| |
| |||||||
Log-Analyse und Auswertung: Positiver Befall mit 4 Trojanern unter Windows7 #1Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.05.2015, 15:58
| #1 |
 |  Positiver Befall mit 4 Trojanern unter Windows7 #1 Plattform : Windows 7 Home Premium Windowsversion : (Service Pack 1) [6.1.7601] Privater Rechner und Nutzer Die Situation in chronologischer Abfolge: 1.) erste Beobachtung: CD-Schacht lässt sich auf keine Weise öffnen (Kommerzielle, saubere, alte CD mit Kinderspiel). Erster Verdachstmoment 2.) Antivir ist aktiv, meldet aber, dass es kein Update durchführen kann (kein Internet). Dabei ist kein Proxy in verwendung. 3.) Malwarebytes startet nicht 4.) Malwarebytes Chameleon started im dritten Schritt und finded einige wenige Treffer (nicht kritisch indiziert) 5.) Avira Rescue (Boot von USB) identifiziert die 4 Trojaner: TR/Kryptik.jhas, TR/Korter.palsh, TR/Cabby.cdimz, TR/Cabhot. vuzc. Beenden durch herunterfahren und Start von Festplatte dabei wird chkdsk automatisch durchgeführt 6.) Start von Malwarebytes: finded einige wenige Treffer (nicht kritisch indiziert) 7.) Scan mit Avira Antivirus Pro (update über Internet funktioniert wieder) und hat 7 Treffer (Log unten eingefügt) 8.) Zusammenstellung der geforderten Informationen des Trojanerboard (Defogger, FRST, GMER: Logs unten angefügt. LOGS: a) Avira Antivirus Pro (zu (7) in der Chrolologie) Exportierte Ereignisse - also die Funde/Hits 09.05.2015 13:00 [System-Scanner] Malware gefunden Die Datei 'C:\Users\Michael\Documents\Outlook-Dateien\m-baeuerlein@versanet.de.pst.vir' enthielt einen Virus oder unerwünschtes Programm 'TR/Cabhot.vuze' [trojan]. Durchgeführte Aktion(en): Bei dieser Datei handelt es sich um eine Mailbox. Um Ihre Emails nicht zu beeinträchtigen wird diese Datei nicht repariert oder gelöscht. 09.05.2015 12:58 [System-Scanner] Malware gefunden Die Datei 'C:\Users\Michael\Documents\Outlook-Dateien\archive.pst.vir' enthielt einen Virus oder unerwünschtes Programm 'TR/Cabby.cdimz' [trojan]. Durchgeführte Aktion(en): Bei dieser Datei handelt es sich um eine Mailbox. Um Ihre Emails nicht zu beeinträchtigen wird diese Datei nicht repariert oder gelöscht. 09.05.2015 12:25 [System-Scanner] Malware gefunden Die Datei 'C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S3GR8QGO\h65kp.exe.vir' enthielt einen Virus oder unerwünschtes Programm 'TR/Kovter.palsh' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56b46875.qua' verschoben! 09.05.2015 12:07 [System-Scanner] Malware gefunden Die Datei 'C:\Users\Kerstin(1)\Documents\Outlook-Dateien\kerstin_sielaff@baeuerlein.net.ps t.vir' enthielt einen Virus oder unerwünschtes Programm 'TR/Kryptik.jhas' [trojan]. Durchgeführte Aktion(en): Bei dieser Datei handelt es sich um eine Mailbox. Um Ihre Emails nicht zu beeinträchtigen wird diese Datei nicht repariert oder gelöscht. 08.05.2015 10:25 [Email-Schutz] Malware gefunden (eingehend) In der eingehenden Email von "sara@tiscali.it" an "<m-baeuerlein@versanet.de>" wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Worm.Gen' [heuristic] gefunden. Betreff: "Invio per posta elettronica: 88066_00841_00159_00515_EEQHDMA7G1ASHK_ATT". Durchgeführte Aktion: Mail in Quarantäne verschoben 08.05.2015 10:25 [Email-Schutz] Malware gefunden (eingehend) In der eingehenden Email von "serena.piloni@tin.it" an "<m-baeuerlein@versanet.de>" wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Worm.Gen' [heuristic] gefunden. Betreff: "Invio per posta elettronica: 34159_00137_00723_00924_7NEA88NMAMAXMU_ATT". Durchgeführte Aktion: Mail in Quarantäne verschoben 01.05.2015 15:23 [Email-Schutz] Malware gefunden (eingehend) In der eingehenden Email von ""Claretta Castleberry" <monsoons@etudeichola.com>" an "m-baeuerlein@versanet.de" wurde ein Virus oder unerwünschtes Programm 'TR/Agent.81920.635' [trojan] gefunden. Betreff: "Mechelen BELGIUM". Durchgeführte Aktion: Mail in Quarantäne verschoben 01.05.2015 15:22 [Email-Schutz] Malware gefunden (eingehend) In der eingehenden Email von ""Rusty Haynes" <dispenses@hophing-oil.com>" an "m-baeuerlein@versanet.de" wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.179482' [trojan] gefunden. Betreff: "Your account #516716573847 has been frozen". Durchgeführte Aktion: Mail in Quarantäne verschoben 01.05.2015 15:21 [Email-Schutz] Malware gefunden (eingehend) In der eingehenden Email von "Telepass <noreply@services.telepass.it>" an "<m-baeuerlein@versanet.de>" wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Worm.Gen' [heuristic] gefunden. Betreff: "Telepass.it informa - recapito elettronico delle fatture (rif. 080548031)". Durchgeführte Aktion: Mail in Quarantäne verschoben 01.05.2015 15:20 [Email-Schutz] Malware gefunden (eingehend) In der eingehenden Email von ""Inkasso Abteilung Online24 Pay AG" <georg.paul@onlinehome.de>" an ""Michael Baeuerlein" <m-baeuerlein@versanet.de>" wurde ein Virus oder unerwünschtes Programm 'TR/Matsnu.A.274' [trojan] gefunden. Betreff: "Ihr gespeichertes Girokonto ist nicht ausreichend gedeckt". Durchgeführte Aktion: Mail in Quarantäne verschoben 01.05.2015 15:19 [Email-Schutz] Malware gefunden (eingehend) In der eingehenden Email von ""Toi Egelston" <reprints@ferfreight.com>" an "m-baeuerlein@versanet.de" wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.187834' [trojan] gefunden. Betreff: "New mms message from +07954-710-253". Durchgeführte Aktion: Mail in Quarantäne verschoben 30.04.2015 08:13 [Email-Schutz] Malware gefunden (eingehend) In der eingehenden Email von ""Gerald Keding" <hemimorphism@cartimex.com>" an "kerstin_sielaff@baeuerlein.net" wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.187154' [trojan] gefunden. Betreff: "[***SPAM?***] Copy from +07840-886393". Durchgeführte Aktion: Mail in Quarantäne verschoben 28.04.2015 08:21 [Email-Schutz] Malware gefunden (eingehend) In der eingehenden Email von ""Mohamed Vangorder" <decolourise@elektor.com>" an "kerstin_sielaff@baeuerlein.net" wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.179659' [trojan] gefunden. Betreff: "Your account #889029932754 has been blocked". Durchgeführte Aktion: Mail in Quarantäne verschoben 24.04.2015 20:07 [Browser-Schutz] Malware gefunden Beim Zugriff auf Daten der URL "hxxp://www.serendipity.fr/images/presse/8274.jpg" wurde ein Virus oder unerwünschtes Programm 'PHP/Shell.BB.2' [virus] gefunden. Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert b) Avira Antivirus Pro (zu (7) in der Chrolologie) Erstellungsdatum der Reportdatei: Samstag, 9. Mai 2015 10:09 Datei ist auf Grund der Groesse noch nicht beigefügt Die Logs zu FRST und GMER nach Anweisung in zweiten Bolg NAmens "Positiver Befall mit 4 Trojanern unter Windows7 #2" geposted. Hoffentlich richtig so.  |
|
09.05.2015, 16:04
| #2 |
| | Positiver Befall mit 4 Trojanern unter Windows7 #2 Fortsezung aus Positiver Befall mit 4 Trojanern unter Windows7 #1 mit Logfiles
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015 01
Ran by Michael (administrator) on ABKM-2012 on 09-05-2015 15:13:47
Running from C:\Users\Michael\Desktop\Trojan Tools
Loaded Profiles: Michael & (Available profiles: Michael & Antonia & Kerstin(1) & BENJAMIN)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation
) C:\Windows\vVX6000.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(© onlinetvrecorder.com) C:\Program Files (x86)\OTRHomeloader\OTRHomeloader.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Users\Michael\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Seal One AG) C:\Users\Michael\AppData\Local\Temp\Seal One\SealOne.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\tray.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
(Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(© onlinetvrecorder.com) C:\Program Files (x86)\OTRHomeloader\OTRH_Monitoring.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Abine Inc.) C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPService.exe
(CallingID Ltd.) C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDGlobalLight.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-11] (Realtek Semiconductor)
HKLM\...\Run: [VX6000] => C:\Windows\vVX6000.exe [764784 2010-05-20] (Microsoft Corporation
)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403144 2012-06-28] (Acronis)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [188944 2012-09-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-11] ()
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5955088 2012-06-28] (Acronis)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1171336 2012-06-28] (Acronis)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-04-08] (DivX, LLC)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-01-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [OTR Homeloader] => C:\Program Files (x86)\OTRHomeloader\OTRHomeloader.exe [3567616 2014-02-28] (© onlinetvrecorder.com)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2015-01-14] (Samsung)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1565504 2015-01-14] (Samsung)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-24] (Google Inc.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [SealOne] => C:\Users\Michael\AppData\Roaming\Seal One\SealOne.exe [281080 2014-09-26] (Seal One AG)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [Amazon Music] => C:\Users\Michael\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\MountPoints2: I - I:\SealOne.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\MountPoints2: {09289954-7ffb-11e1-9c21-806e6f6e6963} - H:\pushinst.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\MountPoints2: {395dacfd-4553-11e4-86d2-bc05430c7d61} - I:\SealOne.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\MountPoints2: {96c2a851-165b-11e1-910d-806e6f6e6963} - E:\Launcher.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\MountPoints2: {c3c9aa0d-61ac-11e4-b8b5-bc05430c7d61} - J:\SealOne.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\MountPoints2: {cd508ebe-8611-11e1-8068-001a4f9f96e5} - J:\pushinst.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OTR Homeloader] => C:\Program Files (x86)\OTRHomeloader\OTRHomeloader.exe [3567616 2014-02-28] (© onlinetvrecorder.com)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2015-01-14] (Samsung)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1565504 2015-01-14] (Samsung)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-24] (Google Inc.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SealOne] => C:\Users\Michael\AppData\Roaming\Seal One\SealOne.exe [281080 2014-09-26] (Seal One AG)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Amazon Music] => C:\Users\Michael\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: I - I:\SealOne.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {09289954-7ffb-11e1-9c21-806e6f6e6963} - H:\pushinst.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {395dacfd-4553-11e4-86d2-bc05430c7d61} - I:\SealOne.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {96c2a851-165b-11e1-910d-806e6f6e6963} - E:\Launcher.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c3c9aa0d-61ac-11e4-b8b5-bc05430c7d61} - J:\SealOne.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {cd508ebe-8611-11e1-8068-001a4f9f96e5} - J:\pushinst.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [HP Officejet Pro 8500 A910 (NET)] => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {c3c9aa0d-61ac-11e4-b8b5-bc05430c7d61} - I:\SealOne.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Officejet Pro 8500 A910 (NET)] => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c3c9aa0d-61ac-11e4-b8b5-bc05430c7d61} - I:\SealOne.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-24] (Google Inc.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: E - E:\Launcher.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {96c2a851-165b-11e1-910d-806e6f6e6963} - E:\Launcher.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-24] (Google Inc.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: E - E:\Launcher.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {96c2a851-165b-11e1-910d-806e6f6e6963} - E:\Launcher.exe
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk [2012-04-07]
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2012-04-12]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Kerstin(1)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-05-26]
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Kerstin(1)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Netzwerk).lnk [2013-02-22]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2014-03-15]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-10-31]
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk [2012-04-06]
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Users\Michael\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe ()
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk [2012-04-14]
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012-05-17]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Kopie 1).lnk [2013-02-16]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Kopie 1).lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
GroupPolicyUsers\S-1-5-21-3665776361-1376430445-3332247537-1009\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3665776361-1376430445-3332247537-1005\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/webhp?rls=ig
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/webhp?rls=ig
HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> {B7D7CADB-B8B5-4318-B0D3-7207F64BFD6A} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=93a65f66-25f7-46af-8264-8a9eeddcee7f&apn_sauid=6B87D3E1-72B8-4340-A0A4-CB66C5EA381D
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000 -> DefaultScope {96823B65-B9E8-404A-AFE9-A36A99662E05} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000 -> {96823B65-B9E8-404A-AFE9-A36A99662E05} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {96823B65-B9E8-404A-AFE9-A36A99662E05} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {96823B65-B9E8-404A-AFE9-A36A99662E05} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {0ED92739-5703-40AD-8C2A-A3FFEC2B4F38} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {0ED92739-5703-40AD-8C2A-A3FFEC2B4F38} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {C4EC373D-3413-417E-A732-8CB19B478A77} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=93a65f66-25f7-46af-8264-8a9eeddcee7f&apn_sauid=6B87D3E1-72B8-4340-A0A4-CB66C5EA381D
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0ED92739-5703-40AD-8C2A-A3FFEC2B4F38} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0ED92739-5703-40AD-8C2A-A3FFEC2B4F38} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {C4EC373D-3413-417E-A732-8CB19B478A77} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=93a65f66-25f7-46af-8264-8a9eeddcee7f&apn_sauid=6B87D3E1-72B8-4340-A0A4-CB66C5EA381D
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2013-07-09] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: FRITZ!Box Addon BHO -> {C0C86BBE-9509-4296-8459-FDBFDAF4B673} -> C:\Program Files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll [2012-12-11] (AVM Berlin)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-11-07] (DVDVideoSoft Ltd.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2013-08-13] (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: FRITZ!Box Addon BHO -> {C0C86BBE-9509-4296-8459-FDBFDAF4B673} -> C:\Program Files (x86)\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll [2012-12-11] (AVM Berlin)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
BHO-x32: Avira SearchFree Toolbar plus Web Protection -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2013-04-30] (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-03-24] (DVDVideoSoft Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2013-04-30] (Ask)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2013-04-08] (pdfforge GmbH)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab
Handler-x32: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax [2011-10-20] (ACE GmbH)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2013-04-28] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8gcu6wpb.default-1421500931064
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-02] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-02] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-07-09] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @protectdisc.com/NPMPDRM -> C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll [2011-10-11] ( )
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll [2012-11-02] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Antonia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-25] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Antonia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-25] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\BENJAMIN.ABKM-2012\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\BENJAMIN.ABKM-2012\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-02-06] (Apple Inc.)
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8gcu6wpb.default-1421500931064\Extensions\2020Player_IKEA@2020Technologies.com [2015-03-21]
FF Extension: Bitdefender QuickScan - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8gcu6wpb.default-1421500931064\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2015-05-08]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8gcu6wpb.default-1421500931064\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-04-10]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-24]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-06-01]
Chrome:
=======
CHR DefaultSearchKeyword: Default -> search.snapdo.com
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-28]
CHR Extension: (Skype Click to Call) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-07-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-28]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-01]
CHR HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Michael\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-01-24]
CHR HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Michael\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-01-24]
CHR HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Michael\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.11.0.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-03-15] (Adobe Systems) [File not signed]
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 avmident; C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe [76288 2011-09-27] (AVM Berlin) [File not signed]
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-05-28] () [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
R2 HPSLPSVC; C:\Users\Michael\AppData\Local\Temp\7zS5961\hpslpsvc64.dll [1039360 2012-11-14] (Hewlett-Packard Co.) [File not signed]
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-09] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-25] (AVM Berlin)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-10-30] () [File not signed]
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-25] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 VX6000; C:\Windows\System32\DRIVERS\VX6000Xp.sys [2143600 2010-05-20] (Microsoft Corporation
)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-09 15:13 - 2015-05-09 15:13 - 00000000 ____D () C:\FRST
2015-05-09 15:13 - 2015-05-09 15:13 - 00000000 _____ () C:\Users\Michael\defogger_reenable
2015-05-09 09:06 - 2015-05-09 15:13 - 00000000 ____D () C:\Users\Michael\Desktop\Trojan Tools
2015-05-09 08:48 - 2015-05-09 08:48 - 00000000 ____D () C:\Users\Michael\AppData\Local\{6E532C9A-877E-4FBF-863E-DBE4B323F5E7}
2015-05-09 08:46 - 2015-05-09 08:46 - 00000022 _____ () C:\Windows\S.dirmngr
2015-05-08 17:21 - 2015-05-08 17:23 - 00000000 ____D () C:\Users\Michael\Desktop\Antivir Rescue
2015-05-08 15:01 - 2015-05-08 15:01 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-08 14:03 - 2015-05-08 14:03 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-08 14:01 - 2015-05-08 14:01 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\QuickScan
2015-05-08 11:37 - 2015-05-08 11:37 - 00000000 ____D () C:\Users\Antonia\Desktop\runtime
2015-05-08 11:35 - 2015-05-08 11:40 - 00000000 ____D () C:\Users\Antonia\Desktop\game
2015-05-08 11:03 - 2015-05-08 11:03 - 00000000 ____D () C:\Users\Antonia\AppData\Local\{56D3392A-6DA5-4C13-BEB3-CF502A9CC135}
2015-05-08 09:47 - 2015-05-08 09:47 - 00000000 ____D () C:\Users\Michael\AppData\Local\{CF45AD25-98B3-4995-982B-C6BEBA338B61}
2015-05-03 17:21 - 2015-05-03 17:21 - 00000000 ____D () C:\Users\Antonia\AppData\Local\{6677D07C-D21C-4218-A05E-5F02BFC9FCE3}
2015-05-03 14:38 - 2015-05-03 14:38 - 00000000 ____D () C:\Users\Michael\AppData\Local\{357B4DF6-0AB5-4471-A1A9-B02E3AA3BF24}
2015-05-02 17:57 - 2015-05-02 17:57 - 00000000 ____D () C:\Users\Michael\AppData\Local\{4917958E-1019-4EFD-B113-7AA8FC872D1D}
2015-05-02 17:55 - 2015-05-02 17:55 - 00007158 _____ () C:\Users\Kerstin(1)\Desktop\Fliesen - Verknüpfung.lnk
2015-05-02 17:54 - 2015-05-02 17:55 - 00000000 ____D () C:\Users\Public\Documents\Sentastr
2015-05-01 15:13 - 2015-05-01 15:14 - 00000000 ____D () C:\Users\Michael\AppData\Local\{C2B60F9A-5E39-42A5-A1B3-A8D48669B688}
2015-05-01 11:58 - 2015-05-01 11:58 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Local\{84B21787-061C-4822-9126-03D044371819}
2015-04-27 09:18 - 2015-04-27 09:18 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Local\{BDC3A217-B9AD-45C9-8C79-C291528228E8}
2015-04-24 15:24 - 2015-04-24 15:24 - 00000000 ____D () C:\Users\BENJAMIN.ABKM-2012\AppData\Roaming\Unity
2015-04-24 15:08 - 2015-04-24 15:08 - 00000000 ____D () C:\Users\BENJAMIN.ABKM-2012\AppData\Local\Unity
2015-04-24 15:07 - 2015-04-24 15:08 - 01088384 _____ (Unity Technologies ApS) C:\Users\BENJAMIN.ABKM-2012\Downloads\UnityWebPlayer(2).exe
2015-04-24 15:07 - 2015-04-24 15:07 - 01088384 _____ (Unity Technologies ApS) C:\Users\BENJAMIN.ABKM-2012\Downloads\UnityWebPlayer(1).exe
2015-04-24 15:06 - 2015-04-24 15:06 - 01088384 _____ (Unity Technologies ApS) C:\Users\BENJAMIN.ABKM-2012\Downloads\UnityWebPlayer.exe
2015-04-24 12:04 - 2015-04-24 12:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-21 15:42 - 2015-04-21 15:42 - 00044032 ___SH () C:\Users\BENJAMIN.ABKM-2012\AppData\Roaming\Thumbs.db
2015-04-21 15:42 - 2015-04-21 15:42 - 00001526 _____ () C:\Users\BENJAMIN.ABKM-2012\AppData\Roaming\.minecraft - Verknüpfung.lnk
2015-04-21 15:28 - 2015-04-21 15:29 - 05263187 _____ () C:\Users\BENJAMIN.ABKM-2012\Downloads\FC Pack V8-1.7.10-4.8.0.zip
2015-04-21 10:31 - 2015-04-21 10:31 - 00000000 ____D () C:\Users\Michael\AppData\Local\{EA2EBA12-0315-4671-9513-358718E61F53}
2015-04-20 10:53 - 2015-04-20 10:54 - 00000000 ____D () C:\Users\Michael\AppData\Local\{8DB52E62-3E56-485F-9EFA-B9CB35B64210}
2015-04-19 12:46 - 2015-04-19 12:46 - 00000000 ____D () C:\Users\Michael\AppData\Local\{B28C3F14-AD19-43B5-908D-4B409049E668}
2015-04-18 10:09 - 2015-04-18 10:09 - 00000000 ____D () C:\Users\Michael\AppData\Local\{D48DCE9E-1E8C-4998-99EB-AF93838C2C0F}
2015-04-15 09:20 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 09:20 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 09:20 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 09:20 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 09:20 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 09:20 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 09:20 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 09:20 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 09:20 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 09:20 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 09:20 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 09:20 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 09:20 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 09:20 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 09:20 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 09:20 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 09:20 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 09:20 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 09:20 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 09:20 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 09:20 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 09:20 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 09:20 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 09:20 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 09:20 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 09:20 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 09:20 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 09:20 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 09:20 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 09:20 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 09:20 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 09:20 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 09:20 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 09:20 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 09:20 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 09:20 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 09:20 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 09:20 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 09:20 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 09:20 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 09:20 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 09:20 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 09:20 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 09:20 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 09:20 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 09:20 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 09:20 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 09:20 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 09:20 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 09:20 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 09:20 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 09:20 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 09:20 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 09:20 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 09:20 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 09:20 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 09:20 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 09:20 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 09:20 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 09:20 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 09:20 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 09:20 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 09:20 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 09:20 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 09:20 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 09:20 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 09:20 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 09:20 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 09:20 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 09:20 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 09:20 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 09:20 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 09:20 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 09:20 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 09:20 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 09:20 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 09:20 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 09:20 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 09:20 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 09:20 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 09:20 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 09:20 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 09:20 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 09:20 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 09:20 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 09:20 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 09:20 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 09:20 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 09:20 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 09:20 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 09:20 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 09:20 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 09:20 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 09:20 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 09:20 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 09:20 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 09:20 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 09:20 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 09:20 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 09:20 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 09:20 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 09:20 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 09:20 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 09:20 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 09:20 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 09:20 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 09:20 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 09:20 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 09:20 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 09:20 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 09:20 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 09:20 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 09:20 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 09:20 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 09:20 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 09:20 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 09:20 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 09:20 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 09:20 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 09:19 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 09:19 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 09:19 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-13 15:45 - 2015-04-13 15:45 - 00000000 ____D () C:\Users\Michael\AppData\Local\{1B3B35ED-F750-462D-8F81-890BC573A716}
