Users\Michael\DesktopStCenter.txt
2015-05-15 08:16 - 2009-07-14 06:51 - 00293137 _____ () C:\Windows\setupact.log
2015-05-15 07:39 - 2012-04-11 20:45 - 00000000 ____D () C:\Users\Michael\Documents\Outlook-Dateien
2015-05-14 22:31 - 2014-05-17 16:59 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-14 22:27 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-14 22:27 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-14 22:22 - 2011-11-20 07:23 - 00702980 _____ () C:\Windows\system32\perfh007.dat
2015-05-14 22:22 - 2011-11-20 07:23 - 00150620 _____ () C:\Windows\system32\perfc007.dat
2015-05-14 22:22 - 2009-07-14 07:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-14 10:47 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-14 10:36 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-14 10:34 - 2010-11-21 05:47 - 01067604 _____ () C:\Windows\PFRO.log
2015-05-14 10:34 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\default.bak
2015-05-14 10:34 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-05-14 10:34 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-05-14 09:30 - 2014-10-31 00:09 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-14 09:29 - 2013-09-22 17:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-14 09:23 - 2012-05-06 13:46 - 00000000 ____D () C:\Users\Michael\Tracing
2015-05-14 09:12 - 2009-07-14 06:45 - 00446824 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 09:08 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 09:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-14 00:43 - 2012-04-06 21:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 00:41 - 2013-08-14 08:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 00:28 - 2012-04-14 17:33 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-14 00:24 - 2013-03-13 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-14 00:24 - 2013-03-13 21:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 00:24 - 2013-03-13 21:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 22:28 - 2012-04-15 21:31 - 00000000 ____D () C:\Users\Kerstin(1)\Documents\Outlook-Dateien
2015-05-13 08:03 - 2013-05-26 21:13 - 00000000 ___RD () C:\Users\Kerstin(1)\Dropbox
2015-05-13 08:03 - 2013-05-26 21:10 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Roaming\Dropbox
2015-05-12 09:51 - 2013-03-28 13:10 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-12 09:51 - 2013-03-28 13:10 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-10 19:58 - 2013-05-26 21:13 - 00001037 _____ () C:\Users\Kerstin(1)\Desktop\Dropbox.lnk
2015-05-10 19:58 - 2013-05-26 21:11 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-10 16:43 - 2012-12-09 12:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\DoNotTrackPlus
2015-05-10 10:03 - 2014-05-17 16:56 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-09 15:48 - 2015-01-24 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-09 15:13 - 2012-04-06 17:17 - 00000000 ____D () C:\Users\Michael
2015-05-08 15:01 - 2014-05-17 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-08 15:01 - 2014-05-17 16:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-08 13:28 - 2013-09-01 11:12 - 00000000 ____D () C:\Users\Antonia\AppData\Roaming\Skype
2015-05-08 13:18 - 2015-02-22 15:52 - 00000000 ____D () C:\Users\Antonia\AppData\Roaming\.minecraft
2015-05-05 17:45 - 2014-02-07 17:06 - 00000000 ____D () C:\Users\BENJAMIN.ABKM-2012\AppData\Roaming\.minecraft
2015-05-03 19:29 - 2008-09-14 11:36 - 00000000 ____D () C:\Users\Michael\Documents\WISO Mein Geld
2015-05-03 17:59 - 2013-09-01 11:21 - 00000000 ____D () C:\Users\Antonia\Documents\Outlook-Dateien
2015-05-03 14:39 - 2011-05-24 16:40 - 00000000 ____D () C:\Users\Michael\Documents\Mein Steuer-Sparbuch Heute
2015-05-02 18:01 - 2011-07-11 11:54 - 00000000 ____D () C:\ProgramData\Skype
2015-05-02 17:59 - 2012-04-11 20:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-02 17:58 - 2012-04-11 20:20 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-02 17:58 - 2011-07-11 12:28 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-01 15:57 - 2013-09-14 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-05-01 15:57 - 2012-11-30 11:52 - 00001620 _____ () C:\Users\Michael\Desktop\DivX Movies.lnk
2015-05-01 15:57 - 2012-06-03 18:53 - 00000000 ____D () C:\Program Files (x86)\DivX
2015-05-01 15:57 - 2012-06-03 18:52 - 00000000 ____D () C:\ProgramData\DivX
2015-04-24 22:12 - 2012-06-08 16:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-20 14:46 - 2008-09-14 11:36 - 00000000 ____D () C:\Users\Michael\Documents\Wielandstrasse
2015-04-20 14:44 - 2015-04-12 23:27 - 00000000 ____D () C:\Users\Michael\Documents\Sentastr
2015-04-19 13:24 - 2012-04-11 19:39 - 00000000 ____D () C:\Users\Michael\Documents\Computer
2015-04-15 17:03 - 2014-12-12 08:57 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 17:03 - 2014-05-01 10:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 17:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 11:17 - 2014-01-18 17:19 - 01602852 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 11:06 - 2009-07-14 04:34 - 00000510 _____ () C:\Windows\win.ini

==================== Files in the root of some directories =======

2012-05-26 09:58 - 2014-11-08 15:44 - 0003258 _____ () C:\Users\Michael\AppData\Roaming\Rim.Desktop.Exception.log
2012-05-26 09:57 - 2013-09-08 15:08 - 0003361 _____ () C:\Users\Michael\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-05-26 09:58 - 2014-11-08 15:44 - 0000847 _____ () C:\Users\Michael\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-10-21 22:21 - 2014-11-08 15:44 - 0010010 _____ () C:\Users\Michael\AppData\Roaming\Rim.Transcoder.Exception.log
2015-04-10 20:51 - 2015-04-10 20:51 - 0190611 _____ () C:\Users\Michael\AppData\Local\4A594BA6_stp.CIS
2015-04-10 20:51 - 2015-04-10 20:51 - 0000290 _____ () C:\Users\Michael\AppData\Local\4A594BA6_stp.CIS.part
2015-04-10 20:49 - 2015-04-10 20:49 - 0385602 _____ () C:\Users\Michael\AppData\Local\5D515C96_stp.CIS
2015-04-10 20:49 - 2015-04-10 20:49 - 0000220 _____ () C:\Users\Michael\AppData\Local\5D515C96_stp.CIS.part
2015-04-10 20:51 - 2015-04-10 20:54 - 8437760 _____ () C:\Users\Michael\AppData\Local\784ED66F_stp.CIS
2015-04-10 20:51 - 2015-04-10 20:51 - 0000442 _____ () C:\Users\Michael\AppData\Local\784ED66F_stp.CIS.part
2012-04-13 19:18 - 2015-01-31 14:23 - 0026112 _____ () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-07 17:36 - 2014-12-07 17:36 - 0000017 _____ () C:\Users\Michael\AppData\Local\resmon.resmoncfg
2013-02-16 22:59 - 2013-02-16 22:59 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-11-24 07:21 - 2013-03-16 22:42 - 0002538 _____ () C:\ProgramData\ArcadeDeluxe5.log

Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\avgnt.exe
C:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9wafys.dll
C:\Users\Michael\AppData\Local\Temp\Quarantine.exe
C:\Users\Michael\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-09-01 12:28

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 15.05.2015, 07:38   #12
baeuerlein
 
Positiver Befall mit 4 Trojanern unter Windows7 #1 - Standard

Positiver Befall mit 4 Trojanern unter Windows7 #1



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2015 02
Ran by Michael at 2015-05-15 08:29:58
Running from C:\Users\Michael\Desktop\Trojan Tools
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3665776361-1376430445-3332247537-500 - Administrator - Disabled)
Antonia (S-1-5-21-3665776361-1376430445-3332247537-1005 - Limited - Enabled) => C:\Users\Antonia
BENJAMIN (S-1-5-21-3665776361-1376430445-3332247537-1009 - Limited - Enabled) => C:\Users\BENJAMIN.ABKM-2012
Gast (S-1-5-21-3665776361-1376430445-3332247537-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3665776361-1376430445-3332247537-1002 - Limited - Enabled)
Kerstin(1) (S-1-5-21-3665776361-1376430445-3332247537-1008 - Limited - Enabled) => C:\Users\Kerstin(1)
Michael (S-1-5-21-3665776361-1376430445-3332247537-1000 - Administrator - Enabled) => C:\Users\Michael