2015-04-12 23:27 - 2015-04-20 14:44 - 00000000 ____D () C:\Users\Michael\Documents\Sentastr
2015-04-12 22:56 - 2015-04-12 22:56 - 00000000 ____D () C:\Users\Michael\AppData\Local\{93EC67FB-AC66-4030-8AA8-9B714F29AD58}
2015-04-11 17:47 - 2015-04-11 17:47 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Local\{93E74171-0447-4F59-B006-BDD9A0710ABA}
2015-04-11 12:52 - 2015-04-11 12:52 - 00000000 ____D () C:\Users\Michael\AppData\Local\{CFCFB3BF-B88B-4EE4-8DB7-FD5158ACF71B}
2015-04-10 22:22 - 2015-04-10 22:22 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-10 22:22 - 2015-04-10 22:22 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-10 21:56 - 2015-04-10 21:56 - 00000000 ____D () C:\Users\Michael\AppData\Local\{8A502CF6-C1B4-45AD-870E-EB34C865CB2D}
2015-04-10 20:51 - 2015-04-10 20:54 - 08437760 _____ () C:\Users\Michael\AppData\Local\784ED66F_stp.CIS
2015-04-10 20:51 - 2015-04-10 20:51 - 00190611 _____ () C:\Users\Michael\AppData\Local\4A594BA6_stp.CIS
2015-04-10 20:51 - 2015-04-10 20:51 - 00000442 _____ () C:\Users\Michael\AppData\Local\784ED66F_stp.CIS.part
2015-04-10 20:51 - 2015-04-10 20:51 - 00000290 _____ () C:\Users\Michael\AppData\Local\4A594BA6_stp.CIS.part
2015-04-10 20:49 - 2015-04-10 20:54 - 00000000 ____D () C:\Users\Michael\AppData\Local\5D515C96_stp
2015-04-10 20:49 - 2015-04-10 20:49 - 00385602 _____ () C:\Users\Michael\AppData\Local\5D515C96_stp.CIS
2015-04-10 20:49 - 2015-04-10 20:49 - 00000220 _____ () C:\Users\Michael\AppData\Local\5D515C96_stp.CIS.part
2015-04-10 20:48 - 2015-04-10 20:48 - 03310280 _____ (DVDVideoSoft Ltd. ) C:\Users\Michael\Downloads\FreeStudio.exe
2015-04-10 16:41 - 2015-04-10 16:41 - 00000000 ____D () C:\Users\Antonia\Tracing
2015-04-10 12:51 - 2015-04-10 12:52 - 00000000 ____D () C:\Users\Michael\AppData\Local\Garmin_Ltd._or_its_subsid
2015-04-10 09:55 - 2015-04-10 09:55 - 00000000 ____D () C:\Users\Michael\AppData\Local\{0C4E06F7-CF93-4A58-96EC-AC2ECCBEF238}
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-09 15:13 - 2012-04-06 17:17 - 00000000 ____D () C:\Users\Michael
2015-05-09 14:47 - 2012-04-06 20:14 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype
2015-05-09 13:43 - 2011-11-24 07:07 - 01989193 _____ () C:\Windows\WindowsUpdate.log
2015-05-09 08:58 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-09 08:58 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-09 08:51 - 2014-05-17 16:59 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-09 08:50 - 2015-01-24 16:25 - 00000000 ___RD () C:\Users\Michael\Google Drive
2015-05-09 08:50 - 2014-10-31 00:10 - 00000000 ___RD () C:\Users\Michael\Dropbox
2015-05-09 08:50 - 2013-05-26 21:11 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Dropbox
2015-05-09 08:48 - 2012-04-06 17:44 - 00652489 _____ () C:\Users\Michael\DesktopStCenter.txt
2015-05-09 08:47 - 2012-05-06 13:46 - 00000000 ____D () C:\Users\Michael\Tracing
2015-05-09 08:46 - 2009-07-14 06:51 - 00291793 _____ () C:\Windows\setupact.log
2015-05-08 22:54 - 2012-04-11 20:45 - 00000000 ____D () C:\Users\Michael\Documents\Outlook-Dateien
2015-05-08 22:47 - 2012-04-15 21:31 - 00000000 ____D () C:\Users\Kerstin(1)\Documents\Outlook-Dateien
2015-05-08 17:25 - 2011-11-20 07:23 - 00702980 _____ () C:\Windows\system32\perfh007.dat
2015-05-08 17:25 - 2011-11-20 07:23 - 00150620 _____ () C:\Windows\system32\perfc007.dat
2015-05-08 17:25 - 2009-07-14 07:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-08 16:55 - 2014-05-17 16:56 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-08 15:04 - 2012-12-09 12:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\DoNotTrackPlus
2015-05-08 15:01 - 2014-05-17 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-08 15:01 - 2014-05-17 16:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-05-08 13:28 - 2013-09-01 11:12 - 00000000 ____D () C:\Users\Antonia\AppData\Roaming\Skype
2015-05-08 13:18 - 2015-02-22 15:52 - 00000000 ____D () C:\Users\Antonia\AppData\Roaming\.minecraft
2015-05-08 07:55 - 2013-05-26 21:13 - 00000000 ___RD () C:\Users\Kerstin(1)\Dropbox
2015-05-08 07:55 - 2013-05-26 21:10 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Roaming\Dropbox
2015-05-05 17:45 - 2014-02-07 17:06 - 00000000 ____D () C:\Users\BENJAMIN.ABKM-2012\AppData\Roaming\.minecraft
2015-05-03 19:29 - 2008-09-14 11:36 - 00000000 ____D () C:\Users\Michael\Documents\WISO Mein Geld
2015-05-03 17:59 - 2013-09-01 11:21 - 00000000 ____D () C:\Users\Antonia\Documents\Outlook-Dateien
2015-05-03 14:40 - 2012-04-28 11:34 - 00000000 ____D () C:\Users\Michael\AppData\Local\CrashDumps
2015-05-03 14:39 - 2011-05-24 16:40 - 00000000 ____D () C:\Users\Michael\Documents\Mein Steuer-Sparbuch Heute
2015-05-02 18:01 - 2011-07-11 11:54 - 00000000 ____D () C:\ProgramData\Skype
2015-05-02 17:59 - 2012-04-11 20:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-02 17:58 - 2012-04-11 20:20 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-02 17:58 - 2011-07-11 12:28 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-01 15:57 - 2013-09-14 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-05-01 15:57 - 2012-11-30 11:52 - 00001620 _____ () C:\Users\Michael\Desktop\DivX Movies.lnk
2015-05-01 15:57 - 2012-06-03 18:53 - 00000000 ____D () C:\Program Files (x86)\DivX
2015-05-01 15:57 - 2012-06-03 18:52 - 00000000 ____D () C:\ProgramData\DivX
2015-05-01 15:21 - 2014-10-31 00:09 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-01 15:21 - 2013-05-26 21:11 - 00005971 _____ () C:\Windows\wininit.ini
2015-05-01 10:03 - 2010-11-21 05:47 - 01067052 _____ () C:\Windows\PFRO.log
2015-04-24 22:12 - 2012-06-08 16:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-24 07:09 - 2013-05-26 21:13 - 00001037 _____ () C:\Users\Kerstin(1)\Desktop\Dropbox.lnk
2015-04-24 07:09 - 2013-05-26 21:11 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-20 14:46 - 2008-09-14 11:36 - 00000000 ____D () C:\Users\Michael\Documents\Wielandstrasse
2015-04-19 13:24 - 2012-04-11 19:39 - 00000000 ____D () C:\Users\Michael\Documents\Computer
2015-04-15 17:03 - 2014-12-12 08:57 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 17:03 - 2014-05-01 10:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 17:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 11:18 - 2012-04-06 21:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 11:17 - 2014-01-18 17:19 - 01602852 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 11:14 - 2013-08-14 08:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 11:06 - 2012-04-14 17:33 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 11:06 - 2009-07-14 04:34 - 00000510 _____ () C:\Windows\win.ini
2015-04-14 09:37 - 2014-05-17 16:56 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2014-01-18 14:09 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-10 20:57 - 2013-06-08 11:21 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-04-10 20:57 - 2012-11-30 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-04-10 20:54 - 2014-11-22 13:18 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-04-10 20:54 - 2012-09-08 19:31 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\DVDVideoSoft
2015-04-10 16:41 - 2012-04-12 16:28 - 00000000 ____D () C:\Users\Antonia
2015-04-10 16:06 - 2012-05-04 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-04-10 12:52 - 2013-03-22 10:19 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-10 12:51 - 2012-05-04 23:09 - 00000000 ____D () C:\ProgramData\Garmin
2015-04-10 12:51 - 2012-05-04 23:07 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-04-10 12:50 - 2014-07-20 13:30 - 00000382 _____ () C:\Windows\Tasks\GarminUpdaterTask.job
2015-04-10 12:43 - 2011-07-11 11:55 - 00000000 ___RD () C:\Program Files (x86)\Skype
==================== Files in the root of some directories =======
2012-05-26 09:58 - 2014-11-08 15:44 - 0003258 _____ () C:\Users\Michael\AppData\Roaming\Rim.Desktop.Exception.log
2012-05-26 09:57 - 2013-09-08 15:08 - 0003361 _____ () C:\Users\Michael\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-05-26 09:58 - 2014-11-08 15:44 - 0000847 _____ () C:\Users\Michael\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-10-21 22:21 - 2014-11-08 15:44 - 0010010 _____ () C:\Users\Michael\AppData\Roaming\Rim.Transcoder.Exception.log
2015-04-10 20:51 - 2015-04-10 20:51 - 0190611 _____ () C:\Users\Michael\AppData\Local\4A594BA6_stp.CIS
2015-04-10 20:51 - 2015-04-10 20:51 - 0000290 _____ () C:\Users\Michael\AppData\Local\4A594BA6_stp.CIS.part
2015-04-10 20:49 - 2015-04-10 20:49 - 0385602 _____ () C:\Users\Michael\AppData\Local\5D515C96_stp.CIS
2015-04-10 20:49 - 2015-04-10 20:49 - 0000220 _____ () C:\Users\Michael\AppData\Local\5D515C96_stp.CIS.part
2015-04-10 20:51 - 2015-04-10 20:54 - 8437760 _____ () C:\Users\Michael\AppData\Local\784ED66F_stp.CIS
2015-04-10 20:51 - 2015-04-10 20:51 - 0000442 _____ () C:\Users\Michael\AppData\Local\784ED66F_stp.CIS.part
2012-04-13 19:18 - 2015-01-31 14:23 - 0026112 _____ () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-07 17:36 - 2014-12-07 17:36 - 0000017 _____ () C:\Users\Michael\AppData\Local\resmon.resmoncfg
2013-02-16 22:59 - 2013-02-16 22:59 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-11-24 07:21 - 2013-03-16 22:42 - 0002538 _____ () C:\ProgramData\ArcadeDeluxe5.log
Some content of TEMP:
====================
C:\Users\Antonia\AppData\Local\Temp\avgnt.exe
C:\Users\Antonia\AppData\Local\Temp\COMAP.EXE
C:\Users\Antonia\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Antonia\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Antonia\AppData\Local\Temp\drm_dyndata_7400008.dll
C:\Users\Antonia\AppData\Local\Temp\SkypeSetup.exe
C:\Users\BENJAMIN.ABKM-2012\AppData\Local\Temp\avgnt.exe
C:\Users\BENJAMIN.ABKM-2012\AppData\Local\Temp\drm_dyndata_7400008.dll
C:\Users\BENJAMIN.ABKM-2012\AppData\Local\Temp\LEGOBatman2.exe
C:\Users\BENJAMIN.ABKM-2012\AppData\Local\Temp\tmpC97E.exe
C:\Users\BENJAMIN.ABKM-2012\AppData\Local\Temp\ubi88E.tmp.exe
C:\Users\Kerstin(1)\AppData\Local\Temp\avgnt.exe
C:\Users\Kerstin(1)\AppData\Local\Temp\COMAP.EXE
C:\Users\Kerstin(1)\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzazvwl.dll
C:\Users\Kerstin(1)\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kerstin(1)\AppData\Local\Temp\tmp2BB1.exe
C:\Users\Kerstin(1)\AppData\Local\Temp\tmpF660.exe
C:\Users\Michael\AppData\Local\Temp\13-1_vista_win7_win8_64_dd_ccc_whql.exe
C:\Users\Michael\AppData\Local\Temp\avgnt.exe
C:\Users\Michael\AppData\Local\Temp\COMAP.EXE
C:\Users\Michael\AppData\Local\Temp\d1g_ja1l.dll
C:\Users\Michael\AppData\Local\Temp\DivXSetup.exe
C:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd2ysf8.dll
C:\Users\Michael\AppData\Local\Temp\ED9E.exe
C:\Users\Michael\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Michael\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_au_aih.exe
C:\Users\Michael\AppData\Local\Temp\install_flashplayer16x32_mssd_aaa_aih.exe
C:\Users\Michael\AppData\Local\Temp\install_flashplayer16x32_mssd_aaa_aih_1.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Michael\AppData\Local\Temp\LEGOBatman2.exe
C:\Users\Michael\AppData\Local\Temp\LT2Update2012-03-22.exe
C:\Users\Michael\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Michael\AppData\Local\Temp\ose00000.exe
C:\Users\Michael\AppData\Local\Temp\setup.exe
C:\Users\Michael\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Michael\AppData\Local\Temp\tmp16FB.exe
C:\Users\Michael\AppData\Local\Temp\tmp6C1B.exe
C:\Users\Michael\AppData\Local\Temp\tmp7AD4.exe
C:\Users\Michael\AppData\Local\Temp\tmp9DB3.exe
C:\Users\Michael\AppData\Local\Temp\tmpDC07.exe
C:\Users\Michael\AppData\Local\Temp\ubi6A6B.tmp.exe
C:\Users\Michael\AppData\Local\Temp\ubi7151.tmp.exe
C:\Users\Michael\AppData\Local\Temp\WISOMeinGeld2012SP1.exe
C:\Users\Michael\AppData\Local\Temp\_is455C.exe
C:\Users\Michael\AppData\Local\Temp\_is79E.exe
C:\Users\Michael\AppData\Local\Temp\_isF327.exe
C:\Users\Michael\AppData\Local\Temp\{25ADC254-E9FD-463C-A51F-A6D8D4A92759}vsscomproxy.dll
C:\Users\Michael\AppData\Local\Temp\{BF35ED85-438C-485A-B7DD-BDE20F4C6CA6}vsscom.dll
C:\Users\Michael\AppData\Local\Temp\{E5570292-2D9B-4B68-AB6D-3F7E80909148}vsscomproxy64.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2013-09-01 12:28
==================== End Of Log ============================
Der Log zu FRST Additions und GMER findet sich gemaess anleitung in dem 3. Blog "Positiver Befall mit 4 Trojanern unter Windows7 #3" |
|
09.05.2015, 16:06
| #3 |
| | Positiver Befall mit 4 Trojanern unter Windows7 #3 Fortsezung von Positiver Befall mit 4 Trojanern unter Windows7 #2FRST Additions Logfile:
__________________Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015 01
Ran by Michael at 2015-05-09 15:14:41
Running from C:\Users\Michael\Desktop\Trojan Tools
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3665776361-1376430445-3332247537-500 - Administrator - Disabled)
Antonia (S-1-5-21-3665776361-1376430445-3332247537-1005 - Limited - Enabled) => C:\Users\Antonia
BENJAMIN (S-1-5-21-3665776361-1376430445-3332247537-1009 - Limited - Enabled) => C:\Users\BENJAMIN.ABKM-2012
Gast (S-1-5-21-3665776361-1376430445-3332247537-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3665776361-1376430445-3332247537-1002 - Limited - Enabled)
Kerstin(1) (S-1-5-21-3665776361-1376430445-3332247537-1008 - Limited - Enabled) => C:\Users\Kerstin(1)
Michael (S-1-5-21-3665776361-1376430445-3332247537-1000 - Administrator - Enabled) => C:\Users\Michael
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: FireWall (Disabled) {753F9273-B322-2907-AC37-03D0F1702F22}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2weistein (HKLM-x32\...\{307702F6-FD2C-484A-8F2E-A1DCE85FD9CC}_is1) (Version: - Brainmonster Studios)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3505 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)
Acronis*True*Image*Home 2012 (HKLM-x32\...\{243EF3E5-537D-4A15-8EE8-47D5473D9C73}Visible) (Version: 15.0.7133 - Acronis)
Acronis*True*Image*Home 2012 (x32 Version: 15.0.7133 - Acronis) Hidden
ActiveX контрола на Windows Live Mesh за отдалечени връзки (HKLM-x32\...\{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}) (Version: 15.4.5722.2 - Microsoft Corporation)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements (HKLM-x32\...\Adobe Photoshop Elements 1.0) (Version: 1.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe SVG Viewer (HKLM-x32\...\Adobe SVG Viewer) (Version: 1.0 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon Music (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
ANNO 1404 - Königsedition (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 3.10.0000 - Ubisoft)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10405 - ATI Technologies Inc.) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.6.45268 - Ask.com) <==== ATTENTION
Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.6.45268 - Ask.com) <==== ATTENTION
Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.3.30498 - Ask.com) <==== ATTENTION
Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.3.30498 - Ask.com) <==== ATTENTION
Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.4.37949 - Ask.com) <==== ATTENTION
Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.4.37949 - Ask.com) <==== ATTENTION
AVM FRITZ!Box AddOn (IE) (HKLM-x32\...\{CEAD06D8-D033-4D2A-9328-AF49089E129F}) (Version: 1.7.0 - AVM Berlin)
AVM FRITZ!Box AddOn (IE) (x64) (HKLM\...\{EC3671D7-98AC-4951-8FFD-5556BE066137}) (Version: 1.7.0 - AVM Berlin)
AVM FRITZ!Box-Kindersicherung (HKLM-x32\...\{7497BB4F-CE23-47D4-B2CB-62548080F74F}) (Version: 4.2.3 - AVM Berlin)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version: - AVM Berlin)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research in Motion Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
clear.fi (x32 Version: 1.5.3201_45059 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.9024 - CyberLink Corp.) Hidden
clear.fi (HKLM-x32\...\InstallShield_{37126D87-E4FD-4614-B908-A0BB7ECE3992}) (Version: 1.5.3318.35 - CyberLink Corp.)
clear.fi (x32 Version: 1.5.3318.35 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.05.3002 - Acer Incorporated)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Control ActiveX del Windows Live Mesh per a connexions remotes (HKLM-x32\...\{76C064E2-BB99-4453-8FDA-42BC01AD0734}) (Version: 15.4.5722.2 - Microsoft Corporation)
Control ActiveX Windows Live Mesh pentru conexiuni la distanță (HKLM-x32\...\{260E3D78-94E6-47EC-8E29-46301572BB1E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controle ActiveX do Windows Live Mesh para Conexões Remotas (HKLM-x32\...\{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Applications (HKLM-x32\...\Corel Applications) (Version: - )
Corel PaintShop Pro X4 (HKLM-x32\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.345 - Corel Corporation)
Corel PaintShop Pro X4 (x32 Version: 14.1.0.5 - Corel Corporation) Hidden
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Jagd nach dem blauen Kristall (HKLM-x32\...\Die Jagd nach dem blauen Kristall) (Version: - )
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC)
Dropbox (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Elevated Installer (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Etron USB3.0 Host Controller (x32 Version: 0.106 - Etron Technology) Hidden
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.0.8 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.0.8 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free Audio CD Burner version 2.0.24.827 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: 2.0.24.827 - DVDVideoSoft Ltd.)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free Audio Converter version 5.0.27.725 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.27.725 - DVDVideoSoft Ltd.)
Free Disc Burner version 3.0.18.1212 (HKLM-x32\...\Free Disc Burner_is1) (Version: 3.0.18.1212 - DVDVideoSoft Ltd.)
Free DVD Video Converter version 2.0.15.1125 (HKLM-x32\...\Free DVD Video Converter_is1) (Version: 2.0.15.1125 - DVDVideoSoft Ltd.)
Free MP4 Video Converter version 5.0.46.820 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.46.820 - DVDVideoSoft Ltd.)
Free Studio version 6.5.0.324 (HKLM-x32\...\Free Studio_is1) (Version: 6.5.0.324 - DVDVideoSoft Ltd.)
Free Video Call Recorder for Skype version 1.2.8.1230 (HKLM-x32\...\Free Video Call Recorder for Skype_is1) (Version: 1.2.8.1230 - DVDVideoSoft Ltd.)
Free Video Dub version 2.0.21.827 (HKLM-x32\...\Free Video Dub_is1) (Version: 2.0.21.827 - DVDVideoSoft Ltd.)
Free Video Flip and Rotate version 2.1.9.822 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 2.1.9.822 - DVDVideoSoft Ltd.)
Free Video to Android Converter version 5.0.32.1230 (HKLM-x32\...\Free Video to Android Converter_is1) (Version: 5.0.32.1230 - DVDVideoSoft Ltd.)
Free Video to DVD Converter version 5.0.45.716 (HKLM-x32\...\Free Video to DVD Converter_is1) (Version: 5.0.45.716 - DVDVideoSoft Ltd.)
Free Video to iPod Converter version 5.0.27.725 (HKLM-x32\...\Free Video to iPod Converter_is1) (Version: 5.0.27.725 - DVDVideoSoft Ltd.)
Free Video to Samsung Phones Converter version 5.0.32.1230 (HKLM-x32\...\Free Video to Samsung Phones Converter_is1) (Version: 5.0.32.1230 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.20.1230 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.20.1230 - DVDVideoSoft Ltd.)
Free YouTube to DVD Converter version 3.1.13.925 (HKLM-x32\...\Free YouTube to DVD Converter_is1) (Version: 3.1.13.925 - DVDVideoSoft Ltd.)
Free YouTube to iPhone Converter version 2.12.20.1230 (HKLM-x32\...\Free YouTube to iPhone Converter_is1) (Version: 2.12.20.1230 - DVDVideoSoft Ltd.)
Free YouTube to iPod Converter version 3.11.12.827 (HKLM-x32\...\Free YouTube to iPod Converter_is1) (Version: 3.11.12.827 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.50.1111 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1111 - DVDVideoSoft Ltd.)
FRITZ!DSL64 (HKLM\...\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}) (Version: 2.04.03 - AVM Berlin)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin City Navigator Europe NT 2013.10 Update (HKLM-x32\...\{EC28FA6E-E38D-4F72-80EF-1FBE66B05668}) (Version: 16.10.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2014.30 Update (HKLM-x32\...\{F956C0BB-D2FA-4BA5-80D7-AC08E7CD611B}) (Version: 17.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2015.40 (HKLM-x32\...\{04B2E836-EF35-438B-89B8-59F484090283}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Gpg4win (2.1.1) (HKLM-x32\...\GPG4Win) (Version: 2.1.1 - The Gpg4win Project)
Horse Life (HKLM-x32\...\Horse Life_is1) (Version: - )
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Acer Incorporated)
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (HKLM\...\{0A8BEF69-0DD7-4A8F-9AED-0CB91BEBCB58}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Hilfe (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Product Detection (HKLM-x32\...\{42D10994-A566-495D-A5E7-D0C6B5C6B35C}) (Version: 11.14.0006 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ICA (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
IPM_PSP_COM (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.3.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.3.0 - )
Kontrola Windows Live Mesh ActiveX za daljinske veze (HKLM-x32\...\{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}) (Version: 15.4.5722.2 - Microsoft Corporation)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
LEGO® Batman™ 2: DC Super Heroes (HKLM-x32\...\{4E2EA555-3DAE-4BE1-96BF-6A632ACFE8DE}) (Version: 1.0.0.0 - Warner Bros. Interactive Entertainment)
LEGO® Star Wars™: Die Komplette Saga (HKLM-x32\...\InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}) (Version: 1.00.0000 - LucasArts)
LEGO® Star Wars™: The Complete Saga (x32 Version: 1.00.0000 - LucasArts) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Marketsplash Schnellzugriffe (HKLM-x32\...\{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}) (Version: 1.0.1.7 - Hewlett-Packard)
Matrix Code Emulator 1.50 (HKLM-x32\...\Matrix Code Emulator_is1) (Version: - Reality Rift Studios)
Media Markt Download Player (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\4086596500.video-download.mediamarkt.de) (Version: - video-download.mediamarkt.de)
Media Markt Download Player (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\4086596500.video-download.mediamarkt.de) (Version: - video-download.mediamarkt.de)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4517.1509 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WorldWide Telescope (HKLM-x32\...\{02E7492D-C46F-4A34-A197-D1C3F19A1F4A}) (Version: 5.0.3 - Microsoft Research)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\MyFreeCodec) (Version: - )
MyFreeCodec (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MyFreeCodec) (Version: - )
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.15 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.15 - Egis Technology Inc.) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10800.6.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4517.1509 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4517.1509 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4517.1509 - Microsoft Corporation) Hidden
OTR Homeloader 1.5.8.146 (HKLM-x32\...\OTR Homeloader) (Version: 1.5.8.146 - © onlinetvrecorder.com)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM-x32\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}) (Version: 15.4.5722.2 - Microsoft Corporation)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Pearl Harbor: Fire on the Water (x32 Version: 2.2.0.110 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Pflanzen gegen Zombies (HKLM-x32\...\Pflanzen gegen Zombies) (Version: - PopCap Games)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PonyGirl2 (HKLM-x32\...\PonyGirl2) (Version: - )
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.10 - ProtectDisc Software GmbH)
PSPPContent (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
PSPPro64 (Version: 14.0.0.345 - Corel Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6242 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.1.1.11124_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.1.1.11124_17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Setup (x32 Version: 14.0.0.345 - Ihr Firmenname) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Snapfish Fotobuch (HKLM-x32\...\Snapfish Fotobuch) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Space Fighters 3D (HKLM-x32\...\SpaceFighters3D) (Version: 1.0D - Anders und Seim Neue Medien AG)
SPEEDLINK Strike 2 Gamepad (HKLM-x32\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.08.17 - )
Sweet Home 3D version 4.6 (HKLM\...\Sweet Home 3D_is1) (Version: - eTeks)
TKKG16 (HKLM-x32\...\TKKG16) (Version: Das unheimliche Zimmer" - Tivola Development GmbH)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Unity Web Player (HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\UnityWebPlayer) (Version: 5.0.1f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 5.0.1f1 - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Urruneko konexioetarako Windows Live Mesh ActiveX kontrola (HKLM-x32\...\{7BA6DF02-B094-45D7-A3C9-BE3684253922}) (Version: 15.4.5722.2 - Microsoft Corporation)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (x32 Version: 4.0.10.2 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wireshark 1.12.4 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.4 - The Wireshark developer community, hxxp://www.wireshark.org)
WISO Mein Geld 2014 Standard (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\WISO Mein Geld 2014 Standard) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2014 Standard (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WISO Mein Geld 2014 Standard) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2014 Standard (x32 Version: 16.0.1.0 - Buhl Data Service GmbH) Hidden
WISO Steuer-Sparbuch 2012 (HKLM-x32\...\{0CC1DAFB-40C8-4903-953D-471E541477C7}) (Version: 19.03.7334 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{1A51972F-7455-4EF7-9B62-FAF851E0BE13}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{D31520BA-35B4-41A9-A176-6A69F6BDB046}) (Version: 22.02.8861 - Buhl Data Service GmbH)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย) (HKLM-x32\...\{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {06BD7732-AC4C-4D89-885B-23BA3DE7A669} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0FE833D6-1CC1-4D33-AD84-2DA4D5B307D0} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {13EDDADF-414A-4208-8B6A-08C5B5F9D110} - System32\Tasks\{AFE53008-C007-408D-AC1A-522FF6694D9D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{D596980D-17BE-4425-B8F0-5640719AADE9}\setup.exe" -c -runfromtemp -l0x0407
Task: {15080E1E-897B-4116-AC0B-A04DB15A74F3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {201022E4-9FC8-42D8-856E-97E0A2D248B6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-08-13] (Microsoft Corporation)
Task: {2BDB76D0-55AF-4A26-BD8B-612E7E9CE036} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {2F8C7232-6B89-4A83-A839-009522724610} - System32\Tasks\{BCA64A62-A2F0-4023-9FE4-D9BF2DD0AAB7} => pcalua.exe -a "C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2238UOIF\avm_fritz!wlan_usb_stick_x64_build_100906.exe" -d C:\Users\Michael\Desktop
Task: {38C5C3F5-7303-41FE-AA18-D55BF2CFDBF4} - System32\Tasks\hpUtility.exe_{9189978C-8FF7-42B9-8AE7-F38CEBEA73B8} => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\utils\hpUtility.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {415E614A-8D00-4D17-B889-DB9A42C89CC3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-02] (Adobe Systems Incorporated)
Task: {49735EFF-FBBD-4D0C-A45D-58A85253DDB6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-08-13] (Microsoft Corporation)
Task: {5C5FE30A-AAA1-4C2E-AD79-30544C05DA33} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {6453F120-7242-41F6-A713-3EB92534A46C} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-10-12] (CyberLink)
Task: {6DE97448-BB57-4261-979C-6E0D00BF1EFF} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-04-30] () <==== ATTENTION
Task: {6E263B84-6926-4989-BDD9-4979DC4D5614} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {7F8039A3-75EC-4376-8A96-CB13A28A4989} - System32\Tasks\{77A7DFBC-3C5C-48ED-A38F-6DEC9589FD7E} => pcalua.exe -a E:\Driver\setup.exe -d E:\Driver
Task: {85E724A5-C5C5-435F-9201-631A24F3514B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-06-09] (Microsoft Corporation)
Task: {AA4AA929-BC40-4A19-BB5F-40006A45D073} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2012-09-18] (Acer Incorporated)
Task: {B2AF022D-4264-4CA8-A432-4D08941B54DD} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {B39F4286-CB41-4E8B-A96C-9ECCDF09CFFF} - System32\Tasks\{21BF5564-D73B-44F0-B06A-09046295D728} => pcalua.exe -a E:\setup.exe -d E:\
Task: {B7B67FE5-1CFE-41C2-8E99-8764874A0FAE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {C081CBAD-DF50-432B-9B5A-A0BA1DADAC0F} - \BrowserDefendert No Task File <==== ATTENTION
Task: {C151A853-81EF-4C8D-A08D-0C27722E7D73} - \EPUpdater No Task File <==== ATTENTION
Task: {E3CC3F58-509D-42BD-AD54-2D2F937A5B0E} - System32\Tasks\Microsoft_Hardware_Launch_vVX6000_exe => C:\Windows\vVX6000.exe [2010-05-20] (Microsoft Corporation
)
Task: {ECC392DF-FFA3-4336-B2D6-8D41460E2B8B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {F0DE2495-7482-4D61-971A-AA04E7CFBF8E} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2012-09-18] (CyberLink Corp.)
Task: C:\Windows\Tasks\Adobe Acrobat Update Task.job => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GarminUpdaterTask.job => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf89f1fda08b48.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfeadeb7541613.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfff7a2e6aa93.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d041e914e2aa29.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2013-01-12 14:42 - 2006-02-23 12:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2013-01-12 14:42 - 2006-02-22 11:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-28 18:50 - 2013-05-28 18:50 - 00218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2009-01-22 01:45 - 2009-01-22 01:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2013-04-28 17:51 - 2013-06-20 13:03 - 00386216 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-04-28 17:51 - 2013-06-09 16:05 - 00518824 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-04-28 17:51 - 2013-06-09 16:05 - 00612520 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2015-01-02 19:00 - 2014-12-08 08:27 - 06277952 _____ () C:\Users\Michael\AppData\Local\Amazon Music\Amazon Music Helper.exe
2013-11-17 13:21 - 2014-07-02 10:13 - 01427736 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
2011-08-11 05:58 - 2011-08-11 05:58 - 00627304 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-05-28 18:44 - 2013-05-28 18:44 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2013-05-28 18:42 - 2013-05-28 18:42 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2013-05-28 18:41 - 2013-05-28 18:41 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2013-05-28 18:44 - 2013-05-28 18:44 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2013-05-28 18:45 - 2013-05-28 18:45 - 00627712 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 09789208 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 00035608 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 00309016 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 00322840 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2013-11-17 13:20 - 2014-07-02 10:14 - 03880216 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 00136472 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 02738456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 02116376 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01932568 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 04326168 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll
2013-11-17 13:20 - 2014-02-11 12:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll
2013-11-17 13:20 - 2014-02-11 12:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll
2013-11-17 13:20 - 2014-02-11 12:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01564952 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 05291288 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01698584 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01809688 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01627928 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01117976 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01341208 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01309464 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 07340824 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01286936 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01331480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll
2015-05-09 08:49 - 2015-05-09 08:49 - 00043008 _____ () c:\users\michael\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd2ysf8.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2012-06-28 16:58 - 2012-06-28 16:58 - 00435584 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
2011-08-11 05:57 - 2011-08-11 05:57 - 00151656 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2015-05-09 08:46 - 2015-05-09 08:46 - 00098816 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32api.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00110080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\pywintypes27.dll
2015-05-09 08:46 - 2015-05-09 08:46 - 00364544 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\pythoncom27.dll
2015-05-09 08:47 - 2015-05-09 08:47 - 00045568 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\_socket.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 01161216 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\_ssl.pyd
2015-05-09 08:46 - 2015-05-09 08:46 - 00320512 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32com.shell.shell.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00713216 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\_hashlib.pyd
2015-05-09 08:46 - 2015-05-09 08:46 - 01175040 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._core_.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00805888 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._gdi_.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00811008 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._windows_.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 01062400 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._controls_.pyd
2015-05-09 08:46 - 2015-05-09 08:46 - 00735232 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._misc_.pyd
2015-05-09 08:46 - 2015-05-09 08:46 - 00682496 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\pysqlite2._sqlite.pyd
2015-05-09 08:46 - 2015-05-09 08:46 - 00128512 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\_elementtree.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00127488 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\pyexpat.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00087552 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\_ctypes.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00119808 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32file.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00108544 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32security.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00007168 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\hashobjs_ext.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00167936 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32gui.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00018432 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32event.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00038912 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32inet.pyd
2015-05-09 08:46 - 2015-05-09 08:46 - 00011264 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32crypt.pyd
2015-05-09 08:46 - 2015-05-09 08:46 - 00070656 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._html2.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00027136 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\_multiprocessing.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00020480 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\_yappi.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00035840 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32process.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00686080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\unicodedata.pyd
2015-05-09 08:46 - 2015-05-09 08:46 - 00122368 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._wizard.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00024064 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32pipe.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00010240 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\select.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00025600 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32pdh.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00525640 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\windows._lib_cacheinvalidation.pyd
2015-05-09 08:47 - 2015-05-09 08:47 - 00017408 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32profile.pyd
2015-05-09 08:46 - 2015-05-09 08:46 - 00022528 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32ts.pyd
2015-05-09 08:46 - 2015-05-09 08:46 - 00078336 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._animate.pyd
2014-10-15 21:15 - 2014-10-15 21:15 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2011-11-24 07:12 - 2010-11-06 00:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-05-02 17:58 - 2015-05-02 17:58 - 16863920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
2013-03-11 00:39 - 2013-03-11 00:39 - 00227192 _____ () C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPButton.dll
2013-03-11 00:39 - 2013-03-11 00:39 - 00051728 _____ () C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPServicePS.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\bayer.com -> hxxps://mymail.bayer.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\123simsen.com -> www.123simsen.com
There are 6847 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Antonia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3665776361-1376430445-3332247537-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Antonia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Kerstin(1)\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3665776361-1376430445-3332247537-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Kerstin(1)\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\BENJAMIN.ABKM-2012\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3665776361-1376430445-3332247537-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\BENJAMIN.ABKM-2012\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [{C9D242DC-25AF-4AF2-BB94-DAB940B3A60D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3C47A78D-7CCA-4D2E-A2B7-E41DEC3FB628}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{EF2AD903-CA8A-48B8-BA8D-AC8AF551734A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{7E9724D4-BBC2-4F08-A50C-B5CB49993F4A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9597C05A-1907-40A9-B1FA-916B94D1DCED}] => (Allow) LPort=2869
FirewallRules: [{600BA4A8-53A4-488A-A939-FD6B7E5939A7}] => (Allow) LPort=1900
FirewallRules: [{ED91579B-7073-4D88-BAA2-EF8754A652D9}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{388D3D32-53CD-44B6-9323-AB004EF5B290}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8FE7A59D-113B-4438-84C0-B111496F1CD5}] => (Allow) E:\fsetup.exe
FirewallRules: [{95FE17A3-C1D4-4425-88B5-F0028D7C06FF}] => (Allow) E:\fsetup.exe
FirewallRules: [{E759168D-02CB-4F7F-9789-A00E3C4C33ED}] => (Allow) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
FirewallRules: [{0DF8F296-597C-48D1-9378-706B92E8C884}] => (Allow) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
FirewallRules: [{04364AA0-AAC0-4CA3-9F35-373342E92752}] => (Allow) C:\Program Files\FRITZ!DSL\FBOXUPD.EXE
FirewallRules: [{9B275731-692F-439E-AFEB-1BADAB356C7A}] => (Allow) C:\Program Files\FRITZ!DSL\FBOXUPD.EXE
FirewallRules: [{176F6BD2-E313-4ACD-A144-59FD12CB2D72}] => (Allow) C:\Program Files\FRITZ!DSL\WebwaIgd.exe
FirewallRules: [{C2678EC3-1C35-4B04-B92C-D01FF239B191}] => (Allow) C:\Program Files\FRITZ!DSL\WebwaIgd.exe
FirewallRules: [{71DF01A8-3686-4D06-BEF4-56CDDFDB8AD3}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{763B9429-FF6F-4D99-BA7E-7E69B5EC8DB1}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{82F39FD0-930D-404E-8527-E4DE962866CE}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{D1A32A56-F835-4D22-9FB1-43F39DF56B9E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{0F0DEA32-5E0E-476B-B6F1-F125CB2BE877}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{E2F8D7EF-B881-4C99-9F39-22E35427B00C}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{3861C9F6-A5B8-4F20-B2DB-1E495564DB20}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{0500228A-C9AA-4EBD-9AD2-48446376E7F4}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{ADC8774B-A50A-43FC-B580-A6417F7DE597}] => (Allow) LPort=4481
FirewallRules: [{FE9A06C4-46CD-4772-8F35-BA3C46DBE2A1}] => (Allow) LPort=4481
FirewallRules: [{52BB8DF9-6381-4CC4-A793-831E1E6004BE}] => (Allow) LPort=4482
FirewallRules: [{3B34CFC9-0B67-49DC-9234-4E72BE801B5F}] => (Allow) LPort=4482
FirewallRules: [{E455E453-8EF5-4C02-B3B4-421ABC807F65}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{03E17A5A-B0CC-47E9-BAD5-C75A8C7C44B1}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{8DAE088C-D404-415E-8926-2F3507A41FA6}] => (Allow) LPort=4481
FirewallRules: [{568F1D79-2097-4DE4-BAD1-3B94093A530A}] => (Allow) LPort=4481
FirewallRules: [{EFDA4574-D805-45A3-89F3-730FDE578304}] => (Allow) LPort=4482
FirewallRules: [{69B928F6-04A0-4298-9B3C-6B7ACC7A6EC9}] => (Allow) LPort=4482
FirewallRules: [{D2E880E5-AEA1-46ED-898A-6A869E77B66D}] => (Allow) C:\Users\Michael\AppData\Local\Temp\_ISTMP3.DIR\_ISTMP0.DIR\igd_finder.exe
FirewallRules: [{3C4EA169-3582-4139-8D9E-B2289F585402}] => (Allow) C:\Users\Michael\AppData\Local\Temp\_ISTMP3.DIR\_ISTMP0.DIR\igd_finder.exe
FirewallRules: [{25DCF301-824F-4AAC-B756-B424AF758F22}] => (Allow) LPort=5031
FirewallRules: [{017C46D6-584C-4DA9-8532-7E57F5ACFF03}] => (Allow) C:\Users\Michael\AppData\Local\Temp\_ISTMP3.DIR\_INS5576._MP
FirewallRules: [{6C07132D-B959-40B0-A5E1-9381AB7B1C9C}] => (Allow) C:\Users\Michael\AppData\Local\Temp\_ISTMP3.DIR\_INS5576._MP
FirewallRules: [{8B142A97-0976-4D90-9368-DA57B6AAC677}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS5804\HPDiagnosticCoreUI.exe
FirewallRules: [{73889DA0-43A0-46C8-8CE2-901C1480D76B}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS5804\HPDiagnosticCoreUI.exe
FirewallRules: [{12064533-AE2E-4FD1-A04D-84761BD33E69}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS5961\hppiw.exe
FirewallRules: [{76FB54EB-A124-4BBB-BB3B-3FCE364671B7}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS5961\hppiw.exe
FirewallRules: [{12C49088-AC2B-41B3-9A8B-17329787105A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\FaxApplications.exe
FirewallRules: [{7D58C282-6184-40FA-B1E9-B88575459B1A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\DigitalWizards.exe
FirewallRules: [{51E6148A-6E4C-47FF-BA1B-B903F393D5AE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\SendAFax.exe
FirewallRules: [{7D085111-33A0-411D-A569-C9CA20B02D8A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe
FirewallRules: [{6A16B531-25B3-488F-80A0-42725A2DC96D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
FirewallRules: [{7D309AEE-D794-48BE-8F17-4615E3611BCD}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{B6323A56-ED26-4469-B3C2-FC140CE56DB0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{85BCD67E-C592-4F48-8988-FC32AC54D0D9}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{2F0214AC-E971-4A23-A7CA-81578925B65F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{F17E1B7C-2E36-47E8-AD0C-EA00A86910AA}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{2BBE5713-307F-4357-9FCA-95BCD3CBA5FE}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{81C86BF7-1306-48BB-9818-DD02A255512B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{9F570D08-D86B-4AE3-B9B4-C4F87AD1C4DF}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{EEE78BE8-8619-4972-BAD8-1C7F4D12C781}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{3B2F7565-7D7C-4780-8E4D-8743DEF9B36A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
FirewallRules: [{198864CE-CD10-4C99-BED4-2F4776406330}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\PlayMovie.exe
FirewallRules: [{CCBD6139-73A0-4808-941A-6A9AF6C22291}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{835101D6-156A-4027-B96D-9B62E562C48B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{6841C0F7-C1CD-44B5-84D4-4B980436EAA3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{E1732156-0092-4927-BEC2-CC4B98FD19F3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{8F42CF1E-43AE-4340-933F-B5B8B8949180}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{8828AAC2-9F98-41C5-B32B-24283D063037}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D6C4729D-BC9D-4EEE-8AD0-6303381D8574}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B0920B14-F1C9-405B-91FA-D9933AA65A04}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5B174C98-464A-433E-964D-8A5EE9C9E8EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E0957D46-DACD-4A59-AC15-A24D0DCBE9BE}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{92AE468D-DCF2-46CB-9BE5-354E1664C7C8}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{C24C8CBE-BC4D-4E17-A37E-CEA09DFA0A25}] => (Allow) C:\Users\Kerstin(1)\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{620AE8BA-C9EA-419E-94E0-00DECB5E0E06}] => (Allow) C:\Users\Kerstin(1)\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2CD4582C-2903-4A96-9401-AFEEA51CDB50}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{033B7368-8B98-4E99-A12E-5816EF7B5FCE}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{F09D235F-1111-4387-8B6A-CE939F3E0E6A}] => (Allow) C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe
FirewallRules: [{B38F3C9A-2096-469C-A305-21D6861FF3F7}] => (Allow) C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe
FirewallRules: [{F304595D-4C61-4B9A-BCE0-9FE19F073B2C}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Anno4.exe
FirewallRules: [{8CBC0F82-BF4E-4EC0-AC68-E3001567775A}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Anno4.exe
FirewallRules: [{3011FF30-5F17-48F9-8C84-3A4777535953}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Addon.exe
FirewallRules: [{FF96BB1B-558F-4990-91C8-4E4D2FA10254}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Addon.exe
FirewallRules: [{BFADD09D-72E5-4D79-8A44-B9A9645DBE87}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Anno4Web.exe
FirewallRules: [{BD150C6E-CDA3-4003-8A04-D98BE435618B}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Anno4Web.exe
FirewallRules: [{1512ADE2-6EFF-4D45-AD57-E9C5B220CA9D}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\AddonWeb.exe
FirewallRules: [{0130F6AD-FCE5-4E61-AD27-28B65163BFBC}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\AddonWeb.exe
FirewallRules: [{A77FEDFE-05A2-4A41-881B-EA2F378975D5}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Benchmark.exe
FirewallRules: [{A2C7781F-3A84-4476-980A-0B6CB2776ECE}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Benchmark.exe
FirewallRules: [{936CDF9C-21B0-49EC-B52D-F997BC42AABE}] => (Allow) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FCF49220-9855-4FD5-9828-6E734E926362}] => (Allow) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{2A51E31E-0825-4364-93A9-53B3111D4BEE}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{1DB5141C-2C7E-40E7-BD66-913BD4598F23}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{44CE2C93-06B4-46AF-AADB-422B81A0DAFB}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{BBD53D6A-1025-4870-B795-89896280248E}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{5238C553-D394-4075-9D3E-8D225137B983}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CF0DE276-C226-4232-A414-96F068B790DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{0A88D139-9D09-470A-B142-4F89F58DC8DF}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{7676DAC4-29C8-43B0-A342-7F48B24E1E83}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{BF9CF787-F1FD-4435-A239-8C46C3F0CF24}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{EC599DB0-83EE-44E2-B26A-DEBC3D01BEA9}C:\users\antonia\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\antonia\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{CAD62162-5C9A-4470-B683-DAED6BCB517A}C:\users\antonia\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\antonia\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{4A35D0C8-FFFB-40F6-95B1-B55D33815992}C:\users\kerstin(1)\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kerstin(1)\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{8F250A55-1BAA-45AF-A210-774AAC9CD52F}C:\users\kerstin(1)\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kerstin(1)\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{EA8692AD-A1CC-4676-AD47-FC393025FDAF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{1492FE07-7953-40AC-BCAE-81D5DE405213}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{FD22743B-FE4E-416C-97BF-EA8323EC93CF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: Officejet Pro 8500 A910
Description: Officejet Pro 8500 A910
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Officejet Pro 8500 A910
Description: Officejet Pro 8500 A910
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/09/2015 08:47:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/08/2015 05:17:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/08/2015 01:56:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: da8
Startzeit: 01d089841a34ffc9
Endzeit: 4330
Anwendungspfad: C:\Windows\explorer.exe
Berichts-ID: 2898eb48-f579-11e4-85a3-bc05430c7d61
Error: (05/08/2015 01:42:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 127c
Startzeit: 01d089837c06038b
Endzeit: 0
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID: 51183c0b-f577-11e4-85a3-bc05430c7d61
Error: (05/08/2015 01:38:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/08/2015 01:34:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1b58
Startzeit: 01d089828a6581c6
Endzeit: 31729
Anwendungspfad: C:\Windows\explorer.exe
Berichts-ID: 180a6614-f576-11e4-a1ad-bc05430c7d61
Error: (05/08/2015 01:31:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1218
Startzeit: 01d08981da41eb87
Endzeit: 0
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID: c02377cb-f575-11e4-a1ad-bc05430c7d61
Error: (05/08/2015 01:26:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/08/2015 01:19:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1064
Startzeit: 01d0896daae5d564
Endzeit: 60000
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID: e89140fb-f573-11e4-b9d8-bc05430c7d61
Error: (05/08/2015 07:52:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (05/09/2015 10:12:00 AM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "" können nicht gelesen werden.
Error: (05/09/2015 08:52:22 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "HP Network Devices Support" wurde nicht richtig gestartet.
Error: (05/09/2015 08:47:23 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (05/08/2015 05:36:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (05/08/2015 05:19:25 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Acer" den Befehl "chkdsk" aus.
Error: (05/08/2015 05:19:18 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Acer" den Befehl "chkdsk" aus.
Error: (05/08/2015 05:17:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (05/08/2015 05:15:35 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 08.05.2015 um 17:13:24 unerwartet heruntergefahren.
Error: (05/08/2015 04:10:08 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (05/08/2015 01:42:43 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "HP Network Devices Support" wurde nicht richtig gestartet.
Microsoft Office Sessions:
=========================
Error: (05/09/2015 08:47:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/08/2015 05:17:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/08/2015 01:56:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.1.7601.17567da801d089841a34ffc94330C:\Windows\explorer.exe2898eb48-f579-11e4-85a3-bc05430c7d61
Error: (05/08/2015 01:42:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567127c01d089837c06038b0C:\Windows\Explorer.EXE51183c0b-f577-11e4-85a3-bc05430c7d61
Error: (05/08/2015 01:38:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/08/2015 01:34:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.1.7601.175671b5801d089828a6581c631729C:\Windows\explorer.exe180a6614-f576-11e4-a1ad-bc05430c7d61
Error: (05/08/2015 01:31:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567121801d08981da41eb870C:\Windows\Explorer.EXEc02377cb-f575-11e4-a1ad-bc05430c7d61
Error: (05/08/2015 01:26:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/08/2015 01:19:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567106401d0896daae5d56460000C:\Windows\Explorer.EXEe89140fb-f573-11e4-b9d8-bc05430c7d61
Error: (05/08/2015 07:52:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2013-12-30 22:58:28.892
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-30 22:58:28.817
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-30 22:58:26.548
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-30 22:58:26.472
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-30 22:58:24.288
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-30 22:58:24.213
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-30 22:58:22.059
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-30 22:58:21.995
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-30 22:58:19.844
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-30 22:58:19.765
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 62%
Total physical RAM: 4078.01 MB
Available physical RAM: 1547.28 MB
Total Pagefile: 8154.21 MB
Available Pagefile: 4597.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:455.45 GB) (Free:31.73 GB) NTFS
Drive d: (DATA) (Fixed) (Total:455.96 GB) (Free:238.47 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D991B2E7)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=456 GB) - (Type=07 NTFS)
==================== End Of Log ============================
GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-09 15:22:05
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.77.0 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Michael\AppData\Local\Temp\kwloipoc.sys
---- Processes - GMER 2.1 ----
Library c:\users\michael\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd2ysf8.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216](2015-05-09 06:49:46) 0000000002e90000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:24) 0000000005a60000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216] (ICU I18N DLL/The ICU Project)(2015-03-04 21:45:30) 000000004a900000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216] (ICU Common DLL/The ICU Project)(2015-03-04 21:45:30) 0000000005e40000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216] (ICU Data DLL/The ICU Project)(2015-03-04 21:45:30) 000000004ad00000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 0000000064af0000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000006770000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216](2015-03-04 21:45:30) 000000000fb40000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000005fb0000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000006e20000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000000f3c0000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000065230000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000061b60000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216](2015-03-04 21:45:30) 000000000fe10000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 0000000004d20000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000629d0000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000000f2e0000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216](2015-03-04 21:45:30) 0000000004dc0000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4216](2015-03-04 21:45:30) 0000000004ea0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\python27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048] (Python Core/Python Software Foundation)(2015-05-09 06:47:03) 000000001e000000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32api.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:46:59) 000000001e8c0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\pywintypes27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:03) 000000001e7a0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\pythoncom27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:46:59) 0000000000240000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\_socket.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:00) 00000000002b0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\_ssl.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:03) 0000000010000000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32com.shell.shell.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:46:59) 000000001e800000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\_hashlib.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:03) 00000000004a0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._core_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:46:59) 0000000002d10000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\wxbase294u_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048] (wxWidgets for MSW/wxWidgets development team)(2015-05-09 06:47:03) 0000000002e40000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\wxbase294u_net_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048] (wxWidgets for MSW/wxWidgets development team)(2015-05-09 06:47:04) 00000000002e0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\wxmsw294u_core_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048] (wxWidgets for MSW/wxWidgets development team)(2015-05-09 06:47:03) 0000000003030000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\wxmsw294u_adv_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048] (wxWidgets for MSW/wxWidgets development team)(2015-05-09 06:47:04) 00000000034d0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._gdi_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:03) 0000000003610000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._windows_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:03) 0000000003f20000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\wxmsw294u_html_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048] (wxWidgets for MSW/wxWidgets development team)(2015-05-09 06:47:05) 0000000003ff0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._controls_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:02) 00000000042b0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._misc_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:46:58) 00000000043c0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\pysqlite2._sqlite.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:46:59) 0000000004480000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\_elementtree.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:46:59) 000000001d100000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\pyexpat.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:01) 00000000005b0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\_ctypes.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:00) 000000001d1a0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32file.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:00) 000000001ea10000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32security.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:01) 000000001ec80000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\hashobjs_ext.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:03) 0000000000560000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32gui.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:00) 000000001ea40000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32event.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:01) 000000001e9b0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32inet.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:01) 000000001eaa0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32crypt.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:46:58) 000000001e980000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._html2.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:46:59) 0000000000600000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\wxmsw294u_webview_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048] (wxWidgets for MSW/wxWidgets development team)(2015-05-09 06:47:04) 00000000020b0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\_multiprocessing.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:03) 0000000001f90000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\_yappi.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:02) 00000000020d0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32process.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:03) 000000001ebf0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\unicodedata.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:01) 0000000005750000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._wizard.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:46:58) 00000000020e0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32pipe.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:03) 000000001eb90000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\select.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:01) 00000000036e0000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32pdh.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:03) 000000001eb60000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32profile.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:47:01) 000000001ec20000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\win32ts.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:46:59) 000000001ed40000