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: FireWall (Disabled) {753F9273-B322-2907-AC37-03D0F1702F22}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2weistein (HKLM-x32\...\{307702F6-FD2C-484A-8F2E-A1DCE85FD9CC}_is1) (Version:  - Brainmonster Studios)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3505 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Acronis*True*Image*Home 2012 (HKLM-x32\...\{243EF3E5-537D-4A15-8EE8-47D5473D9C73}Visible) (Version: 15.0.7133 - Acronis)
Acronis*True*Image*Home 2012 (x32 Version: 15.0.7133 - Acronis) Hidden
ActiveX контрола на Windows Live Mesh за отдалечени връзки (HKLM-x32\...\{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}) (Version: 15.4.5722.2 - Microsoft Corporation)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements (HKLM-x32\...\Adobe Photoshop Elements 1.0) (Version: 1.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe SVG Viewer (HKLM-x32\...\Adobe SVG Viewer) (Version: 1.0 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon Music (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
ANNO 1404 - Königsedition (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 3.10.0000 - Ubisoft)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10405 - ATI Technologies Inc.) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
AVM FRITZ!Box AddOn (IE) (HKLM-x32\...\{CEAD06D8-D033-4D2A-9328-AF49089E129F}) (Version: 1.7.0 - AVM Berlin)
AVM FRITZ!Box AddOn (IE) (x64) (HKLM\...\{EC3671D7-98AC-4951-8FFD-5556BE066137}) (Version: 1.7.0 - AVM Berlin)
AVM FRITZ!Box-Kindersicherung (HKLM-x32\...\{7497BB4F-CE23-47D4-B2CB-62548080F74F}) (Version: 4.2.3 - AVM Berlin)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research in Motion Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
clear.fi  (x32 Version: 1.5.3201_45059 - CyberLink Corp.) Hidden
clear.fi  (x32 Version: 9.0.9024 - CyberLink Corp.) Hidden
clear.fi (HKLM-x32\...\InstallShield_{37126D87-E4FD-4614-B908-A0BB7ECE3992}) (Version: 1.5.3318.35 - CyberLink Corp.)
clear.fi (x32 Version: 1.5.3318.35 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.05.3002 - Acer Incorporated)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Control ActiveX del Windows Live Mesh per a connexions remotes (HKLM-x32\...\{76C064E2-BB99-4453-8FDA-42BC01AD0734}) (Version: 15.4.5722.2 - Microsoft Corporation)
Control ActiveX Windows Live Mesh pentru conexiuni la distanță (HKLM-x32\...\{260E3D78-94E6-47EC-8E29-46301572BB1E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controle ActiveX do Windows Live Mesh para Conexões Remotas (HKLM-x32\...\{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Applications (HKLM-x32\...\Corel Applications) (Version:  - )
Corel PaintShop Pro X4 (HKLM-x32\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.345 - Corel Corporation)
Corel PaintShop Pro X4 (x32 Version: 14.1.0.5 - Corel Corporation) Hidden
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Jagd nach dem blauen Kristall (HKLM-x32\...\Die Jagd nach dem blauen Kristall) (Version:  - )
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC)
Dropbox (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Elevated Installer (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Etron USB3.0 Host Controller (x32 Version: 0.106 - Etron Technology) Hidden
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.0.8 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.0.8 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free Audio CD Burner version 2.0.24.827 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: 2.0.24.827 - DVDVideoSoft Ltd.)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free Audio Converter version 5.0.27.725 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.27.725 - DVDVideoSoft Ltd.)
Free Disc Burner version 3.0.18.1212 (HKLM-x32\...\Free Disc Burner_is1) (Version: 3.0.18.1212 - DVDVideoSoft Ltd.)
Free DVD Video Converter version 2.0.15.1125 (HKLM-x32\...\Free DVD Video Converter_is1) (Version: 2.0.15.1125 - DVDVideoSoft Ltd.)
Free MP4 Video Converter version 5.0.46.820 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.46.820 - DVDVideoSoft Ltd.)
Free Studio version 6.5.0.324 (HKLM-x32\...\Free Studio_is1) (Version: 6.5.0.324 - DVDVideoSoft Ltd.)
Free Video Call Recorder for Skype version 1.2.8.1230 (HKLM-x32\...\Free Video Call Recorder for Skype_is1) (Version: 1.2.8.1230 - DVDVideoSoft Ltd.)
Free Video Dub version 2.0.21.827 (HKLM-x32\...\Free Video Dub_is1) (Version: 2.0.21.827 - DVDVideoSoft Ltd.)
Free Video Flip and Rotate version 2.1.9.822 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 2.1.9.822 - DVDVideoSoft Ltd.)
Free Video to Android Converter version 5.0.32.1230 (HKLM-x32\...\Free Video to Android Converter_is1) (Version: 5.0.32.1230 - DVDVideoSoft Ltd.)
Free Video to DVD Converter version 5.0.45.716 (HKLM-x32\...\Free Video to DVD Converter_is1) (Version: 5.0.45.716 - DVDVideoSoft Ltd.)
Free Video to iPod Converter version 5.0.27.725 (HKLM-x32\...\Free Video to iPod Converter_is1) (Version: 5.0.27.725 - DVDVideoSoft Ltd.)
Free Video to Samsung Phones Converter version 5.0.32.1230 (HKLM-x32\...\Free Video to Samsung Phones Converter_is1) (Version: 5.0.32.1230 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.20.1230 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.20.1230 - DVDVideoSoft Ltd.)
Free YouTube to DVD Converter version 3.1.13.925 (HKLM-x32\...\Free YouTube to DVD Converter_is1) (Version: 3.1.13.925 - DVDVideoSoft Ltd.)
Free YouTube to iPhone Converter version 2.12.20.1230 (HKLM-x32\...\Free YouTube to iPhone Converter_is1) (Version: 2.12.20.1230 - DVDVideoSoft Ltd.)
Free YouTube to iPod Converter version 3.11.12.827 (HKLM-x32\...\Free YouTube to iPod Converter_is1) (Version: 3.11.12.827 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.50.1111 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1111 - DVDVideoSoft Ltd.)
FRITZ!DSL64 (HKLM\...\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}) (Version: 2.04.03 - AVM Berlin)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin City Navigator Europe NT 2013.10 Update (HKLM-x32\...\{EC28FA6E-E38D-4F72-80EF-1FBE66B05668}) (Version: 16.10.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2014.30 Update (HKLM-x32\...\{F956C0BB-D2FA-4BA5-80D7-AC08E7CD611B}) (Version: 17.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2015.40 (HKLM-x32\...\{04B2E836-EF35-438B-89B8-59F484090283}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Gpg4win (2.1.1) (HKLM-x32\...\GPG4Win) (Version: 2.1.1 - The Gpg4win Project)
Horse Life (HKLM-x32\...\Horse Life_is1) (Version:  - )
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Acer Incorporated)
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (HKLM\...\{0A8BEF69-0DD7-4A8F-9AED-0CB91BEBCB58}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Hilfe (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Product Detection (HKLM-x32\...\{42D10994-A566-495D-A5E7-D0C6B5C6B35C}) (Version: 11.14.0006 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ICA (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
IPM_PSP_COM (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.3.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.3.0 - )
Kontrola Windows Live Mesh ActiveX za daljinske veze (HKLM-x32\...\{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}) (Version: 15.4.5722.2 - Microsoft Corporation)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
LEGO® Batman™ 2: DC Super Heroes (HKLM-x32\...\{4E2EA555-3DAE-4BE1-96BF-6A632ACFE8DE}) (Version: 1.0.0.0 - Warner Bros. Interactive Entertainment)
LEGO® Star Wars™: Die Komplette Saga (HKLM-x32\...\InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}) (Version: 1.00.0000 - LucasArts)
LEGO® Star Wars™: The Complete Saga (x32 Version: 1.00.0000 - LucasArts) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Marketsplash Schnellzugriffe (HKLM-x32\...\{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}) (Version: 1.0.1.7 - Hewlett-Packard)
Matrix Code Emulator 1.50 (HKLM-x32\...\Matrix Code Emulator_is1) (Version:  - Reality Rift Studios)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4517.1509 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WorldWide Telescope (HKLM-x32\...\{02E7492D-C46F-4A34-A197-D1C3F19A1F4A}) (Version: 5.0.3 - Microsoft Research)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\MyFreeCodec) (Version:  - )
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.15 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.15 - Egis Technology Inc.) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10800.6.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4517.1509 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4517.1509 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4517.1509 - Microsoft Corporation) Hidden
OTR Homeloader 1.5.8.146 (HKLM-x32\...\OTR Homeloader) (Version: 1.5.8.146 - © onlinetvrecorder.com)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM-x32\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}) (Version: 15.4.5722.2 - Microsoft Corporation)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Pearl Harbor: Fire on the Water (x32 Version: 2.2.0.110 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Pflanzen gegen Zombies (HKLM-x32\...\Pflanzen gegen Zombies) (Version:  - PopCap Games)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PonyGirl2 (HKLM-x32\...\PonyGirl2) (Version:  - )
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.10 - ProtectDisc Software GmbH)
PSPPContent (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
PSPPro64 (Version: 14.0.0.345 - Corel Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6242 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.1.1.11124_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.1.1.11124_17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Setup (x32 Version: 14.0.0.345 - Ihr Firmenname) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Snapfish Fotobuch (HKLM-x32\...\Snapfish Fotobuch) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Space Fighters 3D (HKLM-x32\...\SpaceFighters3D) (Version: 1.0D - Anders und Seim Neue Medien AG)
SPEEDLINK Strike 2 Gamepad (HKLM-x32\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.08.17 - )
Sweet Home 3D version 4.6 (HKLM\...\Sweet Home 3D_is1) (Version:  - eTeks)
TKKG16 (HKLM-x32\...\TKKG16) (Version: Das unheimliche Zimmer" - Tivola Development GmbH)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Urruneko konexioetarako Windows Live Mesh ActiveX kontrola (HKLM-x32\...\{7BA6DF02-B094-45D7-A3C9-BE3684253922}) (Version: 15.4.5722.2 - Microsoft Corporation)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (x32 Version: 4.0.10.2 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wireshark 1.12.4 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.4 - The Wireshark developer community, hxxp://www.wireshark.org)
WISO Mein Geld 2014 Standard (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\WISO Mein Geld 2014 Standard) (Version:  - Buhl Data Service GmbH)
WISO Mein Geld 2014 Standard (x32 Version: 16.0.1.0 - Buhl Data Service GmbH) Hidden
WISO Steuer-Sparbuch 2012 (HKLM-x32\...\{0CC1DAFB-40C8-4903-953D-471E541477C7}) (Version: 19.03.7334 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{1A51972F-7455-4EF7-9B62-FAF851E0BE13}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{D31520BA-35B4-41A9-A176-6A69F6BDB046}) (Version: 22.02.8861 - Buhl Data Service GmbH)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย) (HKLM-x32\...\{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-05-14 10:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06BD7732-AC4C-4D89-885B-23BA3DE7A669} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0FE833D6-1CC1-4D33-AD84-2DA4D5B307D0} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {13EDDADF-414A-4208-8B6A-08C5B5F9D110} - System32\Tasks\{AFE53008-C007-408D-AC1A-522FF6694D9D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{D596980D-17BE-4425-B8F0-5640719AADE9}\setup.exe" -c -runfromtemp -l0x0407
Task: {15080E1E-897B-4116-AC0B-A04DB15A74F3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {201022E4-9FC8-42D8-856E-97E0A2D248B6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-08-13] (Microsoft Corporation)
Task: {2BDB76D0-55AF-4A26-BD8B-612E7E9CE036} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {2F8C7232-6B89-4A83-A839-009522724610} - System32\Tasks\{BCA64A62-A2F0-4023-9FE4-D9BF2DD0AAB7} => pcalua.exe -a "C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2238UOIF\avm_fritz!wlan_usb_stick_x64_build_100906.exe" -d C:\Users\Michael\Desktop
Task: {38C5C3F5-7303-41FE-AA18-D55BF2CFDBF4} - System32\Tasks\hpUtility.exe_{9189978C-8FF7-42B9-8AE7-F38CEBEA73B8} => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\utils\hpUtility.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {415E614A-8D00-4D17-B889-DB9A42C89CC3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-02] (Adobe Systems Incorporated)
Task: {49735EFF-FBBD-4D0C-A45D-58A85253DDB6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-08-13] (Microsoft Corporation)
Task: {5C5FE30A-AAA1-4C2E-AD79-30544C05DA33} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {6453F120-7242-41F6-A713-3EB92534A46C} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-10-12] (CyberLink)
Task: {6E263B84-6926-4989-BDD9-4979DC4D5614} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {7F8039A3-75EC-4376-8A96-CB13A28A4989} - System32\Tasks\{77A7DFBC-3C5C-48ED-A38F-6DEC9589FD7E} => pcalua.exe -a E:\Driver\setup.exe -d E:\Driver
Task: {85E724A5-C5C5-435F-9201-631A24F3514B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-06-09] (Microsoft Corporation)
Task: {AA4AA929-BC40-4A19-BB5F-40006A45D073} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2012-09-18] (Acer Incorporated)
Task: {B2AF022D-4264-4CA8-A432-4D08941B54DD} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {B39F4286-CB41-4E8B-A96C-9ECCDF09CFFF} - System32\Tasks\{21BF5564-D73B-44F0-B06A-09046295D728} => pcalua.exe -a E:\setup.exe -d E:\
Task: {B7B67FE5-1CFE-41C2-8E99-8764874A0FAE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {E3CC3F58-509D-42BD-AD54-2D2F937A5B0E} - System32\Tasks\Microsoft_Hardware_Launch_vVX6000_exe => C:\Windows\vVX6000.exe [2010-05-20] (Microsoft Corporation
)
Task: {ECC392DF-FFA3-4336-B2D6-8D41460E2B8B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {F0DE2495-7482-4D61-971A-AA04E7CFBF8E} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2012-09-18] (CyberLink Corp.)
Task: C:\Windows\Tasks\Adobe Acrobat Update Task.job => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf89f1fda08b48.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfeadeb7541613.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfff7a2e6aa93.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d041e914e2aa29.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-01-12 14:42 - 2006-02-23 12:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2013-01-12 14:42 - 2006-02-22 11:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-28 18:50 - 2013-05-28 18:50 - 00218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-01-02 19:00 - 2014-12-08 08:27 - 06277952 _____ () C:\Users\Michael\AppData\Local\Amazon Music\Amazon Music Helper.exe
2013-11-17 13:21 - 2014-07-02 10:13 - 01427736 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
2011-08-11 05:58 - 2011-08-11 05:58 - 00627304 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-04-28 17:51 - 2013-06-20 13:03 - 00386216 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-04-28 17:51 - 2013-06-09 16:05 - 00518824 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-04-28 17:51 - 2013-06-09 16:05 - 00612520 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-05-28 18:44 - 2013-05-28 18:44 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2013-05-28 18:42 - 2013-05-28 18:42 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2013-05-28 18:41 - 2013-05-28 18:41 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2013-05-28 18:44 - 2013-05-28 18:44 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2013-05-28 18:45 - 2013-05-28 18:45 - 00627712 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 09789208 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 00035608 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 00309016 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 00322840 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2013-11-17 13:20 - 2014-07-02 10:14 - 03880216 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 00136472 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 02738456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 02116376 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01932568 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 04326168 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll
2013-11-17 13:20 - 2014-02-11 12:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll
2013-11-17 13:20 - 2014-02-11 12:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll
2013-11-17 13:20 - 2014-02-11 12:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01564952 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 05291288 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01698584 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01809688 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01627928 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01117976 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01341208 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01309464 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 07340824 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01286936 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01331480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll
2015-05-15 08:18 - 2015-05-15 08:18 - 00043008 _____ () c:\users\michael\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9wafys.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-05-15 08:16 - 2015-05-15 08:16 - 00098816 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\win32api.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00110080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\pywintypes27.dll
2015-05-15 08:16 - 2015-05-15 08:16 - 00364544 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\pythoncom27.dll
2015-05-15 08:16 - 2015-05-15 08:16 - 00045568 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\_socket.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 01161216 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\_ssl.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00320512 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\win32com.shell.shell.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00713216 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\_hashlib.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 01175040 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\wx._core_.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00805888 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\wx._gdi_.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00811008 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\wx._windows_.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 01062400 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\wx._controls_.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00735232 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\wx._misc_.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00682496 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\pysqlite2._sqlite.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00128512 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\_elementtree.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00127488 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\pyexpat.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00087552 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\_ctypes.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00119808 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\win32file.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00108544 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\win32security.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00007168 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\hashobjs_ext.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00017408 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\usb_ext.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00167936 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\win32gui.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00018432 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\win32event.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00013824 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\common.time34.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00036864 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\_psutil_windows.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00038912 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\win32inet.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00011264 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\win32crypt.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00070656 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\wx._html2.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00027136 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\_multiprocessing.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00020480 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\_yappi.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00035840 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\win32process.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00686080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\unicodedata.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00122368 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\wx._wizard.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00024064 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\win32pipe.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00010240 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\select.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00025600 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\win32pdh.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00525640 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\windows._lib_cacheinvalidation.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00017408 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\win32profile.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00022528 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\win32ts.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00078336 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\wx._animate.pyd
2011-08-11 05:57 - 2011-08-11 05:57 - 00151656 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2012-06-28 16:58 - 2012-06-28 16:58 - 00435584 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
2014-10-15 21:15 - 2014-10-15 21:15 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2011-11-24 07:12 - 2010-11-06 00:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\bayer.com -> hxxps://mymail.bayer.com

IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\123simsen.com -> www.123simsen.com

There are 6845 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{C9D242DC-25AF-4AF2-BB94-DAB940B3A60D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3C47A78D-7CCA-4D2E-A2B7-E41DEC3FB628}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{EF2AD903-CA8A-48B8-BA8D-AC8AF551734A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{7E9724D4-BBC2-4F08-A50C-B5CB49993F4A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9597C05A-1907-40A9-B1FA-916B94D1DCED}] => (Allow) LPort=2869
FirewallRules: [{600BA4A8-53A4-488A-A939-FD6B7E5939A7}] => (Allow) LPort=1900
FirewallRules: [{ED91579B-7073-4D88-BAA2-EF8754A652D9}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{388D3D32-53CD-44B6-9323-AB004EF5B290}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8FE7A59D-113B-4438-84C0-B111496F1CD5}] => (Allow) E:\fsetup.exe
FirewallRules: [{95FE17A3-C1D4-4425-88B5-F0028D7C06FF}] => (Allow) E:\fsetup.exe
FirewallRules: [{E759168D-02CB-4F7F-9789-A00E3C4C33ED}] => (Allow) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
FirewallRules: [{0DF8F296-597C-48D1-9378-706B92E8C884}] => (Allow) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
FirewallRules: [{04364AA0-AAC0-4CA3-9F35-373342E92752}] => (Allow) C:\Program Files\FRITZ!DSL\FBOXUPD.EXE
FirewallRules: [{9B275731-692F-439E-AFEB-1BADAB356C7A}] => (Allow) C:\Program Files\FRITZ!DSL\FBOXUPD.EXE
FirewallRules: [{176F6BD2-E313-4ACD-A144-59FD12CB2D72}] => (Allow) C:\Program Files\FRITZ!DSL\WebwaIgd.exe
FirewallRules: [{C2678EC3-1C35-4B04-B92C-D01FF239B191}] => (Allow) C:\Program Files\FRITZ!DSL\WebwaIgd.exe
FirewallRules: [{71DF01A8-3686-4D06-BEF4-56CDDFDB8AD3}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{763B9429-FF6F-4D99-BA7E-7E69B5EC8DB1}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{82F39FD0-930D-404E-8527-E4DE962866CE}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{D1A32A56-F835-4D22-9FB1-43F39DF56B9E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{0F0DEA32-5E0E-476B-B6F1-F125CB2BE877}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{E2F8D7EF-B881-4C99-9F39-22E35427B00C}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{3861C9F6-A5B8-4F20-B2DB-1E495564DB20}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{0500228A-C9AA-4EBD-9AD2-48446376E7F4}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{ADC8774B-A50A-43FC-B580-A6417F7DE597}] => (Allow) LPort=4481
FirewallRules: [{FE9A06C4-46CD-4772-8F35-BA3C46DBE2A1}] => (Allow) LPort=4481
FirewallRules: [{52BB8DF9-6381-4CC4-A793-831E1E6004BE}] => (Allow) LPort=4482
FirewallRules: [{3B34CFC9-0B67-49DC-9234-4E72BE801B5F}] => (Allow) LPort=4482
FirewallRules: [{E455E453-8EF5-4C02-B3B4-421ABC807F65}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{03E17A5A-B0CC-47E9-BAD5-C75A8C7C44B1}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{8DAE088C-D404-415E-8926-2F3507A41FA6}] => (Allow) LPort=4481
FirewallRules: [{568F1D79-2097-4DE4-BAD1-3B94093A530A}] => (Allow) LPort=4481
FirewallRules: [{EFDA4574-D805-45A3-89F3-730FDE578304}] => (Allow) LPort=4482
FirewallRules: [{69B928F6-04A0-4298-9B3C-6B7ACC7A6EC9}] => (Allow) LPort=4482
FirewallRules: [{D2E880E5-AEA1-46ED-898A-6A869E77B66D}] => (Allow) C:\Users\Michael\AppData\Local\Temp\_ISTMP3.DIR\_ISTMP0.DIR\igd_finder.exe
FirewallRules: [{3C4EA169-3582-4139-8D9E-B2289F585402}] => (Allow) C:\Users\Michael\AppData\Local\Temp\_ISTMP3.DIR\_ISTMP0.DIR\igd_finder.exe
FirewallRules: [{25DCF301-824F-4AAC-B756-B424AF758F22}] => (Allow) LPort=5031
FirewallRules: [{017C46D6-584C-4DA9-8532-7E57F5ACFF03}] => (Allow) C:\Users\Michael\AppData\Local\Temp\_ISTMP3.DIR\_INS5576._MP
FirewallRules: [{6C07132D-B959-40B0-A5E1-9381AB7B1C9C}] => (Allow) C:\Users\Michael\AppData\Local\Temp\_ISTMP3.DIR\_INS5576._MP
FirewallRules: [{8B142A97-0976-4D90-9368-DA57B6AAC677}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS5804\HPDiagnosticCoreUI.exe
FirewallRules: [{73889DA0-43A0-46C8-8CE2-901C1480D76B}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS5804\HPDiagnosticCoreUI.exe
FirewallRules: [{12064533-AE2E-4FD1-A04D-84761BD33E69}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS5961\hppiw.exe
FirewallRules: [{76FB54EB-A124-4BBB-BB3B-3FCE364671B7}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS5961\hppiw.exe
FirewallRules: [{12C49088-AC2B-41B3-9A8B-17329787105A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\FaxApplications.exe
FirewallRules: [{7D58C282-6184-40FA-B1E9-B88575459B1A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\DigitalWizards.exe
FirewallRules: [{51E6148A-6E4C-47FF-BA1B-B903F393D5AE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\SendAFax.exe
FirewallRules: [{7D085111-33A0-411D-A569-C9CA20B02D8A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe
FirewallRules: [{6A16B531-25B3-488F-80A0-42725A2DC96D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
FirewallRules: [{7D309AEE-D794-48BE-8F17-4615E3611BCD}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{B6323A56-ED26-4469-B3C2-FC140CE56DB0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{85BCD67E-C592-4F48-8988-FC32AC54D0D9}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{2F0214AC-E971-4A23-A7CA-81578925B65F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{F17E1B7C-2E36-47E8-AD0C-EA00A86910AA}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{2BBE5713-307F-4357-9FCA-95BCD3CBA5FE}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{81C86BF7-1306-48BB-9818-DD02A255512B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{9F570D08-D86B-4AE3-B9B4-C4F87AD1C4DF}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{EEE78BE8-8619-4972-BAD8-1C7F4D12C781}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{3B2F7565-7D7C-4780-8E4D-8743DEF9B36A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
FirewallRules: [{198864CE-CD10-4C99-BED4-2F4776406330}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\PlayMovie.exe
FirewallRules: [{CCBD6139-73A0-4808-941A-6A9AF6C22291}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{835101D6-156A-4027-B96D-9B62E562C48B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{6841C0F7-C1CD-44B5-84D4-4B980436EAA3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{E1732156-0092-4927-BEC2-CC4B98FD19F3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{8F42CF1E-43AE-4340-933F-B5B8B8949180}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{8828AAC2-9F98-41C5-B32B-24283D063037}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D6C4729D-BC9D-4EEE-8AD0-6303381D8574}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B0920B14-F1C9-405B-91FA-D9933AA65A04}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5B174C98-464A-433E-964D-8A5EE9C9E8EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E0957D46-DACD-4A59-AC15-A24D0DCBE9BE}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{92AE468D-DCF2-46CB-9BE5-354E1664C7C8}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{C24C8CBE-BC4D-4E17-A37E-CEA09DFA0A25}] => (Allow) C:\Users\Kerstin(1)\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{620AE8BA-C9EA-419E-94E0-00DECB5E0E06}] => (Allow) C:\Users\Kerstin(1)\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2CD4582C-2903-4A96-9401-AFEEA51CDB50}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{033B7368-8B98-4E99-A12E-5816EF7B5FCE}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{F09D235F-1111-4387-8B6A-CE939F3E0E6A}] => (Allow) C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe
FirewallRules: [{B38F3C9A-2096-469C-A305-21D6861FF3F7}] => (Allow) C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe
FirewallRules: [{F304595D-4C61-4B9A-BCE0-9FE19F073B2C}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Anno4.exe
FirewallRules: [{8CBC0F82-BF4E-4EC0-AC68-E3001567775A}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Anno4.exe
FirewallRules: [{3011FF30-5F17-48F9-8C84-3A4777535953}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Addon.exe
FirewallRules: [{FF96BB1B-558F-4990-91C8-4E4D2FA10254}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Addon.exe
FirewallRules: [{BFADD09D-72E5-4D79-8A44-B9A9645DBE87}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Anno4Web.exe
FirewallRules: [{BD150C6E-CDA3-4003-8A04-D98BE435618B}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Anno4Web.exe
FirewallRules: [{1512ADE2-6EFF-4D45-AD57-E9C5B220CA9D}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\AddonWeb.exe
FirewallRules: [{0130F6AD-FCE5-4E61-AD27-28B65163BFBC}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\AddonWeb.exe
FirewallRules: [{A77FEDFE-05A2-4A41-881B-EA2F378975D5}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Benchmark.exe
FirewallRules: [{A2C7781F-3A84-4476-980A-0B6CB2776ECE}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Benchmark.exe
FirewallRules: [{936CDF9C-21B0-49EC-B52D-F997BC42AABE}] => (Allow) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FCF49220-9855-4FD5-9828-6E734E926362}] => (Allow) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{2A51E31E-0825-4364-93A9-53B3111D4BEE}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{1DB5141C-2C7E-40E7-BD66-913BD4598F23}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{44CE2C93-06B4-46AF-AADB-422B81A0DAFB}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{BBD53D6A-1025-4870-B795-89896280248E}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{5238C553-D394-4075-9D3E-8D225137B983}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CF0DE276-C226-4232-A414-96F068B790DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{0A88D139-9D09-470A-B142-4F89F58DC8DF}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{7676DAC4-29C8-43B0-A342-7F48B24E1E83}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{BF9CF787-F1FD-4435-A239-8C46C3F0CF24}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{EC599DB0-83EE-44E2-B26A-DEBC3D01BEA9}C:\users\antonia\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\antonia\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{CAD62162-5C9A-4470-B683-DAED6BCB517A}C:\users\antonia\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\antonia\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{4A35D0C8-FFFB-40F6-95B1-B55D33815992}C:\users\kerstin(1)\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kerstin(1)\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{8F250A55-1BAA-45AF-A210-774AAC9CD52F}C:\users\kerstin(1)\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kerstin(1)\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{EA8692AD-A1CC-4676-AD47-FC393025FDAF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{1492FE07-7953-40AC-BCAE-81D5DE405213}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{BF0841E8-53A8-49B3-9686-0C30823FFDAC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Officejet Pro 8500 A910
Description: Officejet Pro 8500 A910
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Officejet Pro 8500 A910
Description: Officejet Pro 8500 A910
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/15/2015 08:28:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 14.5.2015.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1ca4