Library C:\Users\Michael\AppData\Local\Temp\_MEI39002\wx._animate.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [5048](2015-05-09 06:46:59) 00000000036f0000
Library c:\users\michael\appdata\local\temp\7zs5961\hpslpsvc64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [7944] (HP Network Devices Support/Hewlett-Packard Co.)(2013-02-16 20:46:59) 0000000180000000
---- EOF - GMER 2.1 ----
|
|
09.05.2015, 16:08
| #4 |
| /// the machine /// TB-Ausbilder    | Positiver Befall mit 4 Trojanern unter Windows7 #1 Hi, bitte nur ein Thema, und nicht für jeden Post ein neues Thema eröffnen. Logs bitte immer in Codetags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.05.2015, 14:06
| #5 |
| | Positiver Befall mit 4 Trojanern unter Windows7 #1Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.05.10.02
rootkit: v2015.04.21.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17728
yyyyyyy:: xxxxxx [administrator]
10.05.2015 10:04:55
mbar-log-2015-05-10 (10-04-55).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 653413
Time elapsed: 1 hour(s), 27 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 11:39:29.0334 0x2150 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
11:39:33.0807 0x2150 ============================================================
11:39:33.0807 0x2150 Current date / time: 2015/05/10 11:39:33.0807
11:39:33.0807 0x2150 SystemInfo:
11:39:33.0807 0x2150
11:39:33.0807 0x2150 OS Version: 6.1.7601 ServicePack: 1.0
11:39:33.0807 0x2150 Product type: Workstation
11:39:33.0807 0x2150 Windows directory: C:\Windows
11:39:33.0807 0x2150 System windows directory: C:\Windows
11:39:33.0807 0x2150 Running under WOW64
11:39:33.0807 0x2150 Processor architecture: Intel x64
11:39:33.0807 0x2150 Number of processors: 4
11:39:33.0807 0x2150 Page size: 0x1000
11:39:33.0807 0x2150 Boot type: Normal boot
11:39:33.0807 0x2150 ============================================================
11:39:34.0124 0x2150 KLMD registered as C:\Windows\system32\drivers\96751957.sys
11:39:35.0004 0x2150 System UUID: {E43104CE-1868-EBDF-27C7-AD63EED8B051}
11:39:36.0249 0x2150 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:39:36.0260 0x2150 Drive \Device\Harddisk4\DR4 - Size: 0x772800000 ( 29.79 Gb ), SectorSize: 0x200, Cylinders: 0xF30, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:39:36.0262 0x2150 ============================================================
11:39:36.0262 0x2150 \Device\Harddisk0\DR0:
11:39:36.0262 0x2150 MBR partitions:
11:39:36.0262 0x2150 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
11:39:36.0262 0x2150 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x38EE7000
11:39:36.0262 0x2150 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3B719800, BlocksNum 0x38FEC800
11:39:36.0262 0x2150 \Device\Harddisk4\DR4:
11:39:36.0263 0x2150 MBR partitions:
11:39:36.0263 0x2150 \Device\Harddisk4\DR4\Partition1: MBR, Type 0xC, StartLBA 0x880, BlocksNum 0x3B93780
11:39:36.0263 0x2150 ============================================================
11:39:36.0287 0x2150 C: <-> \Device\Harddisk0\DR0\Partition2
11:39:36.0327 0x2150 D: <-> \Device\Harddisk0\DR0\Partition3
11:39:36.0327 0x2150 ============================================================
11:39:36.0327 0x2150 Initialize success
11:39:36.0327 0x2150 ============================================================
11:41:36.0475 0x0e1c ============================================================
11:41:36.0475 0x0e1c Scan started
11:41:36.0475 0x0e1c Mode: Manual; SigCheck; TDLFS;
11:41:36.0475 0x0e1c ============================================================
11:41:36.0475 0x0e1c KSN ping started
11:41:39.0215 0x0e1c KSN ping finished: true
11:41:41.0856 0x0e1c ================ Scan system memory ========================
11:41:41.0856 0x0e1c System memory - ok
11:41:41.0856 0x0e1c ================ Scan services =============================
11:41:42.0046 0x0e1c [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:41:42.0376 0x0e1c 1394ohci - ok
11:41:42.0456 0x0e1c [ CF43E9BAEBD41844856D14DBE9C07CD7, C8DE2166B91F74B50EB20D7B588CC7CAAC29F0427D3012140BB7D56A3F4B3450 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
11:41:42.0566 0x0e1c acedrv11 - ok
11:41:42.0596 0x0e1c [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:41:42.0626 0x0e1c ACPI - ok
11:41:42.0646 0x0e1c [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:41:42.0726 0x0e1c AcpiPmi - ok
11:41:42.0896 0x0e1c [ 982ED373A7701B2FBC2121B30475279D, BB4E38E8AD5E8457DB5D0EE8C781F8064FC044A02FCB2F92587098F131F68888 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
11:41:42.0936 0x0e1c AcrSch2Svc - ok
11:41:43.0016 0x0e1c [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
11:41:43.0066 0x0e1c Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
11:41:45.0836 0x0e1c Detect skipped due to KSN trusted
11:41:45.0836 0x0e1c Adobe LM Service - ok
11:41:45.0896 0x0e1c [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:41:45.0906 0x0e1c AdobeARMservice - ok
11:41:46.0036 0x0e1c [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:41:46.0086 0x0e1c AdobeFlashPlayerUpdateSvc - ok
11:41:46.0136 0x0e1c [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:41:46.0156 0x0e1c adp94xx - ok
11:41:46.0176 0x0e1c [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:41:46.0206 0x0e1c adpahci - ok
11:41:46.0226 0x0e1c [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:41:46.0246 0x0e1c adpu320 - ok
11:41:46.0266 0x0e1c [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:41:46.0496 0x0e1c AeLookupSvc - ok
11:41:46.0546 0x0e1c [ B794DD8ACC5CC76177156463DAB4BEBB, F12580BB586657D517751C7E00D6AF091865254F6145C58ECA57D371FE04DC9F ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
11:41:46.0566 0x0e1c afcdp - ok
11:41:46.0696 0x0e1c [ CD2B244F62BA9C4683597E3EDCB0FBE3, 7B6FD4E9B9D28A56B5A005D0ECF46586914AD3F42984918ADC2CDE27912B104C ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
11:41:46.0796 0x0e1c afcdpsrv - ok
11:41:46.0856 0x0e1c [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
11:41:46.0926 0x0e1c AFD - ok
11:41:46.0946 0x0e1c [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
11:41:46.0976 0x0e1c agp440 - ok
11:41:46.0996 0x0e1c [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
11:41:47.0086 0x0e1c ALG - ok
11:41:47.0136 0x0e1c [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
11:41:47.0146 0x0e1c aliide - ok
11:41:47.0176 0x0e1c [ 4EAAAAB8759644D572522FBCDD196A13, EF1ECE8073B048C2286F639BA76C523B6B267B64447358383C042BD593194350 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:41:47.0256 0x0e1c AMD External Events Utility - ok
11:41:47.0286 0x0e1c [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
11:41:47.0296 0x0e1c amdide - ok
11:41:47.0306 0x0e1c [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:41:47.0356 0x0e1c AmdK8 - ok
11:41:47.0686 0x0e1c [ 22A14DF59FB8D0BE918C597988AF4296, 714BD1BB63D732C6D03DFA1C2D81A2E00659C04052E110F0BF1EB74A7CD39B1C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:41:48.0136 0x0e1c amdkmdag - ok
11:41:48.0176 0x0e1c [ EE22D3ED6D55A855E709F811CCCA97ED, 179F34CF6E0C2F821EBC0AECF09AAA0867616CCBB5EA6B17891860B27D56AC66 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:41:48.0206 0x0e1c amdkmdap - ok
11:41:48.0216 0x0e1c [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
11:41:48.0246 0x0e1c AmdPPM - ok
11:41:48.0286 0x0e1c [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:41:48.0296 0x0e1c amdsata - ok
11:41:48.0316 0x0e1c [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
11:41:48.0336 0x0e1c amdsbs - ok
11:41:48.0346 0x0e1c [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:41:48.0376 0x0e1c amdxata - ok
11:41:48.0546 0x0e1c [ 62A6B0A393591878A1E00224EA698AD7, 691B6E248D0682477543455B67E85C768A4A53A92139E153320ED4E4CED1E010 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
11:41:48.0576 0x0e1c AntiVirMailService - ok
11:41:48.0676 0x0e1c [ F36D18EF1E66F92094AD89D17BEF007C, A5C793B340311CB7A301B77316E1976E3CD7CA9470CE5F1062CB003BCD4C155C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
11:41:48.0716 0x0e1c AntiVirSchedulerService - ok
11:41:48.0796 0x0e1c [ F36D18EF1E66F92094AD89D17BEF007C, A5C793B340311CB7A301B77316E1976E3CD7CA9470CE5F1062CB003BCD4C155C ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
11:41:48.0816 0x0e1c AntiVirService - ok
11:41:48.0906 0x0e1c [ 5B7924A162A604B43FFBEE9384ABE77B, 1A1A836C145BAD330EDC778D4FD18CE737EB10E4B22AE8A39CDDBAAC36B0FF11 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
11:41:48.0936 0x0e1c AntiVirWebService - ok
11:41:48.0976 0x0e1c [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
11:41:49.0016 0x0e1c AppID - ok
11:41:49.0036 0x0e1c [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:41:49.0056 0x0e1c AppIDSvc - ok
11:41:49.0106 0x0e1c [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
11:41:49.0146 0x0e1c Appinfo - ok
11:41:49.0276 0x0e1c [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:41:49.0306 0x0e1c Apple Mobile Device Service - ok
11:41:49.0336 0x0e1c [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
11:41:49.0366 0x0e1c arc - ok
11:41:49.0396 0x0e1c [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:41:49.0406 0x0e1c arcsas - ok
11:41:49.0546 0x0e1c [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:41:49.0596 0x0e1c aspnet_state - ok
11:41:49.0616 0x0e1c [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:41:49.0656 0x0e1c AsyncMac - ok
11:41:49.0716 0x0e1c [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
11:41:49.0726 0x0e1c atapi - ok
11:41:49.0756 0x0e1c [ 437F55435623D4D54D36197F5AD8B435, CE004F1E3299E39AFD70C8618253901614C0F3DBD594B6F0E1BA294C7B47FAD6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
11:41:49.0796 0x0e1c AtiHDAudioService - ok
11:41:49.0856 0x0e1c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:41:49.0936 0x0e1c AudioEndpointBuilder - ok
11:41:49.0966 0x0e1c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:41:49.0986 0x0e1c AudioSrv - ok
11:41:50.0056 0x0e1c [ 00BF66D168E1A7AA7E1C9F458BBA0B34, 3D3C42E87B3649819EED685D93417D61EB84FE39B3F4D4943721AE74026DE11B ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
11:41:50.0086 0x0e1c avgntflt - ok
11:41:50.0146 0x0e1c [ 055D318220DD4593F2A8C8FF83707D36, 93566931D019D4D4C35C3E2E4E9BAF87BEF863E1B40B2B03ED87EF5C28F908DE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
11:41:50.0166 0x0e1c avipbb - ok
11:41:50.0196 0x0e1c [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
11:41:50.0206 0x0e1c avkmgr - ok
11:41:50.0276 0x0e1c [ C6F4C466B654C1BE98AF31418BB5AC30, 62AA4456F8E22A6E508EB44DE4309615057117AAF923C13BBED15AA39630E76B ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
11:41:50.0316 0x0e1c AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic ( 1 )
11:41:52.0847 0x0e1c Detect skipped due to KSN trusted
11:41:52.0847 0x0e1c AVM WLAN Connection Service - ok
11:41:52.0897 0x0e1c [ 1DC2F715792CF33428AD7993ACBD224D, 129FBD517E016914CD61C35894C0B9B2074E680F1EB21201597E5C13CAF4529F ] avmeject C:\Windows\system32\drivers\avmeject.sys
11:41:52.0897 0x0e1c avmeject - ok
11:41:52.0957 0x0e1c [ CE7793573FA4E70033D907DD919FF648, 3785CB15F95DAEA28ADE80A911C58D092499A116761AF9C8356ED0F2D19130E8 ] avmident C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe
11:41:52.0987 0x0e1c avmident - detected UnsignedFile.Multi.Generic ( 1 )
11:41:55.0737 0x0e1c Detect skipped due to KSN trusted
11:41:55.0737 0x0e1c avmident - ok
11:41:55.0807 0x0e1c [ 13253E5E3B6BDF945B63B336A8C9489B, 671C716E43F89D4BDDAA2BE045CDEBBB569C85BC2BA334E1F550187B79A7740D ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys
11:41:55.0827 0x0e1c avnetflt - ok
11:41:55.0877 0x0e1c [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:41:55.0957 0x0e1c AxInstSV - ok
11:41:56.0007 0x0e1c [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
11:41:56.0057 0x0e1c b06bdrv - ok
11:41:56.0087 0x0e1c [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:41:56.0127 0x0e1c b57nd60a - ok
11:41:56.0177 0x0e1c [ 87F3BCF82A63E900AF896CD930BF7E05, A68141E81D0541DDC1863FAC0DDBF0362641B8B0DBE06D645D00CC0DB36B30BB ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
11:41:56.0207 0x0e1c BBSvc - ok
11:41:56.0247 0x0e1c [ 78779EE07231C658B483B1F38B5088DF, 42DE06151DA17C218067CA3A22509BC626CB505F87238E39D024CE29554EF47D ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
11:41:56.0257 0x0e1c BBUpdate - ok
11:41:56.0287 0x0e1c [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
11:41:56.0337 0x0e1c BDESVC - ok
11:41:56.0347 0x0e1c [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
11:41:56.0367 0x0e1c Beep - ok
11:41:56.0407 0x0e1c [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
11:41:56.0487 0x0e1c BFE - ok
11:41:56.0537 0x0e1c [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
11:41:56.0677 0x0e1c BITS - ok
11:41:56.0797 0x0e1c [ 686045905787B68D829CE647A6DFAD2B, 09B925A3E02B3BA45D5D408B59A279D3255AC854B3B696E243DCD14EF18CEC92 ] Blackberry Device Manager C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
11:41:56.0827 0x0e1c Blackberry Device Manager - detected UnsignedFile.Multi.Generic ( 1 )
11:41:59.0327 0x0e1c Detect skipped due to KSN trusted
11:41:59.0327 0x0e1c Blackberry Device Manager - ok
11:41:59.0347 0x0e1c [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
11:41:59.0377 0x0e1c blbdrive - ok
11:41:59.0457 0x0e1c [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:41:59.0487 0x0e1c Bonjour Service - ok
11:41:59.0527 0x0e1c [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:41:59.0567 0x0e1c bowser - ok
11:41:59.0597 0x0e1c [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
11:41:59.0607 0x0e1c BrFiltLo - ok
11:41:59.0617 0x0e1c [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
11:41:59.0627 0x0e1c BrFiltUp - ok
11:41:59.0677 0x0e1c [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
11:41:59.0737 0x0e1c Browser - ok
11:41:59.0737 0x0e1c [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:41:59.0787 0x0e1c Brserid - ok
11:41:59.0787 0x0e1c [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:41:59.0797 0x0e1c BrSerWdm - ok
11:41:59.0807 0x0e1c [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:41:59.0827 0x0e1c BrUsbMdm - ok
11:41:59.0827 0x0e1c [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:41:59.0857 0x0e1c BrUsbSer - ok
11:41:59.0857 0x0e1c [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:41:59.0877 0x0e1c BTHMODEM - ok
11:41:59.0907 0x0e1c [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
11:41:59.0937 0x0e1c bthserv - ok
11:42:00.0067 0x0e1c [ 1F79342D9EB530A48742F651E570983A, 99E0B613C23FA8591E248DFA6FF2D3EE19E262BE6E070A0E43E256B69687017F ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
11:42:00.0117 0x0e1c c2cautoupdatesvc - ok
11:42:00.0197 0x0e1c [ E4938E0A376CF0B9D989EE5C0A146891, 9DF6AB5781CD60862D9664CA9A8AF0696A1FB6D09D804CD8DE9630F40DE59E90 ] c2cpnrsvc C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
11:42:00.0257 0x0e1c c2cpnrsvc - ok
11:42:00.0267 0x0e1c [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:42:00.0297 0x0e1c cdfs - ok
11:42:00.0327 0x0e1c [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:42:00.0357 0x0e1c cdrom - ok
11:42:00.0387 0x0e1c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
11:42:00.0417 0x0e1c CertPropSvc - ok
11:42:00.0427 0x0e1c [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
11:42:00.0447 0x0e1c circlass - ok
11:42:00.0497 0x0e1c [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
11:42:00.0527 0x0e1c CLFS - ok
11:42:00.0587 0x0e1c [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:42:00.0617 0x0e1c clr_optimization_v2.0.50727_32 - ok
11:42:00.0687 0x0e1c [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:42:00.0697 0x0e1c clr_optimization_v2.0.50727_64 - ok
11:42:00.0797 0x0e1c [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:42:00.0827 0x0e1c clr_optimization_v4.0.30319_32 - ok
11:42:00.0847 0x0e1c [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:42:00.0957 0x0e1c clr_optimization_v4.0.30319_64 - ok
11:42:00.0967 0x0e1c [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
11:42:00.0997 0x0e1c CmBatt - ok
11:42:01.0017 0x0e1c [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:42:01.0027 0x0e1c cmdide - ok
11:42:01.0077 0x0e1c [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
11:42:01.0107 0x0e1c CNG - ok
11:42:01.0127 0x0e1c [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
11:42:01.0137 0x0e1c Compbatt - ok
11:42:01.0157 0x0e1c [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:42:01.0187 0x0e1c CompositeBus - ok
11:42:01.0207 0x0e1c COMSysApp - ok
11:42:01.0217 0x0e1c [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:42:01.0247 0x0e1c crcdisk - ok
11:42:01.0277 0x0e1c [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:42:01.0317 0x0e1c CryptSvc - ok
11:42:01.0357 0x0e1c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:42:01.0407 0x0e1c DcomLaunch - ok
11:42:01.0437 0x0e1c [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
11:42:01.0507 0x0e1c defragsvc - ok
11:42:01.0537 0x0e1c [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:42:01.0587 0x0e1c DfsC - ok
11:42:01.0637 0x0e1c [ 30710AEFCE721CEEE0F35EB6A01C263C, FB062EC86474D38BBC38E11E2618A9505001C287430B495C482977BBE58017C8 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
11:42:01.0647 0x0e1c dg_ssudbus - ok
11:42:01.0677 0x0e1c [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
11:42:01.0737 0x0e1c Dhcp - ok
11:42:01.0847 0x0e1c [ 614D2BFDCD6EEB88EA136C0F4C9B0075, 7DDD878A5BF7C72561DCA2865E29F7D4E2DB2C4E912C2963F2515D252ADC1FC9 ] DirMngr C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
11:42:01.0867 0x0e1c DirMngr - detected UnsignedFile.Multi.Generic ( 1 )
11:42:04.0388 0x0e1c Detect skipped due to KSN trusted
11:42:04.0388 0x0e1c DirMngr - ok
11:42:04.0398 0x0e1c [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
11:42:04.0438 0x0e1c discache - ok
11:42:04.0468 0x0e1c [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
11:42:04.0488 0x0e1c Disk - ok
11:42:04.0508 0x0e1c [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:42:04.0548 0x0e1c Dnscache - ok
11:42:04.0568 0x0e1c [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
11:42:04.0608 0x0e1c dot3svc - ok
11:42:04.0628 0x0e1c [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
11:42:04.0658 0x0e1c DPS - ok
11:42:04.0698 0x0e1c [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:42:04.0718 0x0e1c drmkaud - ok
11:42:04.0768 0x0e1c [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:42:04.0808 0x0e1c DXGKrnl - ok
11:42:04.0878 0x0e1c [ 1BEF2C2E229452EC49FFE5A27283341D, 7010273570BD38E578FCF1DD2EB00C21E8FA3504CE2342AEE3755F6EFC4581E9 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
11:42:04.0898 0x0e1c e1cexpress - ok
11:42:04.0908 0x0e1c [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
11:42:04.0958 0x0e1c EapHost - ok
11:42:05.0058 0x0e1c [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
11:42:05.0208 0x0e1c ebdrv - ok
11:42:05.0238 0x0e1c [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] EFS C:\Windows\System32\lsass.exe
11:42:05.0278 0x0e1c EFS - ok
11:42:05.0328 0x0e1c [ 18DD872DD46ACB24E106DC2C9C270466, 7531A880DE4EFA08828B7927A687A10B71BA272C9E88631ED39EAE42E2FF9AD2 ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
11:42:05.0368 0x0e1c EgisTec Ticket Service - ok
11:42:05.0438 0x0e1c [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:42:05.0508 0x0e1c ehRecvr - ok
11:42:05.0528 0x0e1c [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
11:42:05.0568 0x0e1c ehSched - ok
11:42:05.0608 0x0e1c [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:42:05.0628 0x0e1c elxstor - ok
11:42:05.0628 0x0e1c [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:42:05.0648 0x0e1c ErrDev - ok
11:42:05.0688 0x0e1c [ E10EC316FBA637E824C76ECEFA1C2526, 942CFE98118133921D6CF8D56540F824694427B2E6FE1A44B581192A08FE8443 ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
11:42:05.0728 0x0e1c EtronHub3 - ok
11:42:05.0758 0x0e1c [ 1520F844CC40D1B9C830AEC1AE963182, E43406B8278E21B5AA5AE03787888E0540F03913ECF76EC5F175D4B39FB79B07 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
11:42:05.0768 0x0e1c EtronXHCI - ok
11:42:05.0808 0x0e1c [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
11:42:05.0878 0x0e1c EventSystem - ok
11:42:05.0898 0x0e1c [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
11:42:05.0928 0x0e1c exfat - ok
11:42:05.0938 0x0e1c [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:42:05.0988 0x0e1c fastfat - ok
11:42:06.0018 0x0e1c [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
11:42:06.0048 0x0e1c Fax - ok
11:42:06.0058 0x0e1c [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
11:42:06.0068 0x0e1c fdc - ok
11:42:06.0088 0x0e1c [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
11:42:06.0138 0x0e1c fdPHost - ok
11:42:06.0158 0x0e1c [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
11:42:06.0208 0x0e1c FDResPub - ok
11:42:06.0228 0x0e1c [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:42:06.0238 0x0e1c FileInfo - ok
11:42:06.0248 0x0e1c [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:42:06.0298 0x0e1c Filetrace - ok
11:42:06.0298 0x0e1c [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
11:42:06.0308 0x0e1c flpydisk - ok
11:42:06.0328 0x0e1c [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:42:06.0338 0x0e1c FltMgr - ok
11:42:06.0368 0x0e1c [ D4463A74E1BFBF3FB9B4FC6CF5390152, 88797B2C3AA5AF8F8A4FF1E25B23D9947A687EB6B4286C9A1F81177244664A58 ] fltsrv C:\Windows\system32\DRIVERS\fltsrv.sys
11:42:06.0378 0x0e1c fltsrv - ok
11:42:06.0458 0x0e1c [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
11:42:06.0538 0x0e1c FontCache - ok
11:42:06.0588 0x0e1c [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:42:06.0628 0x0e1c FontCache3.0.0.0 - ok
11:42:06.0648 0x0e1c [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:42:06.0658 0x0e1c FsDepends - ok
11:42:06.0748 0x0e1c [ DDEE99DC54EFA20BD5A442CD733C4462, 941D6C5D91F6419198F1A53BF7D33AA2D9118CEAC028B6ED8E5308751810B9B5 ] FsUsbExDisk C:\Windows\SysWOW64\FsUsbExDisk.SYS
11:42:06.0788 0x0e1c FsUsbExDisk - detected UnsignedFile.Multi.Generic ( 1 )
11:42:09.0298 0x0e1c Detect skipped due to KSN trusted
11:42:09.0298 0x0e1c FsUsbExDisk - ok
11:42:09.0338 0x0e1c [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:42:09.0358 0x0e1c Fs_Rec - ok
11:42:09.0418 0x0e1c [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:42:09.0438 0x0e1c fvevol - ok
11:42:09.0468 0x0e1c [ 444534CBA693DD23C1CC589681E01656, DF8ED7FFA66E0A88EBB58A491A177D8CEB35B08B0911D7A1F4B8865755DC27CE ] FWLANUSB C:\Windows\system32\DRIVERS\fwlanusb.sys
11:42:09.0528 0x0e1c FWLANUSB - ok
11:42:09.0588 0x0e1c [ 15585492E45E2F30768B2D5B57929D99, C5E6A943C78AAFE10FD9C913324083DD4B3D2F1D998A38C8B69FDEAF22246527 ] fwlanusbn C:\Windows\system32\DRIVERS\fwlanusbn.sys
11:42:09.0668 0x0e1c fwlanusbn - ok
11:42:09.0708 0x0e1c [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:42:09.0718 0x0e1c gagp30kx - ok
11:42:09.0768 0x0e1c [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
11:42:09.0798 0x0e1c GamesAppService - ok
11:42:09.0908 0x0e1c [ 805DAC448BEBDA900BF5520AB27D9616, C0A2935C75EC4B3D860E68ABAE6756D6D4B31BA9AFD742FF9C0B6ED11BEFD163 ] Garmin Device Interaction Service C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
11:42:09.0958 0x0e1c Garmin Device Interaction Service - ok
11:42:09.0988 0x0e1c [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:42:09.0998 0x0e1c GEARAspiWDM - ok
11:42:10.0038 0x0e1c [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
11:42:10.0098 0x0e1c gpsvc - ok
11:42:10.0148 0x0e1c [ C9B2D1D3F86FD3673EF847DEF73B6F9E, 9D3822A6464F685F770F8D02A8AE623A676888F135E8425C3BAF1CC077429A7F ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
11:42:10.0168 0x0e1c GREGService - ok
11:42:10.0218 0x0e1c [ B9893A68032A6D9ADDB5B98287C630F7, F0280764D7B31F1EA634E91397229B1C064A7C1B3A77A6BBD123CEA74180789F ] grmnusb C:\Windows\system32\drivers\grmnusb.sys
11:42:10.0228 0x0e1c grmnusb - ok
11:42:10.0278 0x0e1c [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:42:10.0278 0x0e1c gupdate - ok
11:42:10.0288 0x0e1c [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:42:10.0298 0x0e1c gupdatem - ok
11:42:10.0368 0x0e1c [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:42:10.0398 0x0e1c gusvc - ok
11:42:10.0428 0x0e1c [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:42:10.0468 0x0e1c hcw85cir - ok
11:42:10.0498 0x0e1c [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:42:10.0538 0x0e1c HdAudAddService - ok
11:42:10.0568 0x0e1c [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:42:10.0598 0x0e1c HDAudBus - ok
11:42:10.0608 0x0e1c [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
11:42:10.0648 0x0e1c HidBatt - ok
11:42:10.0658 0x0e1c [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:42:10.0678 0x0e1c HidBth - ok
11:42:10.0678 0x0e1c [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
11:42:10.0698 0x0e1c HidIr - ok
11:42:10.0728 0x0e1c [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
11:42:10.0768 0x0e1c hidserv - ok
11:42:10.0828 0x0e1c [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:42:10.0858 0x0e1c HidUsb - ok
11:42:10.0878 0x0e1c [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:42:10.0908 0x0e1c hkmsvc - ok
11:42:10.0938 0x0e1c [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:42:10.0988 0x0e1c HomeGroupListener - ok
11:42:11.0018 0x0e1c [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:42:11.0068 0x0e1c HomeGroupProvider - ok
11:42:11.0078 0x0e1c [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:42:11.0098 0x0e1c HpSAMD - ok
11:42:11.0408 0x0e1c [ F37882F128EFACEFE353E0BAE2766909, 2F9D21613500F092DFC0DB879180B549EE615D9B07408A5CC1A7F84663B2F47A ] HPSLPSVC C:\Users\Michael\AppData\Local\Temp\7zS5961\hpslpsvc64.dll
11:42:11.0458 0x0e1c HPSLPSVC - detected UnsignedFile.Multi.Generic ( 1 )
11:42:13.0989 0x0e1c Detect skipped due to KSN trusted
11:42:13.0989 0x0e1c HPSLPSVC - ok
11:42:14.0129 0x0e1c [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:42:14.0199 0x0e1c HTTP - ok
11:42:14.0229 0x0e1c [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:42:14.0239 0x0e1c hwpolicy - ok
11:42:14.0259 0x0e1c [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:42:14.0289 0x0e1c i8042prt - ok
11:42:14.0329 0x0e1c [ D7921D5A870B11CC1ADAB198A519D50A, 5DF99EB5D5504E9D9EB21658E8B4A58DEE2AD143A1875DB7F9B7BF4877FCB57F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
11:42:14.0349 0x0e1c iaStor - ok
11:42:14.0419 0x0e1c [ 8FFF9083252C16FE3960173722605E9E, 6546FDA34B9AF94C5E86E5269BBC2F02F1E78D6D4BE5B5EC01F4B284CC934994 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
11:42:14.0419 0x0e1c IAStorDataMgrSvc - ok
11:42:14.0459 0x0e1c [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:42:14.0479 0x0e1c iaStorV - ok
11:42:14.0579 0x0e1c [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:42:14.0629 0x0e1c idsvc - ok
11:42:14.0669 0x0e1c IEEtwCollectorService - ok
11:42:14.0749 0x0e1c [ AC9EBDE25DB39A35E1CEB0441BA7A464, 6C53EC55E8FB4B23FE418613DC3458B4E0D2828304A478D57D992A3048899435 ] IGDCTRL C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
11:42:14.0759 0x0e1c IGDCTRL - ok
11:42:14.0769 0x0e1c [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:42:14.0779 0x0e1c iirsp - ok
11:42:14.0829 0x0e1c [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
11:42:14.0889 0x0e1c IKEEXT - ok
11:42:14.0979 0x0e1c [ 82D0C8C47F6A52B695F405661D1DF50E, 338894EC24CB4D04926DDB2A7E4281D8F0FDBC5E491ACB38132899CA8AA1A608 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:42:15.0099 0x0e1c IntcAzAudAddService - ok
11:42:15.0129 0x0e1c [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
11:42:15.0139 0x0e1c intelide - ok
11:42:15.0159 0x0e1c [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:42:15.0189 0x0e1c intelppm - ok
11:42:15.0209 0x0e1c [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:42:15.0259 0x0e1c IPBusEnum - ok
11:42:15.0279 0x0e1c [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:42:15.0329 0x0e1c IpFilterDriver - ok
11:42:15.0369 0x0e1c [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:42:15.0429 0x0e1c iphlpsvc - ok
11:42:15.0439 0x0e1c [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:42:15.0469 0x0e1c IPMIDRV - ok
11:42:15.0489 0x0e1c [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:42:15.0529 0x0e1c IPNAT - ok
11:42:15.0639 0x0e1c [ 87F8EDF63C97BF0BF21359A3D8ABF0C7, BAAAE1DE50EBD1BCE46F33C5F3A7F3C39F61AB21416D78DAA7F8A19F38F67269 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:42:15.0659 0x0e1c iPod Service - ok
11:42:15.0679 0x0e1c [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:42:15.0699 0x0e1c IRENUM - ok
11:42:15.0709 0x0e1c [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:42:15.0729 0x0e1c isapnp - ok
11:42:15.0769 0x0e1c [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:42:15.0789 0x0e1c iScsiPrt - ok
11:42:15.0809 0x0e1c [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:42:15.0829 0x0e1c kbdclass - ok
11:42:15.0839 0x0e1c [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
11:42:15.0869 0x0e1c kbdhid - ok
11:42:15.0899 0x0e1c [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] KeyIso C:\Windows\system32\lsass.exe
11:42:15.0909 0x0e1c KeyIso - ok
11:42:15.0929 0x0e1c [ 063C09DB965E3DFD6F4F08416F6DB8F5, 0BE015C59288397536B3941BA55EFE0CF06714BC43FF3A33A1D844B4E0F16097 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:42:15.0939 0x0e1c KSecDD - ok
11:42:15.0959 0x0e1c [ 1FA627E63195BF3BF636BFEF0D7190D4, 794456605303F4916E81BE899E0B05CB070094E719ADA8BE8072A761E35CA8E9 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:42:15.0989 0x0e1c KSecPkg - ok
11:42:15.0999 0x0e1c [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:42:16.0029 0x0e1c ksthunk - ok
11:42:16.0059 0x0e1c [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
11:42:16.0099 0x0e1c KtmRm - ok
11:42:16.0139 0x0e1c [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
11:42:16.0189 0x0e1c LanmanServer - ok
11:42:16.0209 0x0e1c [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:42:16.0259 0x0e1c LanmanWorkstation - ok
11:42:16.0299 0x0e1c [ B705C7097F9A0EC941D02DCE7C7D426C, 1A137BEA25BF7BA1EF190212CD6E556B53293D6388E9F7E790BF53F641F3CF89 ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
11:42:16.0309 0x0e1c Live Updater Service - ok
11:42:16.0329 0x0e1c [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:42:16.0369 0x0e1c lltdio - ok
11:42:16.0399 0x0e1c [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:42:16.0449 0x0e1c lltdsvc - ok
11:42:16.0469 0x0e1c [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:42:16.0509 0x0e1c lmhosts - ok
11:42:16.0549 0x0e1c [ 2ED1786B7542CDA261029F6B526EDF44, C6131B65B045EF5B4F62CF6CF089DF0921BA6A8EFC83BCBA45D5DDE78E9D78E2 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
11:42:16.0559 0x0e1c LMS - ok
11:42:16.0599 0x0e1c [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:42:16.0609 0x0e1c LSI_FC - ok
11:42:16.0619 0x0e1c [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:42:16.0629 0x0e1c LSI_SAS - ok
11:42:16.0649 0x0e1c [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
11:42:16.0659 0x0e1c LSI_SAS2 - ok
11:42:16.0659 0x0e1c [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:42:16.0679 0x0e1c LSI_SCSI - ok
11:42:16.0699 0x0e1c [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
11:42:16.0729 0x0e1c luafv - ok
11:42:16.0769 0x0e1c [ 1E9E32AEC3E1EB1B31B8169F33168B56, 39114585E1FDBBA31E1F781C6A627281907183F94626EB347B08D1F78992ED2A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
11:42:16.0799 0x0e1c MBAMProtector - ok
11:42:16.0879 0x0e1c [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
11:42:16.0929 0x0e1c MBAMService - ok
11:42:16.0959 0x0e1c [ F49FB3C88E263AE9A246593B0BB29294, FB53D6FA4A98B98334DCFF81E40712265256D31A9E9FF36022887BABD50F39EB ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
11:42:16.0969 0x0e1c MBAMWebAccessControl - ok
11:42:16.0979 0x0e1c [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:42:17.0009 0x0e1c Mcx2Svc - ok
11:42:17.0029 0x0e1c [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
11:42:17.0039 0x0e1c megasas - ok
11:42:17.0069 0x0e1c [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
11:42:17.0089 0x0e1c MegaSR - ok
11:42:17.0119 0x0e1c [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
11:42:17.0129 0x0e1c MEIx64 - ok
|
|
10.05.2015, 14:07
| #6 |
| | Positiver Befall mit 4 Trojanern unter Windows7 #1Code:
ATTFilter 11:42:17.0189 0x0e1c Microsoft SharePoint Workspace Audit Service - ok
11:42:17.0219 0x0e1c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
11:42:17.0269 0x0e1c MMCSS - ok
11:42:17.0289 0x0e1c [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
11:42:17.0319 0x0e1c Modem - ok
11:42:17.0349 0x0e1c [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:42:17.0359 0x0e1c monitor - ok
11:42:17.0369 0x0e1c [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:42:17.0379 0x0e1c mouclass - ok
11:42:17.0409 0x0e1c [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\drivers\mouhid.sys
11:42:17.0429 0x0e1c mouhid - ok
11:42:17.0469 0x0e1c [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:42:17.0479 0x0e1c mountmgr - ok
11:42:17.0539 0x0e1c [ 03D14BF1DC59130002F6B8BA3AD89DB9, 1729CCD8AAF51CDB86ED67569974D0B6B1CFFA5F90EF6E6004B0D8A305D88C27 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:42:17.0599 0x0e1c MozillaMaintenance - ok
11:42:17.0619 0x0e1c [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
11:42:17.0639 0x0e1c mpio - ok
11:42:17.0659 0x0e1c [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:42:17.0689 0x0e1c mpsdrv - ok
11:42:17.0709 0x0e1c [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:42:17.0779 0x0e1c MpsSvc - ok
11:42:17.0809 0x0e1c [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:42:17.0849 0x0e1c MRxDAV - ok
11:42:17.0869 0x0e1c [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:42:17.0919 0x0e1c mrxsmb - ok
11:42:17.0939 0x0e1c [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:42:17.0959 0x0e1c mrxsmb10 - ok
11:42:17.0969 0x0e1c [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:42:17.0999 0x0e1c mrxsmb20 - ok
11:42:18.0019 0x0e1c [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
11:42:18.0029 0x0e1c msahci - ok
11:42:18.0079 0x0e1c [ 41FB1D61DF09C36CCAB0B04EEC66F6D5, C6D0F6B8429656C56A142F95AF0B4A85DD4B78A735664C8775F49C3B04C564B7 ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
11:42:18.0089 0x0e1c MSCamSvc - ok
11:42:18.0119 0x0e1c [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:42:18.0149 0x0e1c msdsm - ok
11:42:18.0169 0x0e1c [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
11:42:18.0199 0x0e1c MSDTC - ok
11:42:18.0219 0x0e1c [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:42:18.0269 0x0e1c Msfs - ok
11:42:18.0289 0x0e1c [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:42:18.0329 0x0e1c mshidkmdf - ok
11:42:18.0369 0x0e1c [ BB590070D606AE6F008341FC9A7B2AD7, CF1073A093E679C5BCA19681789FBB85A8286E356F2C0609E0B446DF65A86E29 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
11:42:18.0379 0x0e1c MSHUSBVideo - ok
11:42:18.0389 0x0e1c [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:42:18.0399 0x0e1c msisadrv - ok
11:42:18.0429 0x0e1c [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:42:18.0459 0x0e1c MSiSCSI - ok
11:42:18.0459 0x0e1c msiserver - ok
11:42:18.0479 0x0e1c [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:42:18.0509 0x0e1c MSKSSRV - ok
11:42:18.0519 0x0e1c [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:42:18.0549 0x0e1c MSPCLOCK - ok
11:42:18.0549 0x0e1c [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:42:18.0579 0x0e1c MSPQM - ok
11:42:18.0589 0x0e1c [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:42:18.0609 0x0e1c MsRPC - ok
11:42:18.0609 0x0e1c [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:42:18.0619 0x0e1c mssmbios - ok
11:42:18.0619 0x0e1c [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:42:18.0659 0x0e1c MSTEE - ok
11:42:18.0659 0x0e1c [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
11:42:18.0669 0x0e1c MTConfig - ok
11:42:18.0689 0x0e1c [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
11:42:18.0699 0x0e1c Mup - ok
11:42:18.0719 0x0e1c [ C009123B206C56854F4E88596035231D, 670403A40B425F77C90ECB048A0C8BC11FB19E40A8CECC2C3DCF79175B745863 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
11:42:18.0739 0x0e1c mwlPSDFilter - ok
11:42:18.0769 0x0e1c [ BF3739EEB9F008B1DEBAC115089A53F8, 8546AB69087656259BBE17D6F80F4AB164B04171673CE2BF9FFD1B5C9584E9A4 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
11:42:18.0779 0x0e1c mwlPSDNServ - ok
11:42:18.0799 0x0e1c [ 38DD143D95E7A01B86F219DDA9C28779, 5FA8C0595CCF835DBCE1CC5322E8FD4BFB6DFB6CF869BB7CB73F919445D469AA ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
11:42:18.0809 0x0e1c mwlPSDVDisk - ok
11:42:18.0839 0x0e1c [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
11:42:18.0889 0x0e1c napagent - ok
11:42:18.0929 0x0e1c [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:42:18.0949 0x0e1c NativeWifiP - ok
11:42:19.0019 0x0e1c [ E59AFB64C2F6E0C99350E1C944C75088, 10A9044192D0A83857A57286EABB05037922860483DA2B05AFCC485A8311E4EF ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
11:42:19.0039 0x0e1c NAUpdate - ok
11:42:19.0099 0x0e1c [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
11:42:19.0119 0x0e1c NDIS - ok
11:42:19.0129 0x0e1c [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:42:19.0169 0x0e1c NdisCap - ok
11:42:19.0199 0x0e1c [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:42:19.0259 0x0e1c NdisTapi - ok
11:42:19.0289 0x0e1c [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:42:19.0319 0x0e1c Ndisuio - ok
11:42:19.0329 0x0e1c [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:42:19.0359 0x0e1c NdisWan - ok
11:42:19.0369 0x0e1c [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:42:19.0389 0x0e1c NDProxy - ok
11:42:19.0409 0x0e1c [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:42:19.0429 0x0e1c NetBIOS - ok
11:42:19.0449 0x0e1c [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:42:19.0489 0x0e1c NetBT - ok
11:42:19.0519 0x0e1c [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] Netlogon C:\Windows\system32\lsass.exe
11:42:19.0539 0x0e1c Netlogon - ok
11:42:19.0569 0x0e1c [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
11:42:19.0619 0x0e1c Netman - ok
11:42:19.0729 0x0e1c [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:42:19.0799 0x0e1c NetMsmqActivator - ok
11:42:19.0819 0x0e1c [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:42:19.0829 0x0e1c NetPipeActivator - ok
11:42:19.0839 0x0e1c [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
11:42:19.0919 0x0e1c netprofm - ok
11:42:19.0959 0x0e1c [ B72BB9496A126FCFC7FC5945DED9B411, FA5CC4E93761FB2B59B9B34C699B1486560BDB39280AB1125DE42DB7C4BE303A ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
11:42:20.0009 0x0e1c netr28x - ok
11:42:20.0029 0x0e1c [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:42:20.0039 0x0e1c NetTcpActivator - ok
11:42:20.0039 0x0e1c [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:42:20.0049 0x0e1c NetTcpPortSharing - ok
11:42:20.0069 0x0e1c [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:42:20.0079 0x0e1c nfrd960 - ok
11:42:20.0109 0x0e1c [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
11:42:20.0139 0x0e1c NlaSvc - ok
11:42:20.0249 0x0e1c [ 5839A8027D6D324A7CD494051A96628C, 474F2D0BB463ABE68D7C4D2C630860AED4B722EC62C616C91EE00AA965378382 ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
11:42:20.0319 0x0e1c NOBU - ok
11:42:20.0389 0x0e1c [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] NPF C:\Windows\system32\drivers\npf.sys
11:42:20.0399 0x0e1c NPF - ok
11:42:20.0419 0x0e1c [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:42:20.0459 0x0e1c Npfs - ok
11:42:20.0469 0x0e1c [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
11:42:20.0509 0x0e1c nsi - ok
11:42:20.0529 0x0e1c [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:42:20.0569 0x0e1c nsiproxy - ok
11:42:20.0639 0x0e1c [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:42:20.0709 0x0e1c Ntfs - ok
11:42:20.0729 0x0e1c [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
11:42:20.0769 0x0e1c Null - ok
11:42:20.0799 0x0e1c [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:42:20.0819 0x0e1c nvraid - ok
11:42:20.0859 0x0e1c [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:42:20.0879 0x0e1c nvstor - ok
11:42:20.0899 0x0e1c [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:42:20.0909 0x0e1c nv_agp - ok
11:42:21.0079 0x0e1c [ 5239571EC40C990C6FC4B03685D56777, DF252AF0ACB2E3792892E4589F06ECE09F4B6EECE7CCBBD0E438BBB8B7FB472C ] OfficeSvc C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
11:42:21.0139 0x0e1c OfficeSvc - ok
11:42:21.0149 0x0e1c [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:42:21.0179 0x0e1c ohci1394 - ok
11:42:21.0260 0x0e1c [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:42:21.0290 0x0e1c ose - ok
11:42:21.0480 0x0e1c [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:42:21.0590 0x0e1c osppsvc - ok
11:42:21.0630 0x0e1c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:42:21.0670 0x0e1c p2pimsvc - ok
11:42:21.0710 0x0e1c [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
11:42:21.0760 0x0e1c p2psvc - ok
11:42:21.0770 0x0e1c [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
11:42:21.0810 0x0e1c Parport - ok
11:42:21.0830 0x0e1c [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:42:21.0840 0x0e1c partmgr - ok
11:42:21.0880 0x0e1c [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:42:21.0930 0x0e1c PcaSvc - ok
11:42:21.0950 0x0e1c [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
11:42:21.0970 0x0e1c pci - ok
11:42:21.0990 0x0e1c [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
11:42:22.0000 0x0e1c pciide - ok
11:42:22.0020 0x0e1c [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
11:42:22.0040 0x0e1c pcmcia - ok
11:42:22.0050 0x0e1c [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
11:42:22.0060 0x0e1c pcw - ok
11:42:22.0170 0x0e1c [ 20372BE109FEE1C37E2D5216680DB9EB, 2C3737FB3C6BCF81D0A7293667412DDEA649A8AEA40B7ADCFCB9893E8B3C4AF3 ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
11:42:22.0200 0x0e1c PDF Architect Helper Service - ok
11:42:22.0250 0x0e1c [ B90A279073A815A4AA2C45A09EE004FA, 9EA27630C47F5FF99CBBE513C113F3ED01FABA0D59B9D9637764027BCC6EA24A ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
11:42:22.0270 0x0e1c PDF Architect Service - ok
11:42:22.0310 0x0e1c [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:42:22.0340 0x0e1c PEAUTH - ok
11:42:22.0440 0x0e1c [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:42:22.0480 0x0e1c PerfHost - ok
11:42:22.0550 0x0e1c [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
11:42:22.0660 0x0e1c pla - ok
11:42:22.0700 0x0e1c [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:42:22.0730 0x0e1c PlugPlay - ok
11:42:22.0740 0x0e1c [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:42:22.0770 0x0e1c PNRPAutoReg - ok
11:42:22.0800 0x0e1c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:42:22.0820 0x0e1c PNRPsvc - ok
11:42:22.0840 0x0e1c [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:42:22.0900 0x0e1c PolicyAgent - ok
11:42:22.0930 0x0e1c [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
11:42:22.0960 0x0e1c Power - ok
11:42:22.0980 0x0e1c [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:42:23.0020 0x0e1c PptpMiniport - ok
11:42:23.0040 0x0e1c [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
11:42:23.0050 0x0e1c Processor - ok
11:42:23.0090 0x0e1c [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
11:42:23.0130 0x0e1c ProfSvc - ok
11:42:23.0150 0x0e1c [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:42:23.0160 0x0e1c ProtectedStorage - ok
11:42:23.0170 0x0e1c [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:42:23.0220 0x0e1c Psched - ok
11:42:23.0260 0x0e1c [ 543A4EF0923BF70D126625B034EF25AF, 9CC82C5221F11850419A796D48D5452B3DEE0C8E8E85A818F4AAA869673F9740 ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
11:42:23.0270 0x0e1c PSI_SVC_2 - ok
11:42:23.0340 0x0e1c [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:42:23.0410 0x0e1c ql2300 - ok
11:42:23.0450 0x0e1c [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:42:23.0470 0x0e1c ql40xx - ok
11:42:23.0490 0x0e1c [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
11:42:23.0520 0x0e1c QWAVE - ok
11:42:23.0530 0x0e1c [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:42:23.0540 0x0e1c QWAVEdrv - ok
11:42:23.0560 0x0e1c [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:42:23.0600 0x0e1c RasAcd - ok
11:42:23.0630 0x0e1c [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:42:23.0660 0x0e1c RasAgileVpn - ok
11:42:23.0680 0x0e1c [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
11:42:23.0710 0x0e1c RasAuto - ok
11:42:23.0730 0x0e1c [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:42:23.0770 0x0e1c Rasl2tp - ok
11:42:23.0810 0x0e1c [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
11:42:23.0840 0x0e1c RasMan - ok
11:42:23.0860 0x0e1c [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:42:23.0920 0x0e1c RasPppoe - ok
11:42:23.0960 0x0e1c [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:42:24.0000 0x0e1c RasSstp - ok
11:42:24.0030 0x0e1c [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:42:24.0070 0x0e1c rdbss - ok
11:42:24.0080 0x0e1c [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
11:42:24.0110 0x0e1c rdpbus - ok
11:42:24.0130 0x0e1c [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:42:24.0170 0x0e1c RDPCDD - ok
11:42:24.0200 0x0e1c [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:42:24.0240 0x0e1c RDPENCDD - ok
11:42:24.0260 0x0e1c [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:42:24.0290 0x0e1c RDPREFMP - ok
11:42:24.0410 0x0e1c [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
11:42:24.0450 0x0e1c RdpVideoMiniport - ok
11:42:24.0480 0x0e1c [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:42:24.0500 0x0e1c RDPWD - ok
11:42:24.0530 0x0e1c [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:42:24.0540 0x0e1c rdyboost - ok
11:42:24.0570 0x0e1c [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:42:24.0600 0x0e1c RemoteAccess - ok
11:42:24.0630 0x0e1c [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:42:24.0660 0x0e1c RemoteRegistry - ok
11:42:24.0690 0x0e1c [ 6D850FAD4CC9498D1F382B77BA4035CC, 689B8D90BFA404F2ABEF3F7CD098382DAA81A4CF6BF3784C9CC24DAF33F10660 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
11:42:24.0720 0x0e1c RimUsb - ok
11:42:24.0760 0x0e1c [ 344604E6913BD6E4EAEC34AF2E0943D7, 4ADFE13AFECD0F263A27F647FC6BA1AB47B2A28F9D70FCAC90F23D0A2FB8C493 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
11:42:24.0800 0x0e1c RimVSerPort - ok
11:42:24.0820 0x0e1c [ 388D3DD1A6457280F3BADBA9F3ACD6B1, 5C534EA15195B1301C917904627AF09FE2ABA3FEE1641B5C87E8F3191BC49058 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
11:42:24.0860 0x0e1c ROOTMODEM - ok
11:42:24.0930 0x0e1c [ 83A6C2CAFE236652D1559640594A0EA8, 52360F17C9C70C9CEA3316560B40C4D89FD705ED7E6B6088C99FC54D4CC35EB5 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
11:42:24.0970 0x0e1c rpcapd - ok
11:42:24.0990 0x0e1c [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:42:25.0050 0x0e1c RpcEptMapper - ok
11:42:25.0080 0x0e1c [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
11:42:25.0090 0x0e1c RpcLocator - ok
11:42:25.0110 0x0e1c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
11:42:25.0140 0x0e1c RpcSs - ok
11:42:25.0150 0x0e1c [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:42:25.0190 0x0e1c rspndr - ok
11:42:25.0210 0x0e1c [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] SamSs C:\Windows\system32\lsass.exe
11:42:25.0220 0x0e1c SamSs - ok
11:42:25.0230 0x0e1c [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:42:25.0240 0x0e1c sbp2port - ok
11:42:25.0270 0x0e1c [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:42:25.0320 0x0e1c SCardSvr - ok
11:42:25.0350 0x0e1c [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:42:25.0390 0x0e1c scfilter - ok
11:42:25.0440 0x0e1c [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
11:42:25.0510 0x0e1c Schedule - ok
11:42:25.0540 0x0e1c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
11:42:25.0560 0x0e1c SCPolicySvc - ok
11:42:25.0570 0x0e1c [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:42:25.0620 0x0e1c SDRSVC - ok
11:42:25.0640 0x0e1c [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:42:25.0680 0x0e1c secdrv - ok
11:42:25.0700 0x0e1c [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
11:42:25.0730 0x0e1c seclogon - ok
11:42:25.0750 0x0e1c [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
11:42:25.0780 0x0e1c SENS - ok
11:42:25.0790 0x0e1c [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:42:25.0830 0x0e1c SensrSvc - ok
11:42:25.0850 0x0e1c [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
11:42:25.0860 0x0e1c Serenum - ok
11:42:25.0890 0x0e1c [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
11:42:25.0910 0x0e1c Serial - ok
11:42:25.0940 0x0e1c [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:42:25.0950 0x0e1c sermouse - ok
11:42:25.0980 0x0e1c [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
11:42:26.0020 0x0e1c SessionEnv - ok
11:42:26.0020 0x0e1c [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:42:26.0030 0x0e1c sffdisk - ok
11:42:26.0040 0x0e1c [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:42:26.0060 0x0e1c sffp_mmc - ok
11:42:26.0060 0x0e1c [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:42:26.0080 0x0e1c sffp_sd - ok
11:42:26.0090 0x0e1c [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:42:26.0110 0x0e1c sfloppy - ok
11:42:26.0150 0x0e1c [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:42:26.0200 0x0e1c SharedAccess - ok
11:42:26.0230 0x0e1c [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:42:26.0260 0x0e1c ShellHWDetection - ok
11:42:26.0270 0x0e1c [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
11:42:26.0280 0x0e1c SiSRaid2 - ok
11:42:26.0300 0x0e1c [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:42:26.0310 0x0e1c SiSRaid4 - ok
11:42:26.0410 0x0e1c [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:42:26.0450 0x0e1c SkypeUpdate - ok
11:42:26.0480 0x0e1c [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:42:26.0500 0x0e1c Smb - ok
11:42:26.0560 0x0e1c [ F26AAD9ADFC9B62AC59A004A913C92DA, BECD2B5E4A99F31A4BE28D9535A49BE517DD9F94A7A0C122A8FAEA4382C62595 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
11:42:26.0580 0x0e1c snapman - ok
11:42:26.0610 0x0e1c [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:42:26.0650 0x0e1c SNMPTRAP - ok
11:42:26.0670 0x0e1c [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
11:42:26.0680 0x0e1c spldr - ok
11:42:26.0720 0x0e1c [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
11:42:26.0770 0x0e1c Spooler - ok
11:42:26.0870 0x0e1c [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
11:42:27.0030 0x0e1c sppsvc - ok
11:42:27.0040 0x0e1c [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:42:27.0090 0x0e1c sppuinotify - ok
11:42:27.0120 0x0e1c [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:42:27.0170 0x0e1c srv - ok
11:42:27.0190 0x0e1c [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:42:27.0230 0x0e1c srv2 - ok
11:42:27.0250 0x0e1c [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:42:27.0290 0x0e1c srvnet - ok
11:42:27.0320 0x0e1c [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:42:27.0370 0x0e1c SSDPSRV - ok
11:42:27.0390 0x0e1c [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:42:27.0420 0x0e1c SstpSvc - ok
11:42:27.0470 0x0e1c [ 91310683D7B6B292B746D60734B59322, 2C56C3E4AA7356FB544B52F80ABDA39A80473390CB2059C69BDCCAD40FE56325 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
11:42:27.0490 0x0e1c ssudmdm - ok
11:42:27.0640 0x0e1c [ 9DA3B55B17B54789AFB8C657D4ACE4D7, 5E4599E682327E3B8097A88A69ED73F96254A29054744D5DFB782054863F131E ] ss_conn_service C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
11:42:27.0670 0x0e1c ss_conn_service - ok
11:42:27.0710 0x0e1c [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
11:42:27.0720 0x0e1c stexstor - ok
11:42:27.0760 0x0e1c [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\Windows\system32\drivers\serscan.sys
11:42:27.0810 0x0e1c StillCam - ok
11:42:27.0840 0x0e1c [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
11:42:27.0900 0x0e1c stisvc - ok
11:42:27.0920 0x0e1c [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
11:42:27.0930 0x0e1c swenum - ok
11:42:27.0960 0x0e1c [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
11:42:28.0020 0x0e1c swprv - ok
11:42:28.0250 0x0e1c [ 9AD49345CBCAFB82DBE0CC9CDD55E3D2, 64B43B25F1E45EC46E383063F17FDD2A6548C563F24CB6D024AA7AD039A0FC89 ] syncagentsrv C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
11:42:28.0360 0x0e1c syncagentsrv - ok
11:42:28.0420 0x0e1c [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
11:42:28.0500 0x0e1c SysMain - ok
11:42:28.0520 0x0e1c [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:42:28.0540 0x0e1c TabletInputService - ok
11:42:28.0570 0x0e1c [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
11:42:28.0620 0x0e1c TapiSrv - ok
11:42:28.0640 0x0e1c [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
11:42:28.0670 0x0e1c TBS - ok
11:42:28.0770 0x0e1c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:42:28.0890 0x0e1c Tcpip - ok
11:42:28.0950 0x0e1c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:42:28.0980 0x0e1c TCPIP6 - ok
11:42:29.0020 0x0e1c [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:42:29.0030 0x0e1c tcpipreg - ok
11:42:29.0050 0x0e1c [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:42:29.0090 0x0e1c TDPIPE - ok
11:42:29.0170 0x0e1c [ 7BC43335C778370FD0040D5224D8EDEB, 2CE371C9E255EF524E441A4F8D35404D7546E3B5C54D28D3A49FC724447AB61F ] tdrpman C:\Windows\system32\DRIVERS\tdrpman.sys
11:42:29.0230 0x0e1c tdrpman - ok
11:42:29.0260 0x0e1c [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:42:29.0290 0x0e1c TDTCP - ok
11:42:29.0330 0x0e1c [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:42:29.0380 0x0e1c tdx - ok
11:42:29.0400 0x0e1c [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
11:42:29.0410 0x0e1c TermDD - ok
11:42:29.0470 0x0e1c [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
11:42:29.0510 0x0e1c TermService - ok
11:42:29.0540 0x0e1c [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
11:42:29.0550 0x0e1c Themes - ok
11:42:29.0570 0x0e1c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
11:42:29.0590 0x0e1c THREADORDER - ok
11:42:29.0650 0x0e1c [ 7D68EAB50DF8B71408B645BA8581800E, 3EA2B9E834318FB006761D25BC314387F319C59DAF81A4101DB2D292EC56AAF8 ] timounter C:\Windows\system32\DRIVERS\timntr.sys
11:42:29.0690 0x0e1c timounter - ok
11:42:29.0710 0x0e1c [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
11:42:29.0750 0x0e1c TrkWks - ok
11:42:29.0800 0x0e1c [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:42:29.0850 0x0e1c TrustedInstaller - ok
11:42:29.0880 0x0e1c [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:42:29.0910 0x0e1c tssecsrv - ok
11:42:29.0940 0x0e1c [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:42:29.0970 0x0e1c TsUsbFlt - ok
11:42:30.0010 0x0e1c [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
11:42:30.0040 0x0e1c TsUsbGD - ok
11:42:30.0080 0x0e1c [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:42:30.0110 0x0e1c tunnel - ok
11:42:30.0130 0x0e1c [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:42:30.0140 0x0e1c uagp35 - ok
11:42:30.0160 0x0e1c [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:42:30.0200 0x0e1c udfs - ok
11:42:30.0230 0x0e1c [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:42:30.0240 0x0e1c UI0Detect - ok
11:42:30.0260 0x0e1c [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:42:30.0270 0x0e1c uliagpkx - ok
11:42:30.0290 0x0e1c [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:42:30.0300 0x0e1c umbus - ok
11:42:30.0330 0x0e1c [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
11:42:30.0340 0x0e1c UmPass - ok
11:42:30.0440 0x0e1c [ 7E5E1603D0FF2D240AE70295C5C3FEFC, 1E5F8E415ACE3C6DFBE636473DBE051329174F2A085516B6FC1515A54014D02B ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
11:42:30.0500 0x0e1c UNS - ok
11:42:30.0520 0x0e1c [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
11:42:30.0560 0x0e1c upnphost - ok
11:42:30.0600 0x0e1c [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
11:42:30.0620 0x0e1c USBAAPL64 - ok
11:42:30.0670 0x0e1c [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
11:42:30.0710 0x0e1c usbaudio - ok
11:42:30.0760 0x0e1c [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:42:30.0790 0x0e1c usbccgp - ok
11:42:30.0830 0x0e1c [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:42:30.0880 0x0e1c usbcir - ok
11:42:30.0900 0x0e1c [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
11:42:30.0930 0x0e1c usbehci - ok
11:42:30.0960 0x0e1c [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:42:30.0990 0x0e1c usbhub - ok
11:42:31.0010 0x0e1c [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:42:31.0040 0x0e1c usbohci - ok
11:42:31.0060 0x0e1c [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:42:31.0070 0x0e1c usbprint - ok
11:42:31.0100 0x0e1c [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\drivers\usbscan.sys
11:42:31.0130 0x0e1c usbscan - ok
11:42:31.0150 0x0e1c [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:42:31.0200 0x0e1c USBSTOR - ok