Startzeit: 01d08ed802619cbc

Endzeit: 20

Anwendungspfad: C:\Users\Michael\Desktop\Trojan Tools\FRST64.exe

Berichts-ID: 921bf3bf-facb-11e4-b5e2-bc05430c7d61

Error: (05/15/2015 08:18:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/15/2015 08:17:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: StCenter.exe, Version: 2.4.3.0, Zeitstempel: 0x4a5ddb4b
Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161, Zeitstempel: 0x4dace4e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000036ede
ID des fehlerhaften Prozesses: 0xa20
Startzeit der fehlerhaften Anwendung: 0xStCenter.exe0
Pfad der fehlerhaften Anwendung: StCenter.exe1
Pfad des fehlerhaften Moduls: StCenter.exe2
Berichtskennung: StCenter.exe3

Error: (05/15/2015 08:15:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_DiagTrack, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8bfa
Ausnahmecode: 0xc000000d
Fehleroffset: 0x000000000006ec12
ID des fehlerhaften Prozesses: 0x8f4
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_DiagTrack0
Pfad der fehlerhaften Anwendung: svchost.exe_DiagTrack1
Pfad des fehlerhaften Moduls: svchost.exe_DiagTrack2
Berichtskennung: svchost.exe_DiagTrack3

Error: (05/14/2015 10:17:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2015 01:55:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_DiagTrack, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8bfa
Ausnahmecode: 0xc000000d
Fehleroffset: 0x000000000006ec12
ID des fehlerhaften Prozesses: 0x984
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_DiagTrack0
Pfad der fehlerhaften Anwendung: svchost.exe_DiagTrack1
Pfad des fehlerhaften Moduls: svchost.exe_DiagTrack2
Berichtskennung: svchost.exe_DiagTrack3

Error: (05/14/2015 11:09:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2015 10:57:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2015 10:57:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: StCenter.exe, Version: 2.4.3.0, Zeitstempel: 0x4a5ddb4b
Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161, Zeitstempel: 0x4dace4e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000036ede
ID des fehlerhaften Prozesses: 0xe0c
Startzeit der fehlerhaften Anwendung: 0xStCenter.exe0
Pfad der fehlerhaften Anwendung: StCenter.exe1
Pfad des fehlerhaften Moduls: StCenter.exe2
Berichtskennung: StCenter.exe3

Error: (05/14/2015 10:52:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_DiagTrack, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8bfa
Ausnahmecode: 0xc000000d
Fehleroffset: 0x000000000006ec12
ID des fehlerhaften Prozesses: 0x8e8
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_DiagTrack0
Pfad der fehlerhaften Anwendung: svchost.exe_DiagTrack1
Pfad des fehlerhaften Moduls: svchost.exe_DiagTrack2
Berichtskennung: svchost.exe_DiagTrack3


System errors:
=============
Error: (05/15/2015 08:17:30 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/15/2015 08:16:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Garmin Device Interaction Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/15/2015 08:16:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Device Interaction Service erreicht.

Error: (05/15/2015 08:15:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Diagnostics Tracking Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/15/2015 08:15:08 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (05/15/2015 08:14:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/15/2015 08:14:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Email-Schutz" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (05/15/2015 08:14:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Microsoft Office-Dienst" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (05/15/2015 08:14:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/15/2015 08:14:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Acronis Nonstop Backup Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (05/15/2015 08:28:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe14.5.2015.21ca401d08ed802619cbc20C:\Users\Michael\Desktop\Trojan Tools\FRST64.exe921bf3bf-facb-11e4-b5e2-bc05430c7d61

Error: (05/15/2015 08:18:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/15/2015 08:17:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: StCenter.exe2.4.3.04a5ddb4bMSVCR90.dll9.0.30729.61614dace4e7c00000050000000000036edea2001d08ed6b7301a98C:\Program Files\FRITZ!DSL\StCenter.exeC:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCR90.dll071fb412-faca-11e4-b5e2-c89cdc6e0522

Error: (05/15/2015 08:15:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18839553e8bfac000000d000000000006ec128f401d08e82d2318fd4C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dllbf51fe50-fac9-11e4-b6e6-bc05430c7d61

Error: (05/14/2015 10:17:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2015 01:55:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18839553e8bfac000000d000000000006ec1298401d08e2568b3600fC:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll2dc6b1dc-fa30-11e4-b7c2-bc05430c7d61

Error: (05/14/2015 11:09:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2015 10:57:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2015 10:57:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: StCenter.exe2.4.3.04a5ddb4bMSVCR90.dll9.0.30729.61614dace4e7c00000050000000000036edee0c01d08e239f273fc2C:\Program Files\FRITZ!DSL\StCenter.exeC:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCR90.dll3653feff-fa17-11e4-a6a2-bc05430c7d61

Error: (05/14/2015 10:52:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18839553e8bfac000000d000000000006ec128e801d08e20e635b203C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll9765d4a3-fa16-11e4-a546-bc05430c7d61


CodeIntegrity Errors:
===================================
  Date: 2015-05-14 10:15:32.954
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-14 10:15:32.894
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-12-30 22:58:28.892
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-12-30 22:58:28.817
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-12-30 22:58:26.548
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-12-30 22:58:26.472
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-12-30 22:58:24.288
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-12-30 22:58:24.213
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-12-30 22:58:22.059
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-12-30 22:58:21.995
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 52%
Total physical RAM: 4078.01 MB
Available physical RAM: 1952.55 MB
Total Pagefile: 8154.22 MB
Available Pagefile: 5483.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:455.45 GB) (Free:78.51 GB) NTFS
Drive d: (DATA) (Fixed) (Total:455.96 GB) (Free:238.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D991B2E7)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=456 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 15.05.2015, 19:00   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Positiver Befall mit 4 Trojanern unter Windows7 #1 - Standard

Positiver Befall mit 4 Trojanern unter Windows7 #1




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.05.2015, 11:43   #14
baeuerlein
 
Positiver Befall mit 4 Trojanern unter Windows7 #1 - Standard

Positiver Befall mit 4 Trojanern unter Windows7 #1



Der Treffer ist laut Chip kein echter - richtig?

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=b2e9e712389fcc4ea43a9d5c2227c672
# engine=23873
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-16 09:30:44
# local_time=2015-05-16 11:30:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 58330652 183398494 0 0
# scanned=493451
# found=1
# cleaned=0
# scan_time=12770
sh=806FA1B8E8FC5A1F0F002D8DA7CEF8EB17C03005 ft=1 fh=1c0e9861a3c02879 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michael\Desktop\Antivir Rescue\Avira RegCleaner - CHIP-Installer.exe"
         
Code:
ATTFilter
 Results of screen317's Security Check version 1.001  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 JavaFX 2.1.1    
 Java 8 Update 31  
 Java version 32-bit out of Date! 
 Adobe Flash Player 17.0.0.169  
 Adobe Reader XI  
 Mozilla Firefox (38.0.1) 
 Google Chrome (42.0.2311.135) 
 Google Chrome (42.0.2311.152) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015
Ran by Michael (administrator) on ABKM-2012 on 16-05-2015 12:32:12
Running from C:\Users\Michael\Desktop\Trojan Tools
Loaded Profiles: Michael (Available profiles: Michael & Antonia & Kerstin(1) & BENJAMIN)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation
) C:\Windows\vVX6000.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Users\Michael\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
(Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Seal One AG) C:\Users\Michael\AppData\Local\Temp\Seal One\SealOne.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeNotify.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-11] (Realtek Semiconductor)
HKLM\...\Run: [VX6000] => C:\Windows\vVX6000.exe [764784 2010-05-20] (Microsoft Corporation
)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403144 2012-06-28] (Acronis)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [188944 2012-09-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-11] ()
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5955088 2012-06-28] (Acronis)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1171336 2012-06-28] (Acronis)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-04-08] (DivX, LLC)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-01-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [OTR Homeloader] => C:\Program Files (x86)\OTRHomeloader\OTRHomeloader.exe [3567616 2014-02-28] (© onlinetvrecorder.com)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2015-01-14] (Samsung)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1565504 2015-01-14] (Samsung)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-24] (Google Inc.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [SealOne] => C:\Users\Michael\AppData\Roaming\Seal One\SealOne.exe [281080 2014-09-26] (Seal One AG)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [Amazon Music] => C:\Users\Michael\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe [927920 2015-05-02] (Adobe Systems Incorporated)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2012-04-12]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Kerstin(1)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-05-26]
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Kerstin(1)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Netzwerk).lnk [2013-02-22]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-10-31]
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk [2012-04-06]
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Users\Michael\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe ()
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk [2012-04-14]
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012-05-17]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Kopie 1).lnk [2013-02-16]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Kopie 1).lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
GroupPolicyUsers\S-1-5-21-3665776361-1376430445-3332247537-1009\User: Group Policy Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3665776361-1376430445-3332247537-1005\User: Group Policy Restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000 -> DefaultScope {96823B65-B9E8-404A-AFE9-A36A99662E05} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000 -> {96823B65-B9E8-404A-AFE9-A36A99662E05} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2013-07-09] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: FRITZ!Box Addon BHO -> {C0C86BBE-9509-4296-8459-FDBFDAF4B673} -> C:\Program Files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll [2012-12-11] (AVM Berlin)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2013-08-13] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: FRITZ!Box Addon BHO -> {C0C86BBE-9509-4296-8459-FDBFDAF4B673} -> C:\Program Files (x86)\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll [2012-12-11] (AVM Berlin)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab
Handler-x32: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax [2011-10-20] (ACE GmbH)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2013-04-28] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8gcu6wpb.default-1421500931064
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-02] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-02] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-07-09] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @protectdisc.com/NPMPDRM -> C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll [2011-10-11] ( )
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll [2012-11-02] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-02-06] (Apple Inc.)
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8gcu6wpb.default-1421500931064\Extensions\2020Player_IKEA@2020Technologies.com [2015-03-21]
FF Extension: Bitdefender QuickScan - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8gcu6wpb.default-1421500931064\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2015-05-08]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8gcu6wpb.default-1421500931064\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-04-10]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-16]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-06-01]