11:42:31.0220 0x0e1c [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:42:31.0240 0x0e1c usbuhci - ok
11:42:31.0290 0x0e1c [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
11:42:31.0310 0x0e1c usbvideo - ok
11:42:31.0330 0x0e1c [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
11:42:31.0370 0x0e1c UxSms - ok
11:42:31.0390 0x0e1c [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] VaultSvc C:\Windows\system32\lsass.exe
11:42:31.0390 0x0e1c VaultSvc - ok
11:42:31.0400 0x0e1c [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:42:31.0410 0x0e1c vdrvroot - ok
11:42:31.0440 0x0e1c [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
11:42:31.0490 0x0e1c vds - ok
11:42:31.0510 0x0e1c [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:42:31.0520 0x0e1c vga - ok
11:42:31.0530 0x0e1c [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
11:42:31.0570 0x0e1c VgaSave - ok
11:42:31.0590 0x0e1c [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:42:31.0610 0x0e1c vhdmp - ok
11:42:31.0650 0x0e1c [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
11:42:31.0660 0x0e1c viaide - ok
11:42:31.0670 0x0e1c [ ACBCBD8421920D20F1F40B6F76A4C213, 4BF6684BBB4107C638DB8A34154234A0179130D489CB1B5CC15C24240454CB86 ] vididr C:\Windows\system32\DRIVERS\vididr.sys
11:42:31.0690 0x0e1c vididr - ok
11:42:31.0750 0x0e1c [ 905DD422D28A32FACE8AE695B3823843, 7C3742B668CE02B9229A366EC5F2EDADD613ECDCD035FF8A2E6D1DA4406715FC ] vidsflt67 C:\Windows\system32\DRIVERS\vsflt67.sys
11:42:31.0760 0x0e1c vidsflt67 - ok
11:42:31.0780 0x0e1c [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:42:31.0790 0x0e1c volmgr - ok
11:42:31.0810 0x0e1c [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:42:31.0840 0x0e1c volmgrx - ok
11:42:31.0850 0x0e1c [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:42:31.0870 0x0e1c volsnap - ok
11:42:31.0900 0x0e1c [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:42:31.0910 0x0e1c vsmraid - ok
11:42:31.0970 0x0e1c [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
11:42:32.0060 0x0e1c VSS - ok
11:42:32.0090 0x0e1c [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:42:32.0100 0x0e1c vwifibus - ok
11:42:32.0120 0x0e1c [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:42:32.0130 0x0e1c vwififlt - ok
11:42:32.0220 0x0e1c [ 07E6731FF9399A3B72D64150D4C5F71A, 8D12F4160E661C5AB6184A917924F7863E31F0739803E59A12F85558DE1A14B8 ] VX6000 C:\Windows\system32\DRIVERS\VX6000Xp.sys
11:42:32.0330 0x0e1c VX6000 - ok
11:42:32.0360 0x0e1c [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
11:42:32.0430 0x0e1c W32Time - ok
11:42:32.0440 0x0e1c [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:42:32.0470 0x0e1c WacomPen - ok
11:42:32.0500 0x0e1c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:42:32.0530 0x0e1c WANARP - ok
11:42:32.0530 0x0e1c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:42:32.0550 0x0e1c Wanarpv6 - ok
11:42:32.0660 0x0e1c [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:42:32.0730 0x0e1c WatAdminSvc - ok
11:42:32.0790 0x0e1c [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
11:42:32.0900 0x0e1c wbengine - ok
11:42:32.0930 0x0e1c [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:42:32.0970 0x0e1c WbioSrvc - ok
11:42:32.0990 0x0e1c [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:42:33.0020 0x0e1c wcncsvc - ok
11:42:33.0040 0x0e1c [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:42:33.0090 0x0e1c WcsPlugInService - ok
11:42:33.0100 0x0e1c [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
11:42:33.0110 0x0e1c Wd - ok
11:42:33.0150 0x0e1c [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:42:33.0190 0x0e1c Wdf01000 - ok
11:42:33.0220 0x0e1c [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:42:33.0250 0x0e1c WdiServiceHost - ok
11:42:33.0250 0x0e1c [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:42:33.0260 0x0e1c WdiSystemHost - ok
11:42:33.0300 0x0e1c [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
11:42:33.0350 0x0e1c WebClient - ok
11:42:33.0370 0x0e1c [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:42:33.0420 0x0e1c Wecsvc - ok
11:42:33.0440 0x0e1c [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:42:33.0470 0x0e1c wercplsupport - ok
11:42:33.0490 0x0e1c [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
11:42:33.0510 0x0e1c WerSvc - ok
11:42:33.0520 0x0e1c [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:42:33.0540 0x0e1c WfpLwf - ok
11:42:33.0550 0x0e1c [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:42:33.0560 0x0e1c WIMMount - ok
11:42:33.0580 0x0e1c WinDefend - ok
11:42:33.0600 0x0e1c WinHttpAutoProxySvc - ok
11:42:33.0640 0x0e1c [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:42:33.0700 0x0e1c Winmgmt - ok
11:42:33.0780 0x0e1c [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
11:42:33.0940 0x0e1c WinRM - ok
11:42:33.0980 0x0e1c [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:42:34.0000 0x0e1c WinUsb - ok
11:42:34.0040 0x0e1c [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
11:42:34.0100 0x0e1c Wlansvc - ok
11:42:34.0180 0x0e1c [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:42:34.0190 0x0e1c wlcrasvc - ok
11:42:34.0310 0x0e1c [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:42:34.0350 0x0e1c wlidsvc - ok
11:42:34.0360 0x0e1c [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:42:34.0390 0x0e1c WmiAcpi - ok
11:42:34.0430 0x0e1c [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:42:34.0460 0x0e1c wmiApSrv - ok
11:42:34.0480 0x0e1c WMPNetworkSvc - ok
11:42:34.0490 0x0e1c [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:42:34.0520 0x0e1c WPCSvc - ok
11:42:34.0530 0x0e1c [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:42:34.0570 0x0e1c WPDBusEnum - ok
11:42:34.0580 0x0e1c [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:42:34.0610 0x0e1c ws2ifsl - ok
11:42:34.0620 0x0e1c [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
11:42:34.0640 0x0e1c wscsvc - ok
11:42:34.0670 0x0e1c [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
11:42:34.0680 0x0e1c WSDPrintDevice - ok
11:42:34.0690 0x0e1c WSearch - ok
11:42:34.0780 0x0e1c [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv C:\Windows\system32\wuaueng.dll
11:42:34.0930 0x0e1c wuauserv - ok
11:42:34.0960 0x0e1c [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:42:34.0980 0x0e1c WudfPf - ok
11:42:35.0010 0x0e1c [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:42:35.0040 0x0e1c WUDFRd - ok
11:42:35.0070 0x0e1c [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:42:35.0090 0x0e1c wudfsvc - ok
11:42:35.0120 0x0e1c [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
11:42:35.0170 0x0e1c WwanSvc - ok
11:42:35.0190 0x0e1c ================ Scan global ===============================
11:42:35.0210 0x0e1c [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
11:42:35.0230 0x0e1c [ EA32F4EA3AE06EDD122FBCD5A489E457, C6E464170121D1714A367CFC80C5EA15D42AD34909039FDB114EAD3B878A47F6 ] C:\Windows\system32\winsrv.dll
11:42:35.0240 0x0e1c [ EA32F4EA3AE06EDD122FBCD5A489E457, C6E464170121D1714A367CFC80C5EA15D42AD34909039FDB114EAD3B878A47F6 ] C:\Windows\system32\winsrv.dll
11:42:35.0261 0x0e1c [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
11:42:35.0281 0x0e1c [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
11:42:35.0291 0x0e1c [ Global ] - ok
11:42:35.0291 0x0e1c ================ Scan MBR ==================================
11:42:35.0301 0x0e1c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:42:35.0591 0x0e1c \Device\Harddisk0\DR0 - ok
11:42:35.0591 0x0e1c [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk4\DR4
11:42:35.0831 0x0e1c \Device\Harddisk4\DR4 - ok
11:42:35.0831 0x0e1c ================ Scan VBR ==================================
11:42:35.0831 0x0e1c [ 50201ACF21AC0AE206E9511EF933E2B5 ] \Device\Harddisk0\DR0\Partition1
11:42:35.0851 0x0e1c \Device\Harddisk0\DR0\Partition1 - ok
11:42:35.0851 0x0e1c [ 85B9FDA5F195E1743F7E1CED94E472EB ] \Device\Harddisk0\DR0\Partition2
11:42:35.0861 0x0e1c \Device\Harddisk0\DR0\Partition2 - ok
11:42:35.0861 0x0e1c [ 62F6CFE750883C60404DCC31989DFFF2 ] \Device\Harddisk0\DR0\Partition3
11:42:35.0861 0x0e1c \Device\Harddisk0\DR0\Partition3 - ok
11:42:35.0871 0x0e1c [ 1126086D1A74738828BDCB6DB1488D15 ] \Device\Harddisk4\DR4\Partition1
11:42:35.0871 0x0e1c \Device\Harddisk4\DR4\Partition1 - ok
11:42:35.0871 0x0e1c ================ Scan generic autorun ======================
11:42:36.0201 0x0e1c [ B70154747BEB45DAAB358C802F7A9142, 00AD5A8EE5FEDF8D97D6D623362282AEAF8684776D370705659E8526D1E7B57C ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
11:42:36.0401 0x0e1c RtHDVCpl - ok
11:42:36.0451 0x0e1c [ 30890F842E7D5026A41C49AEA1207B2D, F8E0C49852A07EE01C9DA394FAB9532C42470711CAA1C03EF9CF49AACD1B898B ] C:\Windows\vVX6000.exe
11:42:36.0461 0x0e1c VX6000 - ok
11:42:36.0521 0x0e1c [ 9654FC42A5FBF7EAEB112FD890485E14, 7314D9942CE7D2EFCF9EA8B58A90A3D1B6AE75E055F649E3214DD76319F7FC45 ] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
11:42:36.0531 0x0e1c Acronis Scheduler2 Service - ok
11:42:36.0601 0x0e1c [ FF0FAB199882C00D6DC54CA035865C49, BF4D65D96F8DC0057042C2A4B70106D156B0D13C75839935BC9051089363C495 ] C:\Program Files\iTunes\iTunesHelper.exe
11:42:36.0611 0x0e1c iTunesHelper - ok
11:42:36.0641 0x0e1c [ 177B43D22BF388B0D5ED8DD39D51604B, 04C0E713B258A5E152620B4DAB08F68B495F15D25E5097603EE2CB4038B92EDA ] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
11:42:36.0651 0x0e1c SuiteTray - ok
11:42:36.0691 0x0e1c [ 7540A112B052AC8DB4BC02F1039B235B, BD32CA1FB07AB0544A41921702B55D41F3302837449916908F1011C5A66FAACB ] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
11:42:36.0701 0x0e1c EgisTecPMMUpdate - ok
11:42:36.0721 0x0e1c [ 6A8ABD13B2C30DED1125919576AA5E59, 4A41E03D044C0F0CDC86ABA1BBA8EE548E71D1E7096A811427F7950E96F13399 ] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
11:42:36.0731 0x0e1c EgisUpdate - ok
11:42:36.0771 0x0e1c [ D3E69D500466C17498AAF7F83D12FFF0, F5723FC28396489EADDDCAD67A0E46B56D859590823E3CFA7254BA6709DC5AE6 ] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
11:42:36.0821 0x0e1c Norton Online Backup - ok
11:42:36.0891 0x0e1c [ D023BA081C44B44FDB19C890283882B5, ECD568F43D1AF99202A1FA721D55B9C80823FC03C86B52F6D24CBDE23592A5D2 ] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
11:42:36.0901 0x0e1c ArcadeMovieService - ok
11:42:36.0931 0x0e1c [ 278C64B644C224B28E601381103811A6, FF80C2DCDBB6954C84223B01B430A3A250A3937E6A77AD63627C1BDD94E86C6B ] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
11:42:36.0951 0x0e1c Hotkey Utility - ok
11:42:37.0061 0x0e1c [ 504C916D52ABA407FD4DC1E709AEA71E, 8F279620247481F28DF7D9FD4A81173396E39EB807E24587E89CAF1172CC846C ] C:\Program Files (x86)\avmwlanstick\wlangui.exe
11:42:37.0131 0x0e1c AVMWlanClient - detected UnsignedFile.Multi.Generic ( 1 )
11:42:39.0821 0x0e1c Detect skipped due to KSN trusted
11:42:39.0821 0x0e1c AVMWlanClient - ok
11:42:39.0891 0x0e1c [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
11:42:39.0931 0x0e1c BCSSync - ok
11:42:39.0971 0x0e1c [ FA87C6A22F3339B9EDC2F2079BC1E996, 86084094C9576D0BF48B299E048649D930214EDEC9B7462C9242D360A720AB00 ] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
11:42:40.0011 0x0e1c LifeCam - ok
11:42:40.0211 0x0e1c [ 40D3A1563D808FF10A27352C5EB05C33, EB8325073678F31F6713EE6E185BBA0219C2C9FE6E383068DAF10B5EECC0C405 ] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
11:42:40.0321 0x0e1c TrueImageMonitor.exe - ok
11:42:40.0401 0x0e1c [ BED38B0ADFF5F5CC6E988A6491017E83, B2C0EFDEC9320D7EB5882F244E5ACF11A61C1A0AFED83D080C8BB8F7F1AC7E79 ] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
11:42:40.0411 0x0e1c RIMBBLaunchAgent.exe - ok
11:42:40.0451 0x0e1c [ 5F5B8AC273DB64B16C761189BF94065A, CA2182E7545E54361107DD3C33D022D8FE4A23EFFBB90E56B5B528FA8A058186 ] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
11:42:40.0471 0x0e1c AcronisTimounterMonitor - ok
11:42:40.0611 0x0e1c [ C8D2344DAED56FCE1504D006669F2F34, 4BD6D75E94D7171D9248BBFA3696C53317FBEEA556396564B60B9A84E374B465 ] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
11:42:40.0651 0x0e1c DivXMediaServer - ok
11:42:40.0821 0x0e1c [ 3E23D1F7E91627DBD44AC82077E2BA7C, 09235370B85EF5FEA24F1291B9ADAD805C8D7357A78EF8CE3BA0E913F59145EC ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
11:42:40.0831 0x0e1c avgnt - ok
11:42:40.0921 0x0e1c [ 4CB7CEE3F7540B0BEDBD158D75F06509, 73348467A976AF06928B402E12A622BB1B5BD8BB2AC6446117E1FD1EEAFED217 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
11:42:41.0011 0x0e1c StartCCC - ok
11:42:41.0071 0x0e1c [ 5DC17B47CCA5E655F8359111A5BCB4A1, 7A343995DE90C4D3BEBB2D09534D83B7ACFBB3F1C4B552A0BCE7C521DF4A2766 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
11:42:41.0091 0x0e1c APSDaemon - ok
11:42:41.0191 0x0e1c [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
11:42:41.0251 0x0e1c Adobe ARM - ok
11:42:41.0361 0x0e1c [ 53EBC5A93B96B8590BC7F02D7316A9EE, 40E2FF18A57128A197502A2D52808F326C4250B0CE9C310232A92139AF039D89 ] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
11:42:41.0371 0x0e1c KiesTrayAgent - ok
11:42:41.0551 0x0e1c [ 16AFB34618E1286FF856DC600AC49C79, 431EC110507685A0F4472EAE35383B4C1E3DC0B56E01CDECFB18F753181DC995 ] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
11:42:41.0601 0x0e1c DivXUpdate - ok
11:42:41.0671 0x0e1c [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
11:42:41.0681 0x0e1c HP Software Update - ok
11:42:41.0751 0x0e1c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
11:42:41.0821 0x0e1c Sidebar - ok
11:42:41.0841 0x0e1c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
11:42:41.0851 0x0e1c mctadmin - ok
11:42:41.0851 0x0e1c IsMyWinLockerReboot - ok
11:42:41.0881 0x0e1c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
11:42:41.0911 0x0e1c Sidebar - ok
11:42:41.0911 0x0e1c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
11:42:41.0921 0x0e1c mctadmin - ok
11:42:41.0931 0x0e1c IsMyWinLockerReboot - ok
11:42:42.0001 0x0e1c [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
11:42:42.0071 0x0e1c Sidebar - ok
11:42:42.0121 0x0e1c [ 168531BB1255C1B45DF47694409F9DE1, DB8AD75FA5A4D455FE220E2D8940572D08490D5E6535F7EF2C94C1DFAC2D7CA2 ] C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
11:42:42.0141 0x0e1c OfficeSyncProcess - ok
11:42:42.0291 0x0e1c [ 24B1666FD14CC71C7B0679AC61625B90, 4243F0B91BF9EAB365BBC724F5984FEB3AD74DF91EAF15F36A44DEA0AEDB7D20 ] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
11:42:42.0371 0x0e1c msnmsgr - ok
11:42:42.0701 0x0e1c [ E845B2A28F140F258602AF50D7C707C2, DDDC4005CEF160EF8EFD72707E350503ED30858D114E135A3D65DD40AE5C2F99 ] C:\Program Files (x86)\OTRHomeloader\OTRHomeloader.exe
11:42:42.0791 0x0e1c OTR Homeloader - detected UnsignedFile.Multi.Generic ( 1 )
11:42:45.0351 0x0e1c OTR Homeloader ( UnsignedFile.Multi.Generic ) - warning
11:42:47.0901 0x0e1c [ 8C3D31B1A374F8B909A749C0195BE779, 7309DD85C2F77EF8998B477F708B87BA90FDFE8A836DEFC2218E345CFFB989AA ] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
11:42:47.0981 0x0e1c KiesPDLR - ok
11:42:48.0071 0x0e1c [ 99C03F5D726A415253DBF09AFDA0A72E, 860DEF308AA90385763AF0F91F9CEFC3AFDB3C7DFB317B4A5C94429FD0F9707E ] C:\Program Files (x86)\Samsung\Kies\Kies.exe
11:42:48.0101 0x0e1c KiesPreload - ok
11:42:48.0171 0x0e1c [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
11:42:48.0201 0x0e1c swg - ok
11:42:48.0241 0x0e1c [ B22CB67919EBAD88B0E8BB9CDA446010, 2F744FEAC48EDE7D6B6D2727F7DDFA80B26D9E3B0009741B00992B19AD85E128 ] C:\Windows\System32\StikyNot.exe
11:42:48.0271 0x0e1c RESTART_STICKY_NOTES - ok
11:42:48.0321 0x0e1c Skype - ok
11:42:48.0411 0x0e1c [ BA4E2510958244BEB4CAAB5430FAA994, 2D0ACCC1F0DD24CCB217EE54C5E16596635FC197AC8442B6E2C6D4637F063474 ] C:\Users\Michael\AppData\Roaming\Seal One\SealOne.exe
11:42:48.0451 0x0e1c SealOne - ok
11:42:49.0422 0x0e1c [ C7C42AC946E25EC04BC671516A347FF9, 03DCB98F1764862A0DFC1B3A6CD34BA583DA512E8E4556E891A228832C0F8DE1 ] C:\Users\Michael\AppData\Local\Amazon Music\Amazon Music Helper.exe
11:42:49.0552 0x0e1c Amazon Music - ok
11:42:49.0602 0x0e1c GoogleDriveSync - ok
11:42:49.0752 0x0e1c [ EC58C1A9A3281CE0C8FCC05BDBFECB37, 3738BBC112346B32F686F1CB4B4AAD89B06AA1F8FB2D333BC2D2F554212A0A59 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
11:42:49.0782 0x0e1c iCloudServices - ok
11:42:49.0902 0x0e1c [ BE7B5CF20BEFEF6D61158C1108D0D1BA, C40807EF3D4D2EFFEC206F3085500908ABB71C3FE9BFF37DA933FE1841863EF9 ] C:\Program Files (x86)\Garmin\Express Tray\tray.exe
11:42:49.0982 0x0e1c GarminExpressTrayApp - ok
11:42:50.0022 0x0e1c [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
11:42:50.0052 0x0e1c Sidebar - ok
11:42:50.0062 0x0e1c Skype - ok
11:42:50.0172 0x0e1c [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe
11:42:50.0292 0x0e1c HP Officejet Pro 8500 A910 (NET) - ok
11:42:50.0312 0x0e1c [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
11:42:50.0312 0x0e1c swg - ok
11:42:50.0312 0x0e1c Waiting for KSN requests completion. In queue: 10
11:42:51.0312 0x0e1c Waiting for KSN requests completion. In queue: 10
11:42:52.0312 0x0e1c Waiting for KSN requests completion. In queue: 10
11:42:53.0652 0x0e1c AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.9.460 ), 0x41000 ( enabled : updated )
11:42:53.0662 0x0e1c FW detected via SS2: FireWall, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.9.460 ), 0x40010 ( disabled )
11:42:53.0662 0x0e1c Win FW state via NFP2: enabled
11:42:56.0172 0x0e1c ============================================================
11:42:56.0172 0x0e1c Scan finished
11:42:56.0172 0x0e1c ============================================================
11:42:56.0172 0x1c6c Detected object count: 1
11:42:56.0172 0x1c6c Actual detected object count: 1
12:15:32.0736 0x1c6c OTR Homeloader ( UnsignedFile.Multi.Generic ) - skipped by user
12:15:32.0736 0x1c6c OTR Homeloader ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
11.05.2015, 09:39
| #7 |
| /// the machine /// TB-Ausbilder | Positiver Befall mit 4 Trojanern unter Windows7 #1 hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.05.2015, 09:53
| #8 |
| | Positiver Befall mit 4 Trojanern unter Windows7 #1Code:
ATTFilter ComboFix 15-05-13.01 - Michael 14.05.2015 9:43.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4078.1803 [GMT 2:00]
ausgeführt von:: c:\users\Michael\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
FW: FireWall *Disabled* {753F9273-B322-2907-AC37-03D0F1702F22}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\DFR22E.tmp
C:\DFR238.tmp
C:\DFR23E.tmp
C:\DFR25F.tmp
C:\DFR287.tmp
C:\DFR28C.tmp
c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\users\Antonia\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4C3CD35B-0AEF-42AB-810E-715589E43DF3}.xps
c:\users\Antonia\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CB57B7D2-5295-41A2-977E-89E1F9D7DB0B}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0948B347-CDC6-4A50-8CAB-B567F7A8C2AE}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{155092C3-97EA-4F33-8B54-330B96864BF6}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1B721773-D4DD-4865-A6E9-98671B5A896D}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{25B5B7B4-D01C-431A-A207-C8EC150A1D07}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{349D9C32-E74E-49D6-8B8D-64C1F5FF0B84}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3ECAB25E-C9DF-4409-B8D6-46A2FFFAE80F}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4C579C2B-A4B1-4488-9C1D-32D1C418B6BC}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6DC93B31-A912-41EB-8752-60D5E9F3AD59}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AA374F53-D161-4B57-B642-C6E11469F29C}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B2FD1BFA-E62D-4860-96EC-77BB74F1EE58}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C7380766-2401-4CB6-8463-1E156A82B423}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D1131B9A-A5B9-4C5E-83B5-8256A1CD5C6F}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D982ADE7-9C56-422F-9977-A77292DEE133}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EE3FF310-4080-4CC1-A2C0-8D3ACDC17B14}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F1C5F265-678B-47C7-816E-A25DE418B6A8}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FBE4AD88-8097-4D8C-97FC-8CF7C21A8DF5}.xps
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FD0B4329-87F2-4A63-8345-F78EB925205B}.xps
c:\users\Michael\AppData\Local\Temp\_MEI59922\_ctypes.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\_elementtree.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\_hashlib.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\_multiprocessing.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\_psutil_windows.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\_socket.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\_ssl.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\_yappi.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\common.time34.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\hashobjs_ext.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\pyexpat.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\pysqlite2._sqlite.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\python27.dll
c:\users\Michael\AppData\Local\Temp\_MEI59922\pythoncom27.dll
c:\users\Michael\AppData\Local\Temp\_MEI59922\PyWinTypes27.dll
c:\users\Michael\AppData\Local\Temp\_MEI59922\select.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\unicodedata.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\usb_ext.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\win32api.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\win32com.shell.shell.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\win32crypt.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\win32event.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\win32file.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\win32gui.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\win32inet.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\win32pdh.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\win32pipe.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\win32process.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\win32profile.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\win32security.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\win32ts.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\windows._lib_cacheinvalidation.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\wx._animate.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\wx._controls_.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\wx._core_.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\wx._gdi_.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\wx._html2.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\wx._misc_.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\wx._windows_.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\wx._wizard.pyd
c:\users\Michael\AppData\Local\Temp\_MEI59922\wxbase294u_net_vc90.dll
c:\users\Michael\AppData\Local\Temp\_MEI59922\wxbase294u_vc90.dll
c:\users\Michael\AppData\Local\Temp\_MEI59922\wxmsw294u_adv_vc90.dll
c:\users\Michael\AppData\Local\Temp\_MEI59922\wxmsw294u_core_vc90.dll
c:\users\Michael\AppData\Local\Temp\_MEI59922\wxmsw294u_html_vc90.dll
c:\users\Michael\AppData\Local\Temp\_MEI59922\wxmsw294u_webview_vc90.dll
c:\users\Michael\AppData\Local\Temp\7zS5961\HPSLPSVC64.DLL
c:\windows\IsUn0407.exe
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
-------\Service_HPSLPSVC
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-04-14 bis 2015-05-14 ))))))))))))))))))))))))))))))
.
.
2015-05-14 08:16 . 2015-05-14 08:16 -------- d-----w- c:\users\Kerstin(1)\AppData\Local\temp
2015-05-14 08:16 . 2015-05-14 08:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-14 08:16 . 2015-05-14 08:16 -------- d-----w- c:\users\BENJAMIN.ABKM-2012\AppData\Local\temp
2015-05-14 08:16 . 2015-05-14 08:16 -------- d-----w- c:\users\Antonia\AppData\Local\temp
2015-05-13 22:24 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 22:24 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 13:00 . 2015-04-13 03:28 328704 ----a-w- c:\windows\system32\services.exe
2015-05-13 12:59 . 2015-04-20 03:17 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-05-10 08:04 . 2015-05-10 09:34 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-05-09 13:13 . 2015-05-09 13:15 -------- d-----w- C:\FRST
2015-05-08 12:01 . 2015-05-08 12:01 -------- d-----w- c:\users\Michael\AppData\Roaming\QuickScan
2015-05-01 18:10 . 2015-05-01 18:10 229608 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2015-04-24 13:24 . 2015-04-24 13:24 -------- d-----w- c:\users\BENJAMIN.ABKM-2012\AppData\Roaming\Unity
2015-04-24 13:08 . 2015-04-24 13:08 -------- d-----w- c:\users\BENJAMIN.ABKM-2012\AppData\Local\Unity
2015-04-15 07:19 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys
2015-04-15 07:19 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-04-15 07:19 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-04-15 00:35 . 2015-04-15 00:35 18645184 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-13 22:28 . 2012-04-14 15:33 140425016 ----a-w- c:\windows\system32\MRT.exe
2015-05-12 07:51 . 2013-03-28 11:10 152744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-05-12 07:51 . 2013-03-28 11:10 132120 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-05-10 08:04 . 2014-05-17 14:59 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-10 08:03 . 2014-05-17 14:56 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-05-02 15:58 . 2012-04-11 18:20 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-05-02 15:58 . 2011-07-11 10:28 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-27 19:04 . 2015-05-13 13:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-04-14 07:37 . 2014-05-17 14:56 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-14 07:37 . 2014-01-18 12:09 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-14 01:38 . 2015-04-14 01:38 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-03-05 09:01 . 2013-05-06 09:00 44088 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2015-03-04 04:41 . 2015-05-13 12:59 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41 . 2015-05-13 12:59 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10 . 2015-05-13 12:59 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-13 12:59 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-13 12:59 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-02-20 04:41 . 2015-03-11 10:19 41984 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-11 10:19 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-11 10:19 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-11 10:19 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-11 10:19 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-11 10:19 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-11 10:19 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-11 10:19 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-11 10:19 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-11 10:19 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-04-30 10:02 1521800 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2015-03-24 19:34 297128 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-08-13 17:32 1724616 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-08-13 17:32 1724616 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-08-13 17:32 1724616 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2015-03-18 720064]
"OTR Homeloader"="c:\program files (x86)\OTRHomeloader\OTRHomeloader.exe" [2014-02-28 3567616]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2015-01-14 845120]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2015-01-14 1565504]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-24 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-04-17 31280256]
"SealOne"="c:\users\Michael\AppData\Roaming\Seal One\SealOne.exe" [2014-09-26 281080]
"Amazon Music"="c:\users\Michael\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-12-08 6277952]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2015-04-28 25700400]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-11-21 43816]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\tray.exe" [2015-04-08 1010008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2012-09-19 188944]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2011-08-11 627304]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-06-28 5955088]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-06-28 1171336]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2015-04-08 448520]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-05-12 728312]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-01-20 60712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2015-01-14 311616]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 43374104]
FRITZ!DSL Startcenter.lnk - c:\users\Michael\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe [2012-4-6 80896]
Microsoft SharePoint Workspace.lnk - c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE /TrayOnly [2013-12-19 30814400]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Kopie 1).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet Pro 8500 A910\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN14GBM16G;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe [2013-11-17 1427736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 Blackberry Device Manager;Blackberry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys;c:\windows\SYSNATIVE\DRIVERS\VX6000Xp.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt67.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 avmident;AVM FRITZ!Box-Kindersicherung;c:\program files (x86)\FRITZ!Box-Kindersicherung\avmident.exe;c:\program files (x86)\FRITZ!Box-Kindersicherung\avmident.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE;c:\program files\FRITZ!DSL\IGDCTRL.EXE [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 OfficeSvc;Microsoft Office-Dienst;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusbn.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-01 08:07 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.135\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-25 c:\windows\Tasks\Adobe Acrobat Update Task.job
- c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 07:48]
.
2015-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 15:58]
.
2014-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf89f1fda08b48.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 14:20]
.
2014-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cfeadeb7541613.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 14:20]
.
2015-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cfff7a2e6aa93.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 14:20]
.
2015-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d041e914e2aa29.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 14:20]
.
2013-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 14:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-11-07 17:08 357376 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-08-13 17:32 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-08-13 17:32 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-08-13 17:32 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-04-28 09:34 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-04-28 09:34 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-04-28 09:34 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-04-28 09:34 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-04-28 09:34 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-11 11580520]
"VX6000"="c:\windows\vVX6000.exe" [2010-05-20 764784]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-06-28 403144]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-01-27 169768]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.de/webhp?rls=ig
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = fritz.box;*.local
uSearchAssistant = hxxp://www.google.com
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to iPod Converter - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: FRITZ!Box Dial - c:\program files\FRITZ!Box\AddOn (IE)\fb_addon_dial_ie.htm
IE: FRITZ!Box Dial\Contexts - 16 (0x10)
IE: FRITZ!Box Dial\Flags
IE: Mit FRITZ!Box Anrufen - c:\program files (x86)\FRITZ!Box\AddOn (IE)\fb_addon_dial_ie.htm
IE: Mit FRITZ!Box Anrufen\Contexts - 16 (0x10)
IE: Mit FRITZ!Box Anrufen\Flags
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {{328ECD19-C167-40eb-A0C7-16FE7634105F} - {CC68A724-B5F7-4bd3-865C-7D97141A140F} - c:\program files (x86)\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
Trusted Zone: bayer.com\mymail
TCP: DhcpNameServer = 192.168.178.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8gcu6wpb.default-1421500931064\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
AddRemove-Adobe Photoshop Elements 1.0 - c:\windows\ISUN0407.EXE
AddRemove-Adobe SVG Viewer - c:\windows\IsUn0407.exe
AddRemove-Free Disc Burner_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
AddRemove-4086596500.video-download.mediamarkt.de - c:\program files (x86)\Microsoft Silverlight\5.1.20513.0\Silverlight.Configuration.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}"=hex:51,66,7a,6c,4c,1d,38,12,27,28,80,
ea,f2,9b,77,08,dc,cc,8d,48,4c,7b,c9,f2
"{C0C86BBE-9509-4296-8459-FDBFDAF4B673}"=hex:51,66,7a,6c,4c,1d,38,12,d0,68,db,
c4,3b,db,f8,07,fb,4f,be,ff,df,aa,f2,67
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}"=hex:51,66,7a,6c,4c,1d,38,12,ce,98,c3,
35,c7,5c,a0,09,c1,9c,6a,63,e2,38,41,ce
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{25A3A431-30BB-47C8-AD6A-E1063801134F}"=hex:51,66,7a,6c,4c,1d,38,12,5f,a7,b0,
21,89,7e,a6,02,d2,7c,a2,46,3d,5f,57,5b
"{3A2D5EBA-F86D-4BD3-A177-019765996711}"=hex:51,66,7a,6c,4c,1d,38,12,d4,5d,3e,
3e,5f,b6,bd,0e,de,61,42,d7,60,c7,23,05
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b0,c0,92,76,3e,d7,95,4d,8f,72,6c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b0,c0,92,76,3e,d7,95,4d,8f,72,6c,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b0,c0,92,76,3e,d7,95,4d,8f,72,6c,\
.
[HKEY_USERS\S-1-5-21-3665776361-1376430445-3332247537-1000\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_0079&PID_0006\Calibration\0\Type\Axes]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-05-14 10:47:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-05-14 08:47
.
Vor Suchlauf: 13 Verzeichnis(se), 52.982.484.992 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 81.804.185.600 Bytes frei
.
- - End Of File - - 2A7736E5D1630C816712E1E59E6F26A0
|
|
14.05.2015, 20:48
| #9 |
| /// the machine /// TB-Ausbilder | Positiver Befall mit 4 Trojanern unter Windows7 #1 Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.05.2015, 07:26
| #10 |
| | Positiver Befall mit 4 Trojanern unter Windows7 #1Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 14.05.2015 Suchlauf-Zeit: 22:31:17 Logdatei: Malwarebytes Scan.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.05.14.05 Rootkit Datenbank: v2015.04.21.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Michael Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 637095 Verstrichene Zeit: 1 Std, 15 Min, 40 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter # AdwCleaner v4.204 - Bericht erstellt 15/05/2015 um 07:41:04
# Aktualisiert 12/05/2015 von Xplode
# Datenbank : 2015-05-12.2 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Michael - ABKM-2012
# Gestarted von : C:\Users\Michael\Desktop\Trojan Tools\AdwCleaner_4.204.exe
# Option : Suchlauf
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aaaaabfjnbeinlpljodiajipidiompfl_0.localstorage
Datei Gefunden : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aaaaabfjnbeinlpljodiajipidiompfl_0.localstorage-journal
Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\Users\Antonia\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\BENJAMIN.ABKM-2012\AppData\Local\AskToolbar
Ordner Gefunden : C:\Users\BENJAMIN.ABKM-2012\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Kerstin(1)\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Michael\AppData\Local\AskToolbar
Ordner Gefunden : C:\Users\Michael\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Michael\AppData\Roaming\pdfforge
Ordner Gefunden : C:\Users\Michael\Documents\Updater
Ordner Gefunden : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
***** [ Geplante Tasks ] *****
Task Gefunden : BrowserDefendert
Task Gefunden : EPUpdater
Task Gefunden : Scheduled Update for Ask Toolbar
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - fritz.box;*.local
Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\d4dddeb53fbf42
Schlüssel Gefunden : HKCU\Software\DriverTuner
Schlüssel Gefunden : HKCU\Software\DriverTuner_Init
Schlüssel Gefunden : HKCU\Software\Free Video Converter
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\apnwidgets.ask.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\apnwidgets.ask.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\linkuryjs.info
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Myfree Codec
Schlüssel Gefunden : HKCU\Software\Optimizer Pro
Schlüssel Gefunden : HKCU\Software\systweak
Schlüssel Gefunden : [x64] HKCU\Software\APN
Schlüssel Gefunden : [x64] HKCU\Software\Ask.com
Schlüssel Gefunden : [x64] HKCU\Software\AskToolbar
Schlüssel Gefunden : [x64] HKCU\Software\Conduit
Schlüssel Gefunden : [x64] HKCU\Software\DriverTuner
Schlüssel Gefunden : [x64] HKCU\Software\DriverTuner_Init
Schlüssel Gefunden : [x64] HKCU\Software\Free Video Converter
Schlüssel Gefunden : [x64] HKCU\Software\Myfree Codec
Schlüssel Gefunden : [x64] HKCU\Software\Optimizer Pro
Schlüssel Gefunden : [x64] HKCU\Software\systweak
Schlüssel Gefunden : HKLM\SOFTWARE\APN
Schlüssel Gefunden : HKLM\SOFTWARE\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gefunden : HKLM\SOFTWARE\d4dddeb53fbf42
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaabfjnbeinlpljodiajipidiompfl
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gefunden : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gefunden : HKLM\SOFTWARE\Uniblue
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKU\.DEFAULT\Software\AskToolbar
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17801
-\\ Mozilla Firefox v37.0.2 (x86 en-US)
[0ac9rfex.default] - Zeile Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
[0ac9rfex.default] - Zeile Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");
[psnh2fe3.default] - Zeile Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
[psnh2fe3.default] - Zeile Gefunden : user_pref("browser.search.order.1", "Ask.com");
[psnh2fe3.default] - Zeile Gefunden : user_pref("browser.search.selectedEngine", "Ask.com");
[psnh2fe3.default] - Zeile Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");
[3uzryizw.default] - Zeile Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
[3uzryizw.default] - Zeile Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");
-\\ Google Chrome v42.0.2311.152
[C:\Users\Antonia\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=c0d35548-3270-4529-a1c6-7a1bdfc98397&searchtype=ds&q={searchTerms}&installDate=08/06/2013
[C:\Users\Antonia\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=5ce1fed2-a278-4f92-9880-45c962fcbb88&searchtype=ds&q={searchTerms}&installDate=01/01/1970
[C:\Users\Kerstin(1)\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=c0d35548-3270-4529-a1c6-7a1bdfc98397&searchtype=ds&q={searchTerms}&installDate=08/06/2013
[C:\Users\Kerstin(1)\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=5ce1fed2-a278-4f92-9880-45c962fcbb88&searchtype=ds&q={searchTerms}&installDate=01/01/1970
[C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=c0d35548-3270-4529-a1c6-7a1bdfc98397&searchtype=ds&q={searchTerms}&installDate=08/06/2013
[C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=5ce1fed2-a278-4f92-9880-45c962fcbb88&searchtype=ds&q={searchTerms}&installDate=01/01/1970
*************************
AdwCleaner[R0].txt - [15950 Bytes] - [15/05/2015 07:41:04]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [16010 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.1 (05.14.2015:1)
OS: Windows 7 Home Premium x64
Ran by Michael on 15.05.2015 at 8:01:24,10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
Successfully deleted: [Task] C:\Windows\system32\tasks\Scheduled Update for Ask Toolbar
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3665776361-1376430445-3332247537-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\APN
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\AskToolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Ask.com
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AskToolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Classes\TypeLib\{006ad7b2-968a-11de-88c9-5bde55d89593}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\APN
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\AskToolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3A2D5EBA-F86D-4BD3-A177-019765996711}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
~~~ Files
Successfully deleted: [File] C:\Windows\wininit.ini
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{000AF36F-2D49-4047-BB46-FE8CF465CCDB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{005C5DC7-B86F-422A-AE34-A89F5D8CA105}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{00E96E51-04AA-4B68-A1A4-4B6DA8A3D26E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{010AF5DB-D919-4739-B2BB-B94EF65EA7A7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{02E3D459-7E67-440C-92D7-C97A6556FF71}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{04813E90-CE30-43B7-BD30-CFC2FD9C8C12}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{05A0BC2B-132C-4A1E-AB4B-A3AEC551085D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{061172A0-139A-414C-ABE9-0BB648825BA9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{08F9919C-7625-44D5-B885-7196167D3B28}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0AC27E47-657E-4BBF-B02F-44BCFABBA1ED}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0B1AD96D-5268-4A62-B57C-C6A20B2274CD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0C4E06F7-CF93-4A58-96EC-AC2ECCBEF238}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0D14382C-F593-46AF-B91E-C913872D111D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0D198CE3-86F7-4C8F-B798-DC40B9D2B720}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0E0CA180-A549-484E-BF06-110B8312D916}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0E7EF0EA-AE52-4D23-8D24-A14EE77A02EB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0E80881C-AC3A-4F58-AF77-7445C33CDB70}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0EBC58F0-444A-413D-82D2-75613D5FE5DA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0FF8951B-89BC-4AC1-968F-7F85407813A7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{110994AC-2C05-45AA-9AFE-086A70BDFE25}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{14735579-9479-457E-B716-422EE640E19B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1704BDA1-6F8D-49F6-ABE3-F511A161381A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{18185846-33C1-4627-8A31-597984A73AED}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1919E9A3-30D9-4D69-956D-AE65F93B70A6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{194981C2-58EC-4FA8-AEAD-DE8C9E3D2A62}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1AEF6657-3145-4957-8CA5-617FCACF540A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1B3B35ED-F750-462D-8F81-890BC573A716}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1BCBAAFB-20E6-489E-9D62-42E6E191CBE8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1BE8A2EA-20AF-4B39-B840-5877C8F9EB50}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1C9928FB-3F67-45D3-9C21-20D1C3380A61}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1D0CC8EF-EF11-4ED2-AD8B-0B5164F6B535}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1DAF7AFF-3DE0-4677-A7E5-520B604A2D88}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{204D68C0-017B-4419-BD14-D9A8C3B0C5BC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2173D849-8D5D-41F7-BA1D-604FD3344462}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{21F726EB-6DBB-47A2-A74B-C9B6CAB25DCA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2224F3C4-1B80-4DAE-A409-0725C70A9E25}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{23273003-20DD-48FD-A14D-8937A75D0767}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{23907934-A79C-46FE-94B8-28A05064A508}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2430433A-0D41-4F3D-B444-2BAB75692C50}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{243BC27C-52CA-498C-9237-A1FE78AB53EF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2561D4A6-4769-43B6-833B-080F9A189E05}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{272B0C82-7DDA-4A80-9277-CE6D2B1CF74C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2832E109-8805-44D8-A867-BA9985FCBF68}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2852D498-5487-49E4-8CE4-FDC126344AEA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{290576B4-C151-469E-8637-613730C2CD2E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2A1450E1-AD7C-4C76-B3C6-43BA3DD5893E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2B511FF1-D61C-49CF-AA54-B47042D01F58}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2CC333B7-77F7-4A06-A4DC-1B9DCC8A8170}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3065A67D-0879-4855-B6F2-C4E6569632F5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{30B405FD-E7EC-410A-A2BD-736C7A4773E5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{30E48391-70AD-41B6-854C-026DB6FFCC71}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3293D3B3-58CB-4BB5-996F-E777100BC5A3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{34BA41D6-6436-40D2-8DB5-1B35E6C19E68}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{350FC8F6-F5AD-4C34-A1A3-94C9C0643D78}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{357B4DF6-0AB5-4471-A1A9-B02E3AA3BF24}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{35BF10CC-F0C3-42C2-9883-FC2D738D2172}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{37011C0E-A917-45D8-B8BE-9DE5B735973A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3946F6EB-923E-4475-BFEF-6649985275C0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{39DCC3D1-5BF0-402C-A186-2EB626121E98}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3ADDB359-C9AD-4257-B286-1C416EAFE2AD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3AEE9A9E-5A95-4CFF-A5A4-204C64AD8948}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3B82BF26-6FB3-480E-B3E5-16B7FCC0A53F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3BE54D64-3086-4952-B876-66AE8CF63CA4}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{40E48459-8A50-48B5-ADAF-D2DEF391640C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4213142C-F15D-4B7E-BE28-B779FE006A76}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{43B1F860-291E-40CA-8641-2D8BFE2229EE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{445E19C9-A32D-402A-9C1C-F8D44C5F592F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{44F741DA-A9AC-4ED2-B5C8-2A41068F4C0E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4529A683-8E55-4956-8105-D75116FE22D1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{45425EF8-CB09-4296-AD41-10A93F1662D9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4563CA98-9D08-4847-8504-5DCDE58AB200}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{459A2762-3639-454C-9D83-49D6D9DD66E0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{477C352C-E92A-447E-A47B-2DE6C4C20EEB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{478372D9-7D12-4910-B611-1B0BF48FAD05}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{48E478D2-5D89-4976-9938-6C53E600721A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4917958E-1019-4EFD-B113-7AA8FC872D1D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{49C515CF-6498-4344-ACA1-961DF68E0E42}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4A31F116-EF1D-4711-B1C7-251E58B56846}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4BAAC4B2-A6EE-4BF2-8AB9-019F2106AE13}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4CBF23B3-B5B5-4D14-9724-CCDBC563BCDA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4DC9007F-9EBE-4505-A674-9F1662C6E3AE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4E3BBB86-F528-431E-88AB-B09EC741FF9C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4E4E45BB-B6A5-436A-BF0D-467AF8948118}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4E4F1734-5153-4DA3-B02E-27C43A689622}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4E502F69-CA52-4150-B420-9A78FB27586E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5002F1D3-B21A-4826-8BB9-F9F48A2CA9D7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{51C49C57-C79A-4607-A746-A18B0C608EE8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{521E9C73-D95B-4860-A5A4-B372616AE2FA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{52465F34-025F-46EA-92A7-743461541967}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{52A799EE-223F-446A-8D22-ABF90F0DE5DC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{55A75EE3-7B7F-44B2-9645-A7CF5DE8ED1F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{55D5D621-C512-43FB-802B-72B0A310D62B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{56031319-A24C-4932-93C9-DF582175213A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{566D2758-F8AD-4E49-A0EE-5B6D9A09E09A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{56E41075-1AC2-4F13-8CA5-7C60AEA7406F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{57B22EE2-7FBD-4D5A-8D34-95CF2B316F14}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{582D91EE-5247-4DCC-9FAE-C6DB162F75C5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{58D5D425-830F-449D-B82B-B5E003D58250}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{59269A16-37EE-4A62-B3F7-6F7336DAF117}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5CA5F328-FEB6-4597-A743-C5995A06347A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5CC7CB64-02DC-4C65-BECE-831B7D923704}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5D59DCC9-510F-4272-88EE-8023CBEDBD84}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5E2BFDA1-8E29-407B-A37E-A2971A96CE66}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5E8C9B65-A7E2-4C79-8521-9E4635D029A5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5F262F01-B2BC-4420-9C3B-DCD6BA0FC790}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5F66CB5C-3B8D-4DBE-BCF7-464D0B858C1F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5F728A5A-10B8-432A-B540-773E94EA07AB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5F92E659-E31A-499A-95E6-A71D5BCD8046}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{611B5D6B-906A-4328-8C4F-E1DBCAB78B2F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{61569947-201C-47B0-A417-DFDFFA3AFCAA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{619AB44C-E2B2-4845-81D5-9D58A626862A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{63C04F05-008B-4312-B16E-A130A1A94E01}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{642D1B92-7E0C-4DA9-8808-CAE6E7760F0D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6556B80D-5AC5-4755-AA54-BCFD98E7E65D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{67F6EFCE-D169-4022-BCB6-34299246C4D8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6852CDE9-D50A-42FC-B625-63470B5A2825}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{69767B47-B9DE-4750-9B3B-D6E4DD8018A5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6A227EF8-D0A1-4EB9-A0CB-D471C9D21DD8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6A827B06-B331-443A-AACB-2EC80D815ED7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6B274291-6255-4BB8-BF46-C7845583542E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6BD1CA1D-2D2D-4FB4-B2F5-6338150D66B6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6C93B4D1-DC3F-4710-9F6B-AEF21069A01C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6E532C9A-877E-4FBF-863E-DBE4B323F5E7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6E8321A7-A700-4328-9B05-88EE6E63834A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6F7C11E9-1E85-408E-AB0D-19F5E20780A3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{725ABADA-627D-42BD-B83E-D59557FC399D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{73C147A7-31EA-42BB-840A-9394A2018828}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{765E7271-C422-496B-B2FD-A05EA0E476E5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{76F66E32-F6D1-47BF-94D1-CDDF65FA4116}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{795F0907-44AD-4987-947E-296C2B54B9A7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7CB83092-FD10-46D6-8F05-ADE5FEDDAE07}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7E44056E-6C6B-4630-86F6-DAE367D12F45}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7E8705A2-18B2-4143-9ECF-3547F8A06E89}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{80B9428B-DD70-41CB-952E-8133B48BCDAF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{81292572-2F20-401C-93C4-173FEC2897F0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{81B7E283-20AA-4E01-B371-6BD21741B2C3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{81B9B1AA-8FFD-4C80-AEF6-10E3F3B898FE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{83D58E2B-D082-4033-8D0A-C9933B5EFC7B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8713FAC3-EA39-4610-9DAC-A9D23B97A225}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{88D84127-6B98-4764-B117-84926232E9A1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{88FFBA72-2534-429C-BDAB-962C788ECE0B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{89394E07-6891-4662-963A-5718036C8C37}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{89DFE551-9EB1-4D88-9C18-70000DAEE3FE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8A502CF6-C1B4-45AD-870E-EB34C865CB2D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8BBFCAD1-CA6F-420F-AB2F-6D16B6F8EF8B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8C3B8D37-C90F-4737-85FA-A3F33AE015D1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8DB52E62-3E56-485F-9EFA-B9CB35B64210}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8F5E95B3-CE9F-4394-94ED-ADBE15E2E92C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9321877D-52BF-4603-9309-9849E0FBE4B9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{93EC67FB-AC66-4030-8AA8-9B714F29AD58}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{94B27883-406C-45C5-918B-D8A2B666B5E0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{95B0F9F9-02DE-4A81-A183-6026C3C6E062}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{96EF75C7-5046-4ECD-A282-FAC50341A227}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{988741C0-E97C-443B-9216-5C314F3D9270}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{98E10EF7-69A0-4359-991A-FAFB28146CEB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{993671A0-A4FA-4B68-86F1-D0B08F2DA00A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9A120705-824F-4ADB-9404-06F3FFAF31D2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9F7C7865-C765-4EBA-A8F9-CE85EFF5BA21}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A1C1345F-079C-4100-BB92-B6926628F080}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A1D50CF0-8AE6-4AB2-93D2-BD1419075BF6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A2A4E140-3361-47BF-8F11-48F20BDA078D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A3F8D4B6-DB9D-4FFB-B382-E7859F3F5308}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A44BC937-05DE-4580-A0A6-B8F9BBF8422E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A5A2AD3A-DB23-4978-B53B-3D37331AABC9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A605492F-BE33-41FC-9CB7-4EA36865E539}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A631564A-4944-472F-9145-C82A0A6BABE5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A9A2F0AD-8576-4498-832E-38729F4BA8BC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{ABE19ED3-BE9E-4CA8-9046-C6D433FB7D6B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AC96C373-6AEC-423A-9F7B-A75D904DE05D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AE3C3A0E-0CEC-4C47-B05B-416463B4FC12}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AE3C88E3-C071-4D59-A4C7-7737A981344B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AE875BDE-0D4D-4875-A695-CC986383393E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B0C13734-9357-4D6D-A242-5CE4F32077BF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B14CB146-834C-4E25-B605-02D7913987B4}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B28C3F14-AD19-43B5-908D-4B409049E668}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B2B89F51-D45D-4FF1-B7B5-B50200844EB5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B3BAE988-677C-4A50-AF63-1279AAB92ED0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B3C0CF51-1A2A-4D63-BEF1-F8D17DC80FF7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B425F9F4-A435-4A32-AFAD-F135679C015F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B4DB4034-3786-427C-9D6F-169A075FA0BF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B5135604-2B98-4156-B4DC-C07E7EEE346D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B5D8CFB5-0961-4681-9B2B-5AB6AA56C78E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B5F3CAFB-CF49-45BF-B219-F1542071DF50}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B68BCF17-F815-46AE-97F5-1731479AEFB0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B9D1EFF5-973A-4C08-8D4F-63DFD457C60A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B9E62D55-BDD7-46CA-969D-BF434364A045}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BCDE82EE-4C42-4151-9D86-24D399548BE2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BD2E3547-E215-42CC-BDD1-1F02BBC4B0B3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BD8B38D6-BE4A-4449-B345-401297AEB4E9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BDC72780-E7CF-433B-BC4D-121512BAF78B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BE2263B0-D038-46B6-94A9-4C6E16AF46E9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BE80DAC8-BC15-419C-A1DA-45292C54E5D8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BFF0D7E1-6D40-427D-A725-7CEF575B816C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C1D9F769-C318-4D35-A682-006F5D1957CD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C272D2BF-B367-41EB-8B64-3E1665ABCEEE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C2B60F9A-5E39-42A5-A1B3-A8D48669B688}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C2F05901-7005-4DCE-AE6A-E0BCA2BA576F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C44AC4B5-ECD6-4D93-842A-2D50FCF2CBF7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C49F6AAC-0D00-4B99-8517-EF6A79B4C270}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C5D5B2C6-9477-4842-ABFB-905CABFDB40F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C7407E8F-6773-4197-9509-1FA972836FFA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C752CA0D-0C8C-4BD3-8FFA-DD83C58FCC77}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C7C9CE20-200B-4FAF-A7C1-6A94568563A4}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C86B5B53-1CA3-4473-BEFA-83125FC764F8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C8E0F899-153D-4E88-B439-A588E86D29DD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CCB0CC96-0BE1-48B8-BBA1-65AA788940FF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CE958FD0-4905-4F42-95F8-BC8CA269EEB0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CEA271FC-F427-49B3-92A1-8A4A5FC154A1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CF45AD25-98B3-4995-982B-C6BEBA338B61}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CF7D3D56-511D-4E10-8941-123A252CFFE7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CFCFB3BF-B88B-4EE4-8DB7-FD5158ACF71B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D2274F29-FFCF-4B35-8659-4FA1DFC5853E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D253CA3F-D535-41CD-BB39-CB4B12DB4BFB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D28D4133-5B7A-49BC-8D36-7A6FF6318651}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D2BA93EF-9BF0-4898-8252-CAF8E38892FB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D30EAD54-2C9D-4449-B7BD-EFC52EC5C85C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D34DC55A-68CD-417D-A3D1-88BBB119C08C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D48DCE9E-1E8C-4998-99EB-AF93838C2C0F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D647AC80-F0C3-408E-A719-A3508FC1A8F4}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D808EBCD-1CD6-4DF6-81FF-A4842F2543DC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D883FACE-F036-4F0A-B8E2-EC3A5AA811F3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D897F718-F5DF-4422-A5CC-574DA9242C71}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D9A1D825-17D9-48E2-9C87-CD0CE457ED34}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DA29F67F-04D8-4A39-850D-6F903444ECFD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DA564153-B4FF-4EF1-BABA-F124761644E9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DAD4DB08-1A2B-4F13-BD6B-7C4DDF31F560}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DBEAD07E-895F-4EB9-9239-AD26622ACCAF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DBEB0CA3-4B46-4495-A3DA-1AD0FB01394D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DE9CB018-8660-42E8-9785-FC6AE8CEB999}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E31031EB-7B43-4BF3-9472-906CC1244C1B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E39A4E20-91C5-46E2-9BE7-CC40E5ACC43C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E44E6449-0481-4B45-B17C-7431D1FB1D9A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E637B49D-48A3-4B2B-8068-9A0904486645}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E6420D90-D985-4EA8-85A6-D5AD1A47010A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E70D3B98-F226-4F8B-8A2D-7F76141C2C41}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E71B3051-B6A8-463A-AB5C-08B5CF7837C6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E79F85F0-2CDD-46DD-BDEC-D4283CA23666}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E88D6C16-E32B-4A87-AC03-1663262A9C61}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E93B4D73-1595-462C-9358-F8399ACD9D26}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E9449978-250F-412E-9D2B-916833194389}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E97E7519-D80B-4510-B2DF-B266005E584A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{EA2EBA12-0315-4671-9513-358718E61F53}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{EBA9A5B0-847F-4CB3-9257-41D158151B37}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{ECF9BFEC-4C06-40E7-83E0-1CA8CF19A756}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F1FC2C16-82B4-4CC2-933E-E19390832A72}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F28FC461-4733-4CA4-8DF8-D6CEEA0B67FE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F37F16D7-7A37-4727-BD80-CC6F81B7CAE1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F38EF0DB-6E58-4E80-BC01-708C56CA0C54}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F542F348-1037-4591-ABCE-EAA5E614E4E8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F67325D9-385B-4D0E-9B90-57954A31A4EF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F7E1DFAA-2C91-4DA7-B803-1875ED5777B9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FBBB17F2-E3E6-4F14-993D-D3CC410F1047}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FC450153-02FB-4225-BC8E-5926D298A994}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FF251299-1F6A-4627-A6AF-B6EFB6042DFB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FF339EDC-7689-4B2D-94DD-99DB626C862B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FF577B66-ECB4-4876-AB24-C985872786FA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FF813D90-BBCA-4D10-B30E-6B29DA22023A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FFD7135D-5345-4FD0-B474-026FF6F6706F}
Successfully deleted: [Folder] C:\Program Files (x86)\ask.com
Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec
Successfully deleted: [Folder] C:\Users\Michael\AppData\Roaming\pdfforge
~~~ FireFox
Emptied folder: C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\8gcu6wpb.default-1421500931064\minidumps [1 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.05.2015 at 8:04:12,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Antivir ist aktiv, meldet aber, dass es kein Update durchführen kann (kein Internet). Code:
ATTFilter # AdwCleaner v4.204 - Bericht erstellt 15/05/2015 um 08:14:35
# Aktualisiert 12/05/2015 von Xplode
# Datenbank : 2015-05-12.2 [Lokal]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Michael - ABKM-2012
# Gestarted von : C:\Users\Michael\Desktop\Trojan Tools\AdwCleaner_4.204.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\Antonia\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\BENJAMIN.ABKM-2012\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\BENJAMIN.ABKM-2012\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Kerstin(1)\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Michael\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Michael\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Michael\Documents\Updater
Datei Gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aaaaabfjnbeinlpljodiajipidiompfl_0.localstorage
Datei Gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aaaaabfjnbeinlpljodiajipidiompfl_0.localstorage-journal
***** [ Geplante Tasks ] *****
Task Gelöscht : BrowserDefendert
Task Gelöscht : EPUpdater
Task Gelöscht : Scheduled Update for Ask Toolbar
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaabfjnbeinlpljodiajipidiompfl
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\apnwidgets.ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Schlüssel Gelöscht : HKCU\Software\d4dddeb53fbf42
Schlüssel Gelöscht : HKLM\SOFTWARE\d4dddeb53fbf42
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Free Video Converter
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\DriverTuner_Init
Schlüssel Gelöscht : HKCU\Software\DriverTuner
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKU\.DEFAULT\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\apnwidgets.ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\linkuryjs.info
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - fritz.box;*.local
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17801
-\\ Mozilla Firefox v37.0.2 (x86 en-US)
[0ac9rfex.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
[0ac9rfex.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
[psnh2fe3.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
[psnh2fe3.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1", "Ask.com");
[psnh2fe3.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
[psnh2fe3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
[3uzryizw.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
[3uzryizw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
-\\ Google Chrome v42.0.2311.152
[C:\Users\Antonia\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=c0d35548-3270-4529-a1c6-7a1bdfc98397&searchtype=ds&q={searchTerms}&installDate=08/06/2013
[C:\Users\Antonia\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=5ce1fed2-a278-4f92-9880-45c962fcbb88&searchtype=ds&q={searchTerms}&installDate=01/01/1970
[C:\Users\Kerstin(1)\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=c0d35548-3270-4529-a1c6-7a1bdfc98397&searchtype=ds&q={searchTerms}&installDate=08/06/2013
[C:\Users\Kerstin(1)\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=5ce1fed2-a278-4f92-9880-45c962fcbb88&searchtype=ds&q={searchTerms}&installDate=01/01/1970
[C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=c0d35548-3270-4529-a1c6-7a1bdfc98397&searchtype=ds&q={searchTerms}&installDate=08/06/2013
[C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=5ce1fed2-a278-4f92-9880-45c962fcbb88&searchtype=ds&q={searchTerms}&installDate=01/01/1970
*************************
AdwCleaner[R0].txt - [16266 Bytes] - [15/05/2015 07:41:04]
AdwCleaner[R1].txt - [15036 Bytes] - [15/05/2015 08:11:36]
AdwCleaner[S0].txt - [14503 Bytes] - [15/05/2015 08:14:35]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14563 Bytes] ##########
|
|
15.05.2015, 07:36
| #11 |
| | Positiver Befall mit 4 Trojanern unter Windows7 #1 FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 02
Ran by Michael (administrator) on ABKM-2012 on 15-05-2015 08:28:51
Running from C:\Users\Michael\Desktop\Trojan Tools
Loaded Profiles: Michael (Available profiles: Michael & Antonia & Kerstin(1) & BENJAMIN)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation
) C:\Windows\vVX6000.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Seal One AG) C:\Users\Michael\AppData\Local\Temp\Seal One\SealOne.exe
() C:\Users\Michael\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
(Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-11] (Realtek Semiconductor)
HKLM\...\Run: [VX6000] => C:\Windows\vVX6000.exe [764784 2010-05-20] (Microsoft Corporation
)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403144 2012-06-28] (Acronis)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [188944 2012-09-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-11] ()
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5955088 2012-06-28] (Acronis)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1171336 2012-06-28] (Acronis)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-04-08] (DivX, LLC)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-01-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [OTR Homeloader] => C:\Program Files (x86)\OTRHomeloader\OTRHomeloader.exe [3567616 2014-02-28] (© onlinetvrecorder.com)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2015-01-14] (Samsung)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1565504 2015-01-14] (Samsung)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-24] (Google Inc.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [SealOne] => C:\Users\Michael\AppData\Roaming\Seal One\SealOne.exe [281080 2014-09-26] (Seal One AG)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [Amazon Music] => C:\Users\Michael\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2012-04-12]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Kerstin(1)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-05-26]
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Kerstin(1)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Netzwerk).lnk [2013-02-22]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-10-31]
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk [2012-04-06]
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Users\Michael\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe ()
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk [2012-04-14]
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012-05-17]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Kopie 1).lnk [2013-02-16]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Kopie 1).lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
GroupPolicyUsers\S-1-5-21-3665776361-1376430445-3332247537-1009\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3665776361-1376430445-3332247537-1005\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000 -> DefaultScope {96823B65-B9E8-404A-AFE9-A36A99662E05} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000 -> {96823B65-B9E8-404A-AFE9-A36A99662E05} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2013-07-09] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: FRITZ!Box Addon BHO -> {C0C86BBE-9509-4296-8459-FDBFDAF4B673} -> C:\Program Files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll [2012-12-11] (AVM Berlin)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2013-08-13] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: FRITZ!Box Addon BHO -> {C0C86BBE-9509-4296-8459-FDBFDAF4B673} -> C:\Program Files (x86)\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll [2012-12-11] (AVM Berlin)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab
Handler-x32: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax [2011-10-20] (ACE GmbH)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2013-04-28] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8gcu6wpb.default-1421500931064
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-02] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-02] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-07-09] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @protectdisc.com/NPMPDRM -> C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll [2011-10-11] ( )
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll [2012-11-02] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-02-06] (Apple Inc.)