Chrome: 
=======
CHR DefaultSearchKeyword: Default -> search.snapdo.com
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-28]
CHR Extension: (Skype Click to Call) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-07-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-28]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-01]
CHR HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Michael\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-01-24]
CHR HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-03-15] (Adobe Systems) [File not signed]
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-12] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 avmident; C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe [76288 2011-09-27] (AVM Berlin) [File not signed]
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-05-28] () [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-09] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-25] (AVM Berlin)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-10-30] () [File not signed]
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-25] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 VX6000; C:\Windows\System32\DRIVERS\VX6000Xp.sys [2143600 2010-05-20] (Microsoft Corporation
)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-16 07:52 - 2015-05-16 07:52 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-16 07:41 - 2015-05-16 07:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-16 07:22 - 2015-05-16 07:22 - 00000022 _____ () C:\Windows\S.dirmngr
2015-05-15 14:05 - 2015-05-15 14:07 - 00000000 ____D () C:\Program Files (x86)\TKKG10
2015-05-15 08:01 - 2015-05-15 08:01 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ABKM-2012-Windows-7-Home-Premium-(64-bit).dat
2015-05-15 08:01 - 2015-05-15 08:01 - 00000000 ____D () C:\RegBackup
2015-05-15 07:40 - 2015-05-15 08:14 - 00000000 ____D () C:\AdwCleaner
2015-05-14 10:47 - 2015-05-14 10:47 - 00048438 _____ () C:\ComboFix.txt
2015-05-14 09:38 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-14 09:38 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-14 09:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-14 09:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-14 09:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-14 09:38 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-14 09:38 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-14 09:38 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-14 09:37 - 2015-05-14 10:47 - 00000000 ____D () C:\Qoobox
2015-05-14 09:37 - 2015-05-14 10:45 - 00000000 ____D () C:\Windows\erdnt
2015-05-14 00:24 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 00:24 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 15:01 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 15:01 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 15:01 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 15:01 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 15:01 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 15:01 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 15:01 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 15:01 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 15:01 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 15:01 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 15:01 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 15:01 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 15:01 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 15:01 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 15:01 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 15:01 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 15:01 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 15:01 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 15:01 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 15:01 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 15:01 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 15:01 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 15:01 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 15:01 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 15:01 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 15:01 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 15:01 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 15:01 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 15:01 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 15:01 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 15:01 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 15:01 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 15:01 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 15:01 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 15:01 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 15:01 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 15:01 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 15:01 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 15:01 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 15:01 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 15:01 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 15:01 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 15:01 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 15:01 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 15:01 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 15:01 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 15:01 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 15:01 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 15:01 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 15:01 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 15:01 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 15:01 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 15:01 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 15:01 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 15:01 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 15:01 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 15:01 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 15:01 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 15:01 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 15:01 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 15:01 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 15:01 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 15:01 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 15:01 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 15:00 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 15:00 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 15:00 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 15:00 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 15:00 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 15:00 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 15:00 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 15:00 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 15:00 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 15:00 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 15:00 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 15:00 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 15:00 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 15:00 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 15:00 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 15:00 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 15:00 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 15:00 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 15:00 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 15:00 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 15:00 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 15:00 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 15:00 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 15:00 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 15:00 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 15:00 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 15:00 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 15:00 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 15:00 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 15:00 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 15:00 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 15:00 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 15:00 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 14:59 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 14:59 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 14:59 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 14:59 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 14:59 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 14:59 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 14:59 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 14:59 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 14:59 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 14:59 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 14:59 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 14:59 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 14:59 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 14:59 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 14:59 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 09:53 - 2015-05-12 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-11 19:12 - 2015-05-11 19:12 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Local\{7914B217-5846-49DC-892A-F5C07EC41841}
2015-05-10 10:04 - 2015-05-10 11:34 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-09 15:13 - 2015-05-16 12:32 - 00000000 ____D () C:\FRST
2015-05-09 15:13 - 2015-05-09 15:13 - 00000000 _____ () C:\Users\Michael\defogger_reenable
2015-05-09 09:06 - 2015-05-16 12:32 - 00000000 ____D () C:\Users\Michael\Desktop\Trojan Tools
2015-05-08 17:21 - 2015-05-16 10:13 - 00000000 ____D () C:\Users\Michael\Desktop\Antivir Rescue
2015-05-08 15:01 - 2015-05-08 15:01 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-08 14:03 - 2015-05-08 14:03 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-08 14:01 - 2015-05-08 14:01 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\QuickScan
2015-05-08 11:37 - 2015-05-08 11:37 - 00000000 ____D () C:\Users\Antonia\Desktop\runtime
2015-05-08 11:35 - 2015-05-08 11:40 - 00000000 ____D () C:\Users\Antonia\Desktop\game
2015-05-08 11:03 - 2015-05-08 11:03 - 00000000 ____D () C:\Users\Antonia\AppData\Local\{56D3392A-6DA5-4C13-BEB3-CF502A9CC135}
2015-05-03 17:21 - 2015-05-03 17:21 - 00000000 ____D () C:\Users\Antonia\AppData\Local\{6677D07C-D21C-4218-A05E-5F02BFC9FCE3}
2015-05-02 17:55 - 2015-05-02 17:55 - 00007158 _____ () C:\Users\Kerstin(1)\Desktop\Fliesen - Verknüpfung.lnk
2015-05-02 17:54 - 2015-05-02 17:55 - 00000000 ____D () C:\Users\Public\Documents\Sentastr
2015-05-01 11:58 - 2015-05-01 11:58 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Local\{84B21787-061C-4822-9126-03D044371819}
2015-04-27 09:18 - 2015-04-27 09:18 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Local\{BDC3A217-B9AD-45C9-8C79-C291528228E8}
2015-04-24 15:24 - 2015-04-24 15:24 - 00000000 ____D () C:\Users\BENJAMIN.ABKM-2012\AppData\Roaming\Unity
2015-04-24 15:08 - 2015-04-24 15:08 - 00000000 ____D () C:\Users\BENJAMIN.ABKM-2012\AppData\Local\Unity
2015-04-24 15:07 - 2015-04-24 15:08 - 01088384 _____ (Unity Technologies ApS) C:\Users\BENJAMIN.ABKM-2012\Downloads\UnityWebPlayer(2).exe
2015-04-24 15:07 - 2015-04-24 15:07 - 01088384 _____ (Unity Technologies ApS) C:\Users\BENJAMIN.ABKM-2012\Downloads\UnityWebPlayer(1).exe
2015-04-24 15:06 - 2015-04-24 15:06 - 01088384 _____ (Unity Technologies ApS) C:\Users\BENJAMIN.ABKM-2012\Downloads\UnityWebPlayer.exe
2015-04-21 15:42 - 2015-04-21 15:42 - 00044032 ___SH () C:\Users\BENJAMIN.ABKM-2012\AppData\Roaming\Thumbs.db
2015-04-21 15:42 - 2015-04-21 15:42 - 00001526 _____ () C:\Users\BENJAMIN.ABKM-2012\AppData\Roaming\.minecraft - Verknüpfung.lnk
2015-04-21 15:28 - 2015-04-21 15:29 - 05263187 _____ () C:\Users\BENJAMIN.ABKM-2012\Downloads\FC Pack V8-1.7.10-4.8.0.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-16 12:37 - 2012-04-06 20:14 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype
2015-05-16 12:29 - 2011-11-24 07:07 - 01333393 _____ () C:\Windows\WindowsUpdate.log
2015-05-16 10:32 - 2012-06-08 16:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-16 09:32 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-16 09:32 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-16 07:59 - 2012-04-11 20:45 - 00000000 ____D () C:\Users\Michael\Documents\Outlook-Dateien
2015-05-16 07:55 - 2011-11-20 07:23 - 00702980 _____ () C:\Windows\system32\perfh007.dat
2015-05-16 07:55 - 2011-11-20 07:23 - 00150620 _____ () C:\Windows\system32\perfc007.dat
2015-05-16 07:55 - 2009-07-14 07:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-16 07:28 - 2014-10-31 00:10 - 00000000 ___RD () C:\Users\Michael\Dropbox
2015-05-16 07:28 - 2013-05-26 21:11 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Dropbox
2015-05-16 07:27 - 2015-01-24 16:25 - 00000000 ___RD () C:\Users\Michael\Google Drive
2015-05-16 07:26 - 2012-04-06 17:44 - 00656335 _____ () C:\Users\Michael\DesktopStCenter.txt
2015-05-16 07:21 - 2009-07-14 06:51 - 00293249 _____ () C:\Windows\setupact.log
2015-05-15 16:04 - 2013-09-01 11:12 - 00000000 ____D () C:\Users\Antonia\AppData\Roaming\Skype
2015-05-15 14:35 - 2015-02-22 15:52 - 00000000 ____D () C:\Users\Antonia\AppData\Roaming\.minecraft
2015-05-15 14:06 - 2014-05-12 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tivola
2015-05-15 13:28 - 2014-02-07 17:06 - 00000000 ____D () C:\Users\BENJAMIN.ABKM-2012\AppData\Roaming\.minecraft
2015-05-15 12:08 - 2014-05-17 16:59 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-15 11:36 - 2011-05-24 16:40 - 00000000 ____D () C:\Users\Michael\Documents\Mein Steuer-Sparbuch Heute
2015-05-15 08:17 - 2012-04-28 11:34 - 00000000 ____D () C:\Users\Michael\AppData\Local\CrashDumps
2015-05-14 10:47 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-14 10:36 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-14 10:34 - 2010-11-21 05:47 - 01067604 _____ () C:\Windows\PFRO.log
2015-05-14 10:34 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\default.bak
2015-05-14 10:34 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-05-14 10:34 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-05-14 09:30 - 2014-10-31 00:09 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-14 09:29 - 2013-09-22 17:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-14 09:23 - 2012-05-06 13:46 - 00000000 ____D () C:\Users\Michael\Tracing
2015-05-14 09:12 - 2009-07-14 06:45 - 00446824 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 09:08 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 09:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-14 00:43 - 2012-04-06 21:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 00:41 - 2013-08-14 08:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 00:28 - 2012-04-14 17:33 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-14 00:24 - 2013-03-13 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-14 00:24 - 2013-03-13 21:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 00:24 - 2013-03-13 21:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 22:28 - 2012-04-15 21:31 - 00000000 ____D () C:\Users\Kerstin(1)\Documents\Outlook-Dateien
2015-05-13 08:03 - 2013-05-26 21:13 - 00000000 ___RD () C:\Users\Kerstin(1)\Dropbox
2015-05-13 08:03 - 2013-05-26 21:10 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Roaming\Dropbox
2015-05-12 09:51 - 2013-03-28 13:10 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-12 09:51 - 2013-03-28 13:10 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-10 19:58 - 2013-05-26 21:13 - 00001037 _____ () C:\Users\Kerstin(1)\Desktop\Dropbox.lnk
2015-05-10 19:58 - 2013-05-26 21:11 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-10 16:43 - 2012-12-09 12:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\DoNotTrackPlus
2015-05-10 10:03 - 2014-05-17 16:56 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-09 15:48 - 2015-01-24 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-09 15:13 - 2012-04-06 17:17 - 00000000 ____D () C:\Users\Michael
2015-05-08 15:01 - 2014-05-17 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-08 15:01 - 2014-05-17 16:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-03 19:29 - 2008-09-14 11:36 - 00000000 ____D () C:\Users\Michael\Documents\WISO Mein Geld
2015-05-03 17:59 - 2013-09-01 11:21 - 00000000 ____D () C:\Users\Antonia\Documents\Outlook-Dateien
2015-05-02 18:01 - 2011-07-11 11:54 - 00000000 ____D () C:\ProgramData\Skype
2015-05-02 17:59 - 2012-04-11 20:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-02 17:58 - 2012-04-11 20:20 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-02 17:58 - 2011-07-11 12:28 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-01 15:57 - 2013-09-14 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-05-01 15:57 - 2012-11-30 11:52 - 00001620 _____ () C:\Users\Michael\Desktop\DivX Movies.lnk
2015-05-01 15:57 - 2012-06-03 18:53 - 00000000 ____D () C:\Program Files (x86)\DivX
2015-05-01 15:57 - 2012-06-03 18:52 - 00000000 ____D () C:\ProgramData\DivX
2015-04-20 14:46 - 2008-09-14 11:36 - 00000000 ____D () C:\Users\Michael\Documents\Wielandstrasse
2015-04-20 14:44 - 2015-04-12 23:27 - 00000000 ____D () C:\Users\Michael\Documents\Sentastr
2015-04-19 13:24 - 2012-04-11 19:39 - 00000000 ____D () C:\Users\Michael\Documents\Computer

==================== Files in the root of some directories =======

2012-05-26 09:58 - 2014-11-08 15:44 - 0003258 _____ () C:\Users\Michael\AppData\Roaming\Rim.Desktop.Exception.log
2012-05-26 09:57 - 2013-09-08 15:08 - 0003361 _____ () C:\Users\Michael\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-05-26 09:58 - 2014-11-08 15:44 - 0000847 _____ () C:\Users\Michael\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-10-21 22:21 - 2014-11-08 15:44 - 0010010 _____ () C:\Users\Michael\AppData\Roaming\Rim.Transcoder.Exception.log
2015-04-10 20:51 - 2015-04-10 20:51 - 0190611 _____ () C:\Users\Michael\AppData\Local\4A594BA6_stp.CIS
2015-04-10 20:51 - 2015-04-10 20:51 - 0000290 _____ () C:\Users\Michael\AppData\Local\4A594BA6_stp.CIS.part
2015-04-10 20:49 - 2015-04-10 20:49 - 0385602 _____ () C:\Users\Michael\AppData\Local\5D515C96_stp.CIS
2015-04-10 20:49 - 2015-04-10 20:49 - 0000220 _____ () C:\Users\Michael\AppData\Local\5D515C96_stp.CIS.part
2015-04-10 20:51 - 2015-04-10 20:54 - 8437760 _____ () C:\Users\Michael\AppData\Local\784ED66F_stp.CIS
2015-04-10 20:51 - 2015-04-10 20:51 - 0000442 _____ () C:\Users\Michael\AppData\Local\784ED66F_stp.CIS.part
2012-04-13 19:18 - 2015-01-31 14:23 - 0026112 _____ () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-07 17:36 - 2014-12-07 17:36 - 0000017 _____ () C:\Users\Michael\AppData\Local\resmon.resmoncfg
2013-02-16 22:59 - 2013-02-16 22:59 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-11-24 07:21 - 2013-03-16 22:42 - 0002538 _____ () C:\ProgramData\ArcadeDeluxe5.log

Some content of TEMP:
====================
C:\Users\Antonia\AppData\Local\Temp\avgnt.exe
C:\Users\BENJAMIN.ABKM-2012\AppData\Local\Temp\avgnt.exe
C:\Users\Michael\AppData\Local\Temp\avgnt.exe
C:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpp3inwh.dll
C:\Users\Michael\AppData\Local\Temp\Quarantine.exe
C:\Users\Michael\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-09-01 12:28

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Alt 16.05.2015, 11:44   #15
baeuerlein
 
Positiver Befall mit 4 Trojanern unter Windows7 #1 - Standard

Positiver Befall mit 4 Trojanern unter Windows7 #1



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05-2015
Ran by Michael at 2015-05-16 12:38:08
Running from C:\Users\Michael\Desktop\Trojan Tools
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3665776361-1376430445-3332247537-500 - Administrator - Disabled)
Antonia (S-1-5-21-3665776361-1376430445-3332247537-1005 - Limited - Enabled) => C:\Users\Antonia
BENJAMIN (S-1-5-21-3665776361-1376430445-3332247537-1009 - Limited - Enabled) => C:\Users\BENJAMIN.ABKM-2012
Gast (S-1-5-21-3665776361-1376430445-3332247537-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3665776361-1376430445-3332247537-1002 - Limited - Enabled)
Kerstin(1) (S-1-5-21-3665776361-1376430445-3332247537-1008 - Limited - Enabled) => C:\Users\Kerstin(1)
Michael (S-1-5-21-3665776361-1376430445-3332247537-1000 - Administrator - Enabled) => C:\Users\Michael

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: FireWall (Disabled) {753F9273-B322-2907-AC37-03D0F1702F22}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2weistein (HKLM-x32\...\{307702F6-FD2C-484A-8F2E-A1DCE85FD9CC}_is1) (Version:  - Brainmonster Studios)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3505 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Acronis*True*Image*Home 2012 (HKLM-x32\...\{243EF3E5-537D-4A15-8EE8-47D5473D9C73}Visible) (Version: 15.0.7133 - Acronis)
Acronis*True*Image*Home 2012 (x32 Version: 15.0.7133 - Acronis) Hidden
ActiveX контрола на Windows Live Mesh за отдалечени връзки (HKLM-x32\...\{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}) (Version: 15.4.5722.2 - Microsoft Corporation)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements (HKLM-x32\...\Adobe Photoshop Elements 1.0) (Version: 1.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe SVG Viewer (HKLM-x32\...\Adobe SVG Viewer) (Version: 1.0 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon Music (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
ANNO 1404 - Königsedition (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 3.10.0000 - Ubisoft)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10405 - ATI Technologies Inc.) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
AVM FRITZ!Box AddOn (IE) (HKLM-x32\...\{CEAD06D8-D033-4D2A-9328-AF49089E129F}) (Version: 1.7.0 - AVM Berlin)
AVM FRITZ!Box AddOn (IE) (x64) (HKLM\...\{EC3671D7-98AC-4951-8FFD-5556BE066137}) (Version: 1.7.0 - AVM Berlin)
AVM FRITZ!Box-Kindersicherung (HKLM-x32\...\{7497BB4F-CE23-47D4-B2CB-62548080F74F}) (Version: 4.2.3 - AVM Berlin)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research in Motion Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
clear.fi  (x32 Version: 1.5.3201_45059 - CyberLink Corp.) Hidden
clear.fi  (x32 Version: 9.0.9024 - CyberLink Corp.) Hidden
clear.fi (HKLM-x32\...\InstallShield_{37126D87-E4FD-4614-B908-A0BB7ECE3992}) (Version: 1.5.3318.35 - CyberLink Corp.)
clear.fi (x32 Version: 1.5.3318.35 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.05.3002 - Acer Incorporated)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Control ActiveX del Windows Live Mesh per a connexions remotes (HKLM-x32\...\{76C064E2-BB99-4453-8FDA-42BC01AD0734}) (Version: 15.4.5722.2 - Microsoft Corporation)
Control ActiveX Windows Live Mesh pentru conexiuni la distanță (HKLM-x32\...\{260E3D78-94E6-47EC-8E29-46301572BB1E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controle ActiveX do Windows Live Mesh para Conexões Remotas (HKLM-x32\...\{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Applications (HKLM-x32\...\Corel Applications) (Version:  - )
Corel PaintShop Pro X4 (HKLM-x32\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.345 - Corel Corporation)
Corel PaintShop Pro X4 (x32 Version: 14.1.0.5 - Corel Corporation) Hidden
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Jagd nach dem blauen Kristall (HKLM-x32\...\Die Jagd nach dem blauen Kristall) (Version:  - )
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC)
Dropbox (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Elevated Installer (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Etron USB3.0 Host Controller (x32 Version: 0.106 - Etron Technology) Hidden
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.0.8 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.0.8 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free Audio CD Burner version 2.0.24.827 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: 2.0.24.827 - DVDVideoSoft Ltd.)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free Audio Converter version 5.0.27.725 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.27.725 - DVDVideoSoft Ltd.)
Free Disc Burner version 3.0.18.1212 (HKLM-x32\...\Free Disc Burner_is1) (Version: 3.0.18.1212 - DVDVideoSoft Ltd.)
Free DVD Video Converter version 2.0.15.1125 (HKLM-x32\...\Free DVD Video Converter_is1) (Version: 2.0.15.1125 - DVDVideoSoft Ltd.)
Free MP4 Video Converter version 5.0.46.820 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.46.820 - DVDVideoSoft Ltd.)
Free Studio version 6.5.0.324 (HKLM-x32\...\Free Studio_is1) (Version: 6.5.0.324 - DVDVideoSoft Ltd.)
Free Video Call Recorder for Skype version 1.2.8.1230 (HKLM-x32\...\Free Video Call Recorder for Skype_is1) (Version: 1.2.8.1230 - DVDVideoSoft Ltd.)
Free Video Dub version 2.0.21.827 (HKLM-x32\...\Free Video Dub_is1) (Version: 2.0.21.827 - DVDVideoSoft Ltd.)
Free Video Flip and Rotate version 2.1.9.822 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 2.1.9.822 - DVDVideoSoft Ltd.)
Free Video to Android Converter version 5.0.32.1230 (HKLM-x32\...\Free Video to Android Converter_is1) (Version: 5.0.32.1230 - DVDVideoSoft Ltd.)
Free Video to DVD Converter version 5.0.45.716 (HKLM-x32\...\Free Video to DVD Converter_is1) (Version: 5.0.45.716 - DVDVideoSoft Ltd.)
Free Video to iPod Converter version 5.0.27.725 (HKLM-x32\...\Free Video to iPod Converter_is1) (Version: 5.0.27.725 - DVDVideoSoft Ltd.)
Free Video to Samsung Phones Converter version 5.0.32.1230 (HKLM-x32\...\Free Video to Samsung Phones Converter_is1) (Version: 5.0.32.1230 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.20.1230 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.20.1230 - DVDVideoSoft Ltd.)
Free YouTube to DVD Converter version 3.1.13.925 (HKLM-x32\...\Free YouTube to DVD Converter_is1) (Version: 3.1.13.925 - DVDVideoSoft Ltd.)
Free YouTube to iPhone Converter version 2.12.20.1230 (HKLM-x32\...\Free YouTube to iPhone Converter_is1) (Version: 2.12.20.1230 - DVDVideoSoft Ltd.)
Free YouTube to iPod Converter version 3.11.12.827 (HKLM-x32\...\Free YouTube to iPod Converter_is1) (Version: 3.11.12.827 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.50.1111 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1111 - DVDVideoSoft Ltd.)
FRITZ!DSL64 (HKLM\...\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}) (Version: 2.04.03 - AVM Berlin)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin City Navigator Europe NT 2013.10 Update (HKLM-x32\...\{EC28FA6E-E38D-4F72-80EF-1FBE66B05668}) (Version: 16.10.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2014.30 Update (HKLM-x32\...\{F956C0BB-D2FA-4BA5-80D7-AC08E7CD611B}) (Version: 17.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2015.40 (HKLM-x32\...\{04B2E836-EF35-438B-89B8-59F484090283}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Gpg4win (2.1.1) (HKLM-x32\...\GPG4Win) (Version: 2.1.1 - The Gpg4win Project)
Horse Life (HKLM-x32\...\Horse Life_is1) (Version:  - )
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Acer Incorporated)
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (HKLM\...\{0A8BEF69-0DD7-4A8F-9AED-0CB91BEBCB58}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Hilfe (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Product Detection (HKLM-x32\...\{42D10994-A566-495D-A5E7-D0C6B5C6B35C}) (Version: 11.14.0006 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ICA (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
IPM_PSP_COM (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.3.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.3.0 - )
Kontrola Windows Live Mesh ActiveX za daljinske veze (HKLM-x32\...\{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}) (Version: 15.4.5722.2 - Microsoft Corporation)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
LEGO® Batman™ 2: DC Super Heroes (HKLM-x32\...\{4E2EA555-3DAE-4BE1-96BF-6A632ACFE8DE}) (Version: 1.0.0.0 - Warner Bros. Interactive Entertainment)
LEGO® Star Wars™: Die Komplette Saga (HKLM-x32\...\InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}) (Version: 1.00.0000 - LucasArts)
LEGO® Star Wars™: The Complete Saga (x32 Version: 1.00.0000 - LucasArts) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Marketsplash Schnellzugriffe (HKLM-x32\...\{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}) (Version: 1.0.1.7 - Hewlett-Packard)
Matrix Code Emulator 1.50 (HKLM-x32\...\Matrix Code Emulator_is1) (Version:  - Reality Rift Studios)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4517.1509 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WorldWide Telescope (HKLM-x32\...\{02E7492D-C46F-4A34-A197-D1C3F19A1F4A}) (Version: 5.0.3 - Microsoft Research)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\MyFreeCodec) (Version:  - )
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.15 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.15 - Egis Technology Inc.) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10800.6.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4517.1509 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4517.1509 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4517.1509 - Microsoft Corporation) Hidden
OTR Homeloader 1.5.8.146 (HKLM-x32\...\OTR Homeloader) (Version: 1.5.8.146 - © onlinetvrecorder.com)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM-x32\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}) (Version: 15.4.5722.2 - Microsoft Corporation)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Pearl Harbor: Fire on the Water (x32 Version: 2.2.0.110 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Pflanzen gegen Zombies (HKLM-x32\...\Pflanzen gegen Zombies) (Version:  - PopCap Games)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PonyGirl2 (HKLM-x32\...\PonyGirl2) (Version:  - )
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.10 - ProtectDisc Software GmbH)
PSPPContent (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
PSPPro64 (Version: 14.0.0.345 - Corel Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6242 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.1.1.11124_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.1.1.11124_17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Setup (x32 Version: 14.0.0.345 - Ihr Firmenname) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Snapfish Fotobuch (HKLM-x32\...\Snapfish Fotobuch) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Space Fighters 3D (HKLM-x32\...\SpaceFighters3D) (Version: 1.0D - Anders und Seim Neue Medien AG)
SPEEDLINK Strike 2 Gamepad (HKLM-x32\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.08.17 - )
Sweet Home 3D version 4.6 (HKLM\...\Sweet Home 3D_is1) (Version:  - eTeks)
TKKG10 (HKLM-x32\...\TKKG10) (Version:  - )
TKKG16 (HKLM-x32\...\TKKG16) (Version: Das unheimliche Zimmer" - Tivola Development GmbH)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Urruneko konexioetarako Windows Live Mesh ActiveX kontrola (HKLM-x32\...\{7BA6DF02-B094-45D7-A3C9-BE3684253922}) (Version: 15.4.5722.2 - Microsoft Corporation)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (x32 Version: 4.0.10.2 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wireshark 1.12.4 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.4 - The Wireshark developer community, hxxp://www.wireshark.org)
WISO Mein Geld 2014 Standard (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\WISO Mein Geld 2014 Standard) (Version:  - Buhl Data Service GmbH)