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8gcu6wpb.default-1421500931064\Extensions\2020Player_IKEA@2020Technologies.com [2015-03-21]
FF Extension: Bitdefender QuickScan - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8gcu6wpb.default-1421500931064\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2015-05-08]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8gcu6wpb.default-1421500931064\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-04-10]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-24]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-06-01]
Chrome:
=======
CHR DefaultSearchKeyword: Default -> search.snapdo.com
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-28]
CHR Extension: (Skype Click to Call) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-07-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-28]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-01]
CHR HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Michael\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-01-24]
CHR HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-03-15] (Adobe Systems) [File not signed]
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-12] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 avmident; C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe [76288 2011-09-27] (AVM Berlin) [File not signed]
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-05-28] () [File not signed]
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-09] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-25] (AVM Berlin)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-10-30] () [File not signed]
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-25] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 VX6000; C:\Windows\System32\DRIVERS\VX6000Xp.sys [2143600 2010-05-20] (Microsoft Corporation
)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-15 08:04 - 2015-05-15 08:04 - 00031977 _____ () C:\Users\Michael\Desktop\JRT.txt
2015-05-15 08:01 - 2015-05-15 08:01 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ABKM-2012-Windows-7-Home-Premium-(64-bit).dat
2015-05-15 08:01 - 2015-05-15 08:01 - 00000000 ____D () C:\RegBackup
2015-05-15 07:40 - 2015-05-15 08:14 - 00000000 ____D () C:\AdwCleaner
2015-05-14 22:16 - 2015-05-15 08:16 - 00000022 _____ () C:\Windows\S.dirmngr
2015-05-14 10:47 - 2015-05-14 10:47 - 00048438 _____ () C:\ComboFix.txt
2015-05-14 09:38 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-14 09:38 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-14 09:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-14 09:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-14 09:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-14 09:38 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-14 09:38 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-14 09:38 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-14 09:37 - 2015-05-14 10:47 - 00000000 ____D () C:\Qoobox
2015-05-14 09:37 - 2015-05-14 10:45 - 00000000 ____D () C:\Windows\erdnt
2015-05-14 09:34 - 2015-05-14 09:34 - 05623645 ____R (Swearware) C:\Users\Michael\Desktop\ComboFix.exe
2015-05-14 00:24 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 00:24 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 15:01 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 15:01 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 15:01 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 15:01 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 15:01 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 15:01 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 15:01 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 15:01 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 15:01 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 15:01 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 15:01 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 15:01 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 15:01 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 15:01 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 15:01 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 15:01 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 15:01 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 15:01 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 15:01 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 15:01 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 15:01 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 15:01 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 15:01 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 15:01 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 15:01 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 15:01 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 15:01 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 15:01 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 15:01 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 15:01 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 15:01 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 15:01 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 15:01 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 15:01 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 15:01 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 15:01 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 15:01 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 15:01 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 15:01 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 15:01 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 15:01 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 15:01 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 15:01 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 15:01 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 15:01 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 15:01 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 15:01 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 15:01 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 15:01 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 15:01 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 15:01 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 15:01 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 15:01 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 15:01 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 15:01 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 15:01 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 15:01 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 15:01 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 15:01 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 15:01 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 15:01 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 15:01 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 15:01 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 15:01 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 15:00 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 15:00 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 15:00 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 15:00 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 15:00 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 15:00 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 15:00 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 15:00 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 15:00 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 15:00 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 15:00 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 15:00 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 15:00 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 15:00 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 15:00 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 15:00 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 15:00 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 15:00 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 15:00 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 15:00 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 15:00 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 15:00 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 15:00 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 15:00 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 15:00 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 15:00 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 15:00 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 15:00 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 15:00 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 15:00 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 15:00 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 15:00 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 15:00 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 14:59 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 14:59 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 14:59 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 14:59 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 14:59 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 14:59 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 14:59 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 14:59 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 14:59 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 14:59 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 14:59 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 14:59 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 14:59 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 14:59 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 14:59 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 09:53 - 2015-05-12 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-11 19:12 - 2015-05-11 19:12 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Local\{7914B217-5846-49DC-892A-F5C07EC41841}
2015-05-10 10:04 - 2015-05-10 11:34 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-09 15:13 - 2015-05-15 08:28 - 00000000 ____D () C:\FRST
2015-05-09 15:13 - 2015-05-09 15:13 - 00000000 _____ () C:\Users\Michael\defogger_reenable
2015-05-09 09:06 - 2015-05-15 08:27 - 00000000 ____D () C:\Users\Michael\Desktop\Trojan Tools
2015-05-08 17:21 - 2015-05-09 17:38 - 00000000 ____D () C:\Users\Michael\Desktop\Antivir Rescue
2015-05-08 15:01 - 2015-05-08 15:01 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-08 14:03 - 2015-05-08 14:03 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-08 14:01 - 2015-05-08 14:01 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\QuickScan
2015-05-08 11:37 - 2015-05-08 11:37 - 00000000 ____D () C:\Users\Antonia\Desktop\runtime
2015-05-08 11:35 - 2015-05-08 11:40 - 00000000 ____D () C:\Users\Antonia\Desktop\game
2015-05-08 11:03 - 2015-05-08 11:03 - 00000000 ____D () C:\Users\Antonia\AppData\Local\{56D3392A-6DA5-4C13-BEB3-CF502A9CC135}
2015-05-03 17:21 - 2015-05-03 17:21 - 00000000 ____D () C:\Users\Antonia\AppData\Local\{6677D07C-D21C-4218-A05E-5F02BFC9FCE3}
2015-05-02 17:55 - 2015-05-02 17:55 - 00007158 _____ () C:\Users\Kerstin(1)\Desktop\Fliesen - Verknüpfung.lnk
2015-05-02 17:54 - 2015-05-02 17:55 - 00000000 ____D () C:\Users\Public\Documents\Sentastr
2015-05-01 11:58 - 2015-05-01 11:58 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Local\{84B21787-061C-4822-9126-03D044371819}
2015-04-27 09:18 - 2015-04-27 09:18 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Local\{BDC3A217-B9AD-45C9-8C79-C291528228E8}
2015-04-24 15:24 - 2015-04-24 15:24 - 00000000 ____D () C:\Users\BENJAMIN.ABKM-2012\AppData\Roaming\Unity
2015-04-24 15:08 - 2015-04-24 15:08 - 00000000 ____D () C:\Users\BENJAMIN.ABKM-2012\AppData\Local\Unity
2015-04-24 15:07 - 2015-04-24 15:08 - 01088384 _____ (Unity Technologies ApS) C:\Users\BENJAMIN.ABKM-2012\Downloads\UnityWebPlayer(2).exe
2015-04-24 15:07 - 2015-04-24 15:07 - 01088384 _____ (Unity Technologies ApS) C:\Users\BENJAMIN.ABKM-2012\Downloads\UnityWebPlayer(1).exe
2015-04-24 15:06 - 2015-04-24 15:06 - 01088384 _____ (Unity Technologies ApS) C:\Users\BENJAMIN.ABKM-2012\Downloads\UnityWebPlayer.exe
2015-04-24 12:04 - 2015-04-24 12:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-21 15:42 - 2015-04-21 15:42 - 00044032 ___SH () C:\Users\BENJAMIN.ABKM-2012\AppData\Roaming\Thumbs.db
2015-04-21 15:42 - 2015-04-21 15:42 - 00001526 _____ () C:\Users\BENJAMIN.ABKM-2012\AppData\Roaming\.minecraft - Verknüpfung.lnk
2015-04-21 15:28 - 2015-04-21 15:29 - 05263187 _____ () C:\Users\BENJAMIN.ABKM-2012\Downloads\FC Pack V8-1.7.10-4.8.0.zip
2015-04-15 09:20 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 09:20 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 09:20 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 09:20 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 09:20 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 09:20 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 09:20 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 09:20 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 09:20 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 09:20 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 09:20 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 09:20 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 09:20 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 09:20 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 09:20 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 09:20 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 09:20 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 09:20 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 09:20 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 09:20 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 09:20 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 09:20 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 09:20 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 09:20 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 09:20 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 09:19 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 09:19 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 09:19 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-15 08:26 - 2011-11-24 07:07 - 01224214 _____ () C:\Windows\WindowsUpdate.log
2015-05-15 08:23 - 2012-04-06 20:14 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype
2015-05-15 08:21 - 2015-01-24 16:25 - 00000000 ___RD () C:\Users\Michael\Google Drive
2015-05-15 08:21 - 2014-10-31 00:10 - 00000000 ___RD () C:\Users\Michael\Dropbox
2015-05-15 08:21 - 2013-05-26 21:11 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Dropbox
2015-05-15 08:17 - 2012-04-28 11:34 - 00000000 ____D () C:\Users\Michael\AppData\Local\CrashDumps
2015-05-15 08:16 - 2012-04-06 17:44 - 00654759 _____ () C:\Users\Michael\DesktopStCenter.txt
2015-05-15 08:16 - 2009-07-14 06:51 - 00293137 _____ () C:\Windows\setupact.log
2015-05-15 07:39 - 2012-04-11 20:45 - 00000000 ____D () C:\Users\Michael\Documents\Outlook-Dateien
2015-05-14 22:31 - 2014-05-17 16:59 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-14 22:27 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-14 22:27 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-14 22:22 - 2011-11-20 07:23 - 00702980 _____ () C:\Windows\system32\perfh007.dat
2015-05-14 22:22 - 2011-11-20 07:23 - 00150620 _____ () C:\Windows\system32\perfc007.dat
2015-05-14 22:22 - 2009-07-14 07:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-14 10:47 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-14 10:36 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-14 10:34 - 2010-11-21 05:47 - 01067604 _____ () C:\Windows\PFRO.log
2015-05-14 10:34 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\default.bak
2015-05-14 10:34 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-05-14 10:34 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-05-14 09:30 - 2014-10-31 00:09 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-14 09:29 - 2013-09-22 17:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-14 09:23 - 2012-05-06 13:46 - 00000000 ____D () C:\Users\Michael\Tracing
2015-05-14 09:12 - 2009-07-14 06:45 - 00446824 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 09:08 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 09:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-14 00:43 - 2012-04-06 21:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 00:41 - 2013-08-14 08:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 00:28 - 2012-04-14 17:33 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-14 00:24 - 2013-03-13 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-14 00:24 - 2013-03-13 21:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 00:24 - 2013-03-13 21:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 22:28 - 2012-04-15 21:31 - 00000000 ____D () C:\Users\Kerstin(1)\Documents\Outlook-Dateien
2015-05-13 08:03 - 2013-05-26 21:13 - 00000000 ___RD () C:\Users\Kerstin(1)\Dropbox
2015-05-13 08:03 - 2013-05-26 21:10 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Roaming\Dropbox
2015-05-12 09:51 - 2013-03-28 13:10 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-12 09:51 - 2013-03-28 13:10 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-10 19:58 - 2013-05-26 21:13 - 00001037 _____ () C:\Users\Kerstin(1)\Desktop\Dropbox.lnk
2015-05-10 19:58 - 2013-05-26 21:11 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-10 16:43 - 2012-12-09 12:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\DoNotTrackPlus
2015-05-10 10:03 - 2014-05-17 16:56 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-09 15:48 - 2015-01-24 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-09 15:13 - 2012-04-06 17:17 - 00000000 ____D () C:\Users\Michael
2015-05-08 15:01 - 2014-05-17 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-08 15:01 - 2014-05-17 16:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-05-08 13:28 - 2013-09-01 11:12 - 00000000 ____D () C:\Users\Antonia\AppData\Roaming\Skype
2015-05-08 13:18 - 2015-02-22 15:52 - 00000000 ____D () C:\Users\Antonia\AppData\Roaming\.minecraft
2015-05-05 17:45 - 2014-02-07 17:06 - 00000000 ____D () C:\Users\BENJAMIN.ABKM-2012\AppData\Roaming\.minecraft
2015-05-03 19:29 - 2008-09-14 11:36 - 00000000 ____D () C:\Users\Michael\Documents\WISO Mein Geld
2015-05-03 17:59 - 2013-09-01 11:21 - 00000000 ____D () C:\Users\Antonia\Documents\Outlook-Dateien
2015-05-03 14:39 - 2011-05-24 16:40 - 00000000 ____D () C:\Users\Michael\Documents\Mein Steuer-Sparbuch Heute
2015-05-02 18:01 - 2011-07-11 11:54 - 00000000 ____D () C:\ProgramData\Skype
2015-05-02 17:59 - 2012-04-11 20:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-02 17:58 - 2012-04-11 20:20 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-02 17:58 - 2011-07-11 12:28 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-01 15:57 - 2013-09-14 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-05-01 15:57 - 2012-11-30 11:52 - 00001620 _____ () C:\Users\Michael\Desktop\DivX Movies.lnk
2015-05-01 15:57 - 2012-06-03 18:53 - 00000000 ____D () C:\Program Files (x86)\DivX
2015-05-01 15:57 - 2012-06-03 18:52 - 00000000 ____D () C:\ProgramData\DivX
2015-04-24 22:12 - 2012-06-08 16:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-20 14:46 - 2008-09-14 11:36 - 00000000 ____D () C:\Users\Michael\Documents\Wielandstrasse
2015-04-20 14:44 - 2015-04-12 23:27 - 00000000 ____D () C:\Users\Michael\Documents\Sentastr
2015-04-19 13:24 - 2012-04-11 19:39 - 00000000 ____D () C:\Users\Michael\Documents\Computer
2015-04-15 17:03 - 2014-12-12 08:57 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 17:03 - 2014-05-01 10:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 17:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 11:17 - 2014-01-18 17:19 - 01602852 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 11:06 - 2009-07-14 04:34 - 00000510 _____ () C:\Windows\win.ini
==================== Files in the root of some directories =======
2012-05-26 09:58 - 2014-11-08 15:44 - 0003258 _____ () C:\Users\Michael\AppData\Roaming\Rim.Desktop.Exception.log
2012-05-26 09:57 - 2013-09-08 15:08 - 0003361 _____ () C:\Users\Michael\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-05-26 09:58 - 2014-11-08 15:44 - 0000847 _____ () C:\Users\Michael\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-10-21 22:21 - 2014-11-08 15:44 - 0010010 _____ () C:\Users\Michael\AppData\Roaming\Rim.Transcoder.Exception.log
2015-04-10 20:51 - 2015-04-10 20:51 - 0190611 _____ () C:\Users\Michael\AppData\Local\4A594BA6_stp.CIS
2015-04-10 20:51 - 2015-04-10 20:51 - 0000290 _____ () C:\Users\Michael\AppData\Local\4A594BA6_stp.CIS.part
2015-04-10 20:49 - 2015-04-10 20:49 - 0385602 _____ () C:\Users\Michael\AppData\Local\5D515C96_stp.CIS
2015-04-10 20:49 - 2015-04-10 20:49 - 0000220 _____ () C:\Users\Michael\AppData\Local\5D515C96_stp.CIS.part
2015-04-10 20:51 - 2015-04-10 20:54 - 8437760 _____ () C:\Users\Michael\AppData\Local\784ED66F_stp.CIS
2015-04-10 20:51 - 2015-04-10 20:51 - 0000442 _____ () C:\Users\Michael\AppData\Local\784ED66F_stp.CIS.part
2012-04-13 19:18 - 2015-01-31 14:23 - 0026112 _____ () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-07 17:36 - 2014-12-07 17:36 - 0000017 _____ () C:\Users\Michael\AppData\Local\resmon.resmoncfg
2013-02-16 22:59 - 2013-02-16 22:59 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-11-24 07:21 - 2013-03-16 22:42 - 0002538 _____ () C:\ProgramData\ArcadeDeluxe5.log
Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\avgnt.exe
C:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9wafys.dll
C:\Users\Michael\AppData\Local\Temp\Quarantine.exe
C:\Users\Michael\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2013-09-01 12:28
==================== End Of Log ============================
--- --- --- |
|
15.05.2015, 07:38
| #12 |
| | Positiver Befall mit 4 Trojanern unter Windows7 #1Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2015 02
Ran by Michael at 2015-05-15 08:29:58
Running from C:\Users\Michael\Desktop\Trojan Tools
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3665776361-1376430445-3332247537-500 - Administrator - Disabled)
Antonia (S-1-5-21-3665776361-1376430445-3332247537-1005 - Limited - Enabled) => C:\Users\Antonia
BENJAMIN (S-1-5-21-3665776361-1376430445-3332247537-1009 - Limited - Enabled) => C:\Users\BENJAMIN.ABKM-2012
Gast (S-1-5-21-3665776361-1376430445-3332247537-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3665776361-1376430445-3332247537-1002 - Limited - Enabled)
Kerstin(1) (S-1-5-21-3665776361-1376430445-3332247537-1008 - Limited - Enabled) => C:\Users\Kerstin(1)
Michael (S-1-5-21-3665776361-1376430445-3332247537-1000 - Administrator - Enabled) => C:\Users\Michael
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: FireWall (Disabled) {753F9273-B322-2907-AC37-03D0F1702F22}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2weistein (HKLM-x32\...\{307702F6-FD2C-484A-8F2E-A1DCE85FD9CC}_is1) (Version: - Brainmonster Studios)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3505 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Acronis*True*Image*Home 2012 (HKLM-x32\...\{243EF3E5-537D-4A15-8EE8-47D5473D9C73}Visible) (Version: 15.0.7133 - Acronis)
Acronis*True*Image*Home 2012 (x32 Version: 15.0.7133 - Acronis) Hidden
ActiveX контрола на Windows Live Mesh за отдалечени връзки (HKLM-x32\...\{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}) (Version: 15.4.5722.2 - Microsoft Corporation)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements (HKLM-x32\...\Adobe Photoshop Elements 1.0) (Version: 1.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe SVG Viewer (HKLM-x32\...\Adobe SVG Viewer) (Version: 1.0 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon Music (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
ANNO 1404 - Königsedition (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 3.10.0000 - Ubisoft)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10405 - ATI Technologies Inc.) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
AVM FRITZ!Box AddOn (IE) (HKLM-x32\...\{CEAD06D8-D033-4D2A-9328-AF49089E129F}) (Version: 1.7.0 - AVM Berlin)
AVM FRITZ!Box AddOn (IE) (x64) (HKLM\...\{EC3671D7-98AC-4951-8FFD-5556BE066137}) (Version: 1.7.0 - AVM Berlin)
AVM FRITZ!Box-Kindersicherung (HKLM-x32\...\{7497BB4F-CE23-47D4-B2CB-62548080F74F}) (Version: 4.2.3 - AVM Berlin)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version: - AVM Berlin)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research in Motion Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
clear.fi (x32 Version: 1.5.3201_45059 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.9024 - CyberLink Corp.) Hidden
clear.fi (HKLM-x32\...\InstallShield_{37126D87-E4FD-4614-B908-A0BB7ECE3992}) (Version: 1.5.3318.35 - CyberLink Corp.)
clear.fi (x32 Version: 1.5.3318.35 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.05.3002 - Acer Incorporated)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Control ActiveX del Windows Live Mesh per a connexions remotes (HKLM-x32\...\{76C064E2-BB99-4453-8FDA-42BC01AD0734}) (Version: 15.4.5722.2 - Microsoft Corporation)
Control ActiveX Windows Live Mesh pentru conexiuni la distanță (HKLM-x32\...\{260E3D78-94E6-47EC-8E29-46301572BB1E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controle ActiveX do Windows Live Mesh para Conexões Remotas (HKLM-x32\...\{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Applications (HKLM-x32\...\Corel Applications) (Version: - )
Corel PaintShop Pro X4 (HKLM-x32\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.345 - Corel Corporation)
Corel PaintShop Pro X4 (x32 Version: 14.1.0.5 - Corel Corporation) Hidden
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Jagd nach dem blauen Kristall (HKLM-x32\...\Die Jagd nach dem blauen Kristall) (Version: - )
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC)
Dropbox (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Elevated Installer (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Etron USB3.0 Host Controller (x32 Version: 0.106 - Etron Technology) Hidden
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.0.8 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.0.8 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free Audio CD Burner version 2.0.24.827 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: 2.0.24.827 - DVDVideoSoft Ltd.)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free Audio Converter version 5.0.27.725 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.27.725 - DVDVideoSoft Ltd.)
Free Disc Burner version 3.0.18.1212 (HKLM-x32\...\Free Disc Burner_is1) (Version