WISO Mein Geld 2014 Standard (x32 Version: 16.0.1.0 - Buhl Data Service GmbH) Hidden
WISO Steuer-Sparbuch 2012 (HKLM-x32\...\{0CC1DAFB-40C8-4903-953D-471E541477C7}) (Version: 19.03.7334 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{1A51972F-7455-4EF7-9B62-FAF851E0BE13}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{D31520BA-35B4-41A9-A176-6A69F6BDB046}) (Version: 22.02.8861 - Buhl Data Service GmbH)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย) (HKLM-x32\...\{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-05-14 10:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06BD7732-AC4C-4D89-885B-23BA3DE7A669} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0FE833D6-1CC1-4D33-AD84-2DA4D5B307D0} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {13EDDADF-414A-4208-8B6A-08C5B5F9D110} - System32\Tasks\{AFE53008-C007-408D-AC1A-522FF6694D9D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{D596980D-17BE-4425-B8F0-5640719AADE9}\setup.exe" -c -runfromtemp -l0x0407
Task: {15080E1E-897B-4116-AC0B-A04DB15A74F3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {201022E4-9FC8-42D8-856E-97E0A2D248B6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-08-13] (Microsoft Corporation)
Task: {2BDB76D0-55AF-4A26-BD8B-612E7E9CE036} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {2F8C7232-6B89-4A83-A839-009522724610} - System32\Tasks\{BCA64A62-A2F0-4023-9FE4-D9BF2DD0AAB7} => pcalua.exe -a "C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2238UOIF\avm_fritz!wlan_usb_stick_x64_build_100906.exe" -d C:\Users\Michael\Desktop
Task: {38C5C3F5-7303-41FE-AA18-D55BF2CFDBF4} - System32\Tasks\hpUtility.exe_{9189978C-8FF7-42B9-8AE7-F38CEBEA73B8} => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\utils\hpUtility.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {415E614A-8D00-4D17-B889-DB9A42C89CC3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-02] (Adobe Systems Incorporated)
Task: {49735EFF-FBBD-4D0C-A45D-58A85253DDB6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-08-13] (Microsoft Corporation)
Task: {5C5FE30A-AAA1-4C2E-AD79-30544C05DA33} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {6453F120-7242-41F6-A713-3EB92534A46C} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-10-12] (CyberLink)
Task: {6E263B84-6926-4989-BDD9-4979DC4D5614} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {7F8039A3-75EC-4376-8A96-CB13A28A4989} - System32\Tasks\{77A7DFBC-3C5C-48ED-A38F-6DEC9589FD7E} => pcalua.exe -a E:\Driver\setup.exe -d E:\Driver
Task: {85E724A5-C5C5-435F-9201-631A24F3514B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-06-09] (Microsoft Corporation)
Task: {AA4AA929-BC40-4A19-BB5F-40006A45D073} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2012-09-18] (Acer Incorporated)
Task: {B2AF022D-4264-4CA8-A432-4D08941B54DD} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {B39F4286-CB41-4E8B-A96C-9ECCDF09CFFF} - System32\Tasks\{21BF5564-D73B-44F0-B06A-09046295D728} => pcalua.exe -a E:\setup.exe -d E:\
Task: {B7B67FE5-1CFE-41C2-8E99-8764874A0FAE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {E3CC3F58-509D-42BD-AD54-2D2F937A5B0E} - System32\Tasks\Microsoft_Hardware_Launch_vVX6000_exe => C:\Windows\vVX6000.exe [2010-05-20] (Microsoft Corporation
)
Task: {ECC392DF-FFA3-4336-B2D6-8D41460E2B8B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {F0DE2495-7482-4D61-971A-AA04E7CFBF8E} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2012-09-18] (CyberLink Corp.)
Task: C:\Windows\Tasks\Adobe Acrobat Update Task.job => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf89f1fda08b48.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfeadeb7541613.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfff7a2e6aa93.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d041e914e2aa29.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-01-12 14:42 - 2006-02-23 12:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2013-01-12 14:42 - 2006-02-22 11:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-28 18:50 - 2013-05-28 18:50 - 00218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2013-04-28 17:51 - 2013-06-20 13:03 - 00386216 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-04-28 17:51 - 2013-06-09 16:05 - 00518824 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-04-28 17:51 - 2013-06-09 16:05 - 00612520 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2009-01-22 01:45 - 2009-01-22 01:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2015-01-02 19:00 - 2014-12-08 08:27 - 06277952 _____ () C:\Users\Michael\AppData\Local\Amazon Music\Amazon Music Helper.exe
2013-11-17 13:21 - 2014-07-02 10:13 - 01427736 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
2011-08-11 05:58 - 2011-08-11 05:58 - 00627304 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-05-28 18:44 - 2013-05-28 18:44 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2013-05-28 18:42 - 2013-05-28 18:42 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2013-05-28 18:41 - 2013-05-28 18:41 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2013-05-28 18:44 - 2013-05-28 18:44 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2013-05-28 18:45 - 2013-05-28 18:45 - 00627712 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2012-06-28 16:58 - 2012-06-28 16:58 - 00435584 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
2014-10-15 21:15 - 2014-10-15 21:15 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2011-11-24 07:12 - 2010-11-06 00:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 09789208 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 00035608 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 00309016 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 00322840 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2013-11-17 13:20 - 2014-07-02 10:14 - 03880216 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 00136472 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 02738456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 02116376 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01932568 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 04326168 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll
2013-11-17 13:20 - 2014-02-11 12:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll
2013-11-17 13:20 - 2014-02-11 12:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll
2013-11-17 13:20 - 2014-02-11 12:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01564952 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 05291288 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01698584 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01809688 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01627928 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01117976 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01341208 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01309464 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 07340824 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01286936 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01331480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll
2015-05-16 07:27 - 2015-05-16 07:27 - 00043008 _____ () c:\users\michael\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpp3inwh.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2011-08-11 05:57 - 2011-08-11 05:57 - 00151656 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2015-05-16 07:26 - 2015-05-16 07:26 - 00098816 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\win32api.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00110080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\pywintypes27.dll
2015-05-16 07:26 - 2015-05-16 07:26 - 00364544 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\pythoncom27.dll
2015-05-16 07:26 - 2015-05-16 07:26 - 00045568 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\_socket.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 01161216 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\_ssl.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00320512 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\win32com.shell.shell.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00713216 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\_hashlib.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 01175040 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\wx._core_.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00805888 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\wx._gdi_.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00811008 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\wx._windows_.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 01062400 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\wx._controls_.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00735232 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\wx._misc_.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00682496 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\pysqlite2._sqlite.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00128512 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\_elementtree.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00127488 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\pyexpat.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00087552 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\_ctypes.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00119808 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\win32file.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00108544 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\win32security.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00007168 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\hashobjs_ext.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00017408 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\usb_ext.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00167936 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\win32gui.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00018432 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\win32event.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00013824 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\common.time34.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00036864 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\_psutil_windows.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00038912 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\win32inet.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00011264 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\win32crypt.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00070656 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\wx._html2.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00027136 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\_multiprocessing.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00020480 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\_yappi.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00035840 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\win32process.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00686080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\unicodedata.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00122368 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\wx._wizard.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00024064 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\win32pipe.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00010240 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\select.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00025600 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\win32pdh.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00525640 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\windows._lib_cacheinvalidation.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00017408 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\win32profile.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00022528 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\win32ts.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00078336 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\wx._animate.pyd
2012-06-28 17:27 - 2012-06-28 17:27 - 01492888 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\universal_restore.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\bayer.com -> hxxps://mymail.bayer.com

IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\123simsen.com -> www.123simsen.com

There are 6845 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{C9D242DC-25AF-4AF2-BB94-DAB940B3A60D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3C47A78D-7CCA-4D2E-A2B7-E41DEC3FB628}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{EF2AD903-CA8A-48B8-BA8D-AC8AF551734A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{7E9724D4-BBC2-4F08-A50C-B5CB49993F4A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9597C05A-1907-40A9-B1FA-916B94D1DCED}] => (Allow) LPort=2869
FirewallRules: [{600BA4A8-53A4-488A-A939-FD6B7E5939A7}] => (Allow) LPort=1900
FirewallRules: [{ED91579B-7073-4D88-BAA2-EF8754A652D9}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{388D3D32-53CD-44B6-9323-AB004EF5B290}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8FE7A59D-113B-4438-84C0-B111496F1CD5}] => (Allow) E:\fsetup.exe
FirewallRules: [{95FE17A3-C1D4-4425-88B5-F0028D7C06FF}] => (Allow) E:\fsetup.exe
FirewallRules: [{E759168D-02CB-4F7F-9789-A00E3C4C33ED}] => (Allow) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
FirewallRules: [{0DF8F296-597C-48D1-9378-706B92E8C884}] => (Allow) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
FirewallRules: [{04364AA0-AAC0-4CA3-9F35-373342E92752}] => (Allow) C:\Program Files\FRITZ!DSL\FBOXUPD.EXE
FirewallRules: [{9B275731-692F-439E-AFEB-1BADAB356C7A}] => (Allow) C:\Program Files\FRITZ!DSL\FBOXUPD.EXE
FirewallRules: [{176F6BD2-E313-4ACD-A144-59FD12CB2D72}] => (Allow) C:\Program Files\FRITZ!DSL\WebwaIgd.exe
FirewallRules: [{C2678EC3-1C35-4B04-B92C-D01FF239B191}] => (Allow) C:\Program Files\FRITZ!DSL\WebwaIgd.exe
FirewallRules: [{71DF01A8-3686-4D06-BEF4-56CDDFDB8AD3}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{763B9429-FF6F-4D99-BA7E-7E69B5EC8DB1}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{82F39FD0-930D-404E-8527-E4DE962866CE}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{D1A32A56-F835-4D22-9FB1-43F39DF56B9E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{0F0DEA32-5E0E-476B-B6F1-F125CB2BE877}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{E2F8D7EF-B881-4C99-9F39-22E35427B00C}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{3861C9F6-A5B8-4F20-B2DB-1E495564DB20}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{0500228A-C9AA-4EBD-9AD2-48446376E7F4}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{ADC8774B-A50A-43FC-B580-A6417F7DE597}] => (Allow) LPort=4481
FirewallRules: [{FE9A06C4-46CD-4772-8F35-BA3C46DBE2A1}] => (Allow) LPort=4481
FirewallRules: [{52BB8DF9-6381-4CC4-A793-831E1E6004BE}] => (Allow) LPort=4482
FirewallRules: [{3B34CFC9-0B67-49DC-9234-4E72BE801B5F}] => (Allow) LPort=4482
FirewallRules: [{E455E453-8EF5-4C02-B3B4-421ABC807F65}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{03E17A5A-B0CC-47E9-BAD5-C75A8C7C44B1}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{8DAE088C-D404-415E-8926-2F3507A41FA6}] => (Allow) LPort=4481
FirewallRules: [{568F1D79-2097-4DE4-BAD1-3B94093A530A}] => (Allow) LPort=4481
FirewallRules: [{EFDA4574-D805-45A3-89F3-730FDE578304}] => (Allow) LPort=4482
FirewallRules: [{69B928F6-04A0-4298-9B3C-6B7ACC7A6EC9}] => (Allow) LPort=4482
FirewallRules: [{D2E880E5-AEA1-46ED-898A-6A869E77B66D}] => (Allow) C:\Users\Michael\AppData\Local\Temp\_ISTMP3.DIR\_ISTMP0.DIR\igd_finder.exe
FirewallRules: [{3C4EA169-3582-4139-8D9E-B2289F585402}] => (Allow) C:\Users\Michael\AppData\Local\Temp\_ISTMP3.DIR\_ISTMP0.DIR\igd_finder.exe
FirewallRules: [{25DCF301-824F-4AAC-B756-B424AF758F22}] => (Allow) LPort=5031
FirewallRules: [{017C46D6-584C-4DA9-8532-7E57F5ACFF03}] => (Allow) C:\Users\Michael\AppData\Local\Temp\_ISTMP3.DIR\_INS5576._MP
FirewallRules: [{6C07132D-B959-40B0-A5E1-9381AB7B1C9C}] => (Allow) C:\Users\Michael\AppData\Local\Temp\_ISTMP3.DIR\_INS5576._MP
FirewallRules: [{8B142A97-0976-4D90-9368-DA57B6AAC677}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS5804\HPDiagnosticCoreUI.exe
FirewallRules: [{73889DA0-43A0-46C8-8CE2-901C1480D76B}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS5804\HPDiagnosticCoreUI.exe
FirewallRules: [{12064533-AE2E-4FD1-A04D-84761BD33E69}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS5961\hppiw.exe
FirewallRules: [{76FB54EB-A124-4BBB-BB3B-3FCE364671B7}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS5961\hppiw.exe
FirewallRules: [{12C49088-AC2B-41B3-9A8B-17329787105A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\FaxApplications.exe
FirewallRules: [{7D58C282-6184-40FA-B1E9-B88575459B1A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\DigitalWizards.exe
FirewallRules: [{51E6148A-6E4C-47FF-BA1B-B903F393D5AE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\SendAFax.exe
FirewallRules: [{7D085111-33A0-411D-A569-C9CA20B02D8A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe
FirewallRules: [{6A16B531-25B3-488F-80A0-42725A2DC96D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
FirewallRules: [{7D309AEE-D794-48BE-8F17-4615E3611BCD}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{B6323A56-ED26-4469-B3C2-FC140CE56DB0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{85BCD67E-C592-4F48-8988-FC32AC54D0D9}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{2F0214AC-E971-4A23-A7CA-81578925B65F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{F17E1B7C-2E36-47E8-AD0C-EA00A86910AA}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{2BBE5713-307F-4357-9FCA-95BCD3CBA5FE}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{81C86BF7-1306-48BB-9818-DD02A255512B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{9F570D08-D86B-4AE3-B9B4-C4F87AD1C4DF}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{EEE78BE8-8619-4972-BAD8-1C7F4D12C781}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{3B2F7565-7D7C-4780-8E4D-8743DEF9B36A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
FirewallRules: [{198864CE-CD10-4C99-BED4-2F4776406330}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\PlayMovie.exe
FirewallRules: [{CCBD6139-73A0-4808-941A-6A9AF6C22291}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{835101D6-156A-4027-B96D-9B62E562C48B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{6841C0F7-C1CD-44B5-84D4-4B980436EAA3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{E1732156-0092-4927-BEC2-CC4B98FD19F3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{8F42CF1E-43AE-4340-933F-B5B8B8949180}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{8828AAC2-9F98-41C5-B32B-24283D063037}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D6C4729D-BC9D-4EEE-8AD0-6303381D8574}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B0920B14-F1C9-405B-91FA-D9933AA65A04}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5B174C98-464A-433E-964D-8A5EE9C9E8EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E0957D46-DACD-4A59-AC15-A24D0DCBE9BE}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{92AE468D-DCF2-46CB-9BE5-354E1664C7C8}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{C24C8CBE-BC4D-4E17-A37E-CEA09DFA0A25}] => (Allow) C:\Users\Kerstin(1)\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{620AE8BA-C9EA-419E-94E0-00DECB5E0E06}] => (Allow) C:\Users\Kerstin(1)\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2CD4582C-2903-4A96-9401-AFEEA51CDB50}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{033B7368-8B98-4E99-A12E-5816EF7B5FCE}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{F09D235F-1111-4387-8B6A-CE939F3E0E6A}] => (Allow) C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe
FirewallRules: [{B38F3C9A-2096-469C-A305-21D6861FF3F7}] => (Allow) C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe
FirewallRules: [{F304595D-4C61-4B9A-BCE0-9FE19F073B2C}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Anno4.exe
FirewallRules: [{8CBC0F82-BF4E-4EC0-AC68-E3001567775A}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Anno4.exe
FirewallRules: [{3011FF30-5F17-48F9-8C84-3A4777535953}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Addon.exe
FirewallRules: [{FF96BB1B-558F-4990-91C8-4E4D2FA10254}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Addon.exe
FirewallRules: [{BFADD09D-72E5-4D79-8A44-B9A9645DBE87}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Anno4Web.exe
FirewallRules: [{BD150C6E-CDA3-4003-8A04-D98BE435618B}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Anno4Web.exe
FirewallRules: [{1512ADE2-6EFF-4D45-AD57-E9C5B220CA9D}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\AddonWeb.exe
FirewallRules: [{0130F6AD-FCE5-4E61-AD27-28B65163BFBC}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\AddonWeb.exe
FirewallRules: [{A77FEDFE-05A2-4A41-881B-EA2F378975D5}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Benchmark.exe
FirewallRules: [{A2C7781F-3A84-4476-980A-0B6CB2776ECE}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Benchmark.exe
FirewallRules: [{936CDF9C-21B0-49EC-B52D-F997BC42AABE}] => (Allow) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FCF49220-9855-4FD5-9828-6E734E926362}] => (Allow) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{2A51E31E-0825-4364-93A9-53B3111D4BEE}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{1DB5141C-2C7E-40E7-BD66-913BD4598F23}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{44CE2C93-06B4-46AF-AADB-422B81A0DAFB}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{BBD53D6A-1025-4870-B795-89896280248E}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{5238C553-D394-4075-9D3E-8D225137B983}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CF0DE276-C226-4232-A414-96F068B790DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{0A88D139-9D09-470A-B142-4F89F58DC8DF}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{7676DAC4-29C8-43B0-A342-7F48B24E1E83}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{BF9CF787-F1FD-4435-A239-8C46C3F0CF24}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{EC599DB0-83EE-44E2-B26A-DEBC3D01BEA9}C:\users\antonia\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\antonia\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{CAD62162-5C9A-4470-B683-DAED6BCB517A}C:\users\antonia\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\antonia\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{4A35D0C8-FFFB-40F6-95B1-B55D33815992}C:\users\kerstin(1)\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kerstin(1)\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{8F250A55-1BAA-45AF-A210-774AAC9CD52F}C:\users\kerstin(1)\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kerstin(1)\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{EA8692AD-A1CC-4676-AD47-FC393025FDAF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{1492FE07-7953-40AC-BCAE-81D5DE405213}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{BF0841E8-53A8-49B3-9686-0C30823FFDAC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Officejet Pro 8500 A910
Description: Officejet Pro 8500 A910
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Officejet Pro 8500 A910
Description: Officejet Pro 8500 A910
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/16/2015 07:56:24 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/16/2015 07:52:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/16/2015 07:52:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/16/2015 07:52:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/16/2015 07:52:33 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/16/2015 07:23:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/15/2015 04:46:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_DiagTrack, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8bfa
Ausnahmecode: 0xc000000d
Fehleroffset: 0x000000000006ec12
ID des fehlerhaften Prozesses: 0x99c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_DiagTrack0
Pfad der fehlerhaften Anwendung: svchost.exe_DiagTrack1
Pfad des fehlerhaften Moduls: svchost.exe_DiagTrack2
Berichtskennung: svchost.exe_DiagTrack3

Error: (05/15/2015 10:28:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/15/2015 08:28:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 14.5.2015.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1ca4

Startzeit: 01d08ed802619cbc

Endzeit: 20

Anwendungspfad: C:\Users\Michael\Desktop\Trojan Tools\FRST64.exe

Berichts-ID: 921bf3bf-facb-11e4-b5e2-bc05430c7d61

Error: (05/15/2015 08:18:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/16/2015 07:23:18 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/15/2015 04:46:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Diagnostics Tracking Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/15/2015 04:08:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/15/2015 04:07:43 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (05/15/2015 11:02:21 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (05/15/2015 10:28:11 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/15/2015 08:17:30 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/15/2015 08:16:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Garmin Device Interaction Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/15/2015 08:16:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Device Interaction Service erreicht.

Error: (05/15/2015 08:15:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Diagnostics Tracking Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (05/16/2015 07:56:24 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (05/16/2015 07:52:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\Michael\Desktop\Trojan Tools\esetsmartinstaller_deu.exe

Error: (05/16/2015 07:52:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\Michael\Desktop\Trojan Tools\esetsmartinstaller_deu.exe

Error: (05/16/2015 07:52:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\Michael\Desktop\Trojan Tools\esetsmartinstaller_deu.exe

Error: (05/16/2015 07:52:33 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\Michael\Desktop\Trojan Tools\esetsmartinstaller_deu.exe

Error: (05/16/2015 07:23:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/15/2015 04:46:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18839553e8bfac000000d000000000006ec1299c01d08ee8e0624f75C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll365e29f2-fb11-11e4-aac0-bc05430c7d61

Error: (05/15/2015 10:28:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/15/2015 08:28:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe14.5.2015.21ca401d08ed802619cbc20C:\Users\Michael\Desktop\Trojan Tools\FRST64.exe921bf3bf-facb-11e4-b5e2-bc05430c7d61

Error: (05/15/2015 08:18:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2015-05-14 10:15:32.954
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-14 10:15:32.894
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-12-30 22:58:28.892
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-12-30 22:58:28.817
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-12-30 22:58:26.548
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-12-30 22:58:26.472
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-12-30 22:58:24.288
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-12-30 22:58:24.213
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-12-30 22:58:22.059
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-12-30 22:58:21.995
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 61%
Total physical RAM: 4078.01 MB
Available physical RAM: 1557.07 MB
Total Pagefile: 8154.22 MB
Available Pagefile: 5009.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:455.45 GB) (Free:77.75 GB) NTFS
Drive d: (DATA) (Fixed) (Total:455.96 GB) (Free:238.47 GB) NTFS
Drive i: (Elements) (Fixed) (Total:931.51 GB) (Free:464.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D991B2E7)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=456 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0025BE3D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Antwort

Themen zu Positiver Befall mit 4 Trojanern unter Windows7 #1
adware, aktiv, antivir, antivirus, avira, avira aktiv und auf neuestem stand, bonjour, boot, browser, chkdsk, converter, datei, desktop, dsl, festplatte, firefox, flash player, geld, gmer, google, helper, herunterfahren, home, homepage, installation, internet, internet explorer, kein internet, kein update, malwarebytes, microsoft, mozilla, mp3, namen, programm, proxy, realtek, registry, scan, secur, security, server, software, spam, stick, svchost.exe, symantec, system, tr/cabhot.vuze, trojaner, update, usb, vista, windows, windows7, wiso




Ähnliche Themen: Positiver Befall mit 4 Trojanern unter Windows7 #1


  1. RSA-2048 Trojaner unter Windows7 - Wie entschlüsselt man die Dateien ?
    Plagegeister aller Art und deren Bekämpfung - 09.08.2015 (5)
  2. Gerätemanager unter Windows7 leer -event. Trojaner ?
    Plagegeister aller Art und deren Bekämpfung - 25.04.2014 (7)
  3. Gerätemanager unter Windows7 leer
    Alles rund um Windows - 22.04.2014 (7)
  4. optimaler Schutz vor Trojanern unter Windows?
    Überwachung, Datenschutz und Spam - 14.04.2014 (18)
  5. Qvo6-Infektion unter Windows7
    Log-Analyse und Auswertung - 12.11.2013 (11)
  6. Wordpad-Datei unter Windows7 öffnen
    Alles rund um Windows - 01.10.2013 (5)
  7. Mehrfacher Befall von Trojanern
    Plagegeister aller Art und deren Bekämpfung - 06.09.2013 (15)
  8. Befall mehrer Rechner eines Haushalts mit multiplen Trojanern
    Plagegeister aller Art und deren Bekämpfung - 18.11.2012 (15)
  9. 100 Eurovirus unter Windows7 loswerden
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (1)
  10. Befall von 2 trojanern
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (1)
  11. S.M.A.R.T HDD Virus unter Windows7
    Log-Analyse und Auswertung - 16.04.2012 (17)
  12. Multipler Befall von Trojanern
    Log-Analyse und Auswertung - 28.03.2011 (18)
  13. Befall mit sshnas21.dll und weiteren Trojanern - erfolgreich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 03.09.2010 (16)
  14. Befall mit Trojanern&Malware.Entfernen mit Antivir, Housecall, Spybot klappt nicht
    Plagegeister aller Art und deren Bekämpfung - 29.11.2008 (0)
  15. Befall von Antivirus xp, Trojanern und sonstiges
    Plagegeister aller Art und deren Bekämpfung - 16.09.2008 (8)
  16. Befall mit verschiedenen Trojanern!
    Plagegeister aller Art und deren Bekämpfung - 25.04.2006 (8)

Zum Thema Positiver Befall mit 4 Trojanern unter Windows7 #1 - Plattform : Windows 7 Home Premium Windowsversion : (Service Pack 1) [6.1.7601] Privater Rechner und Nutzer Die Situation in chronologischer Abfolge: 1.) erste Beobachtung: CD-Schacht lässt sich auf keine Weise - Positiver Befall mit 4 Trojanern unter Windows7 #1...
Archiv
Du betrachtest: Positiver Befall mit 4 Trojanern unter Windows7 #1 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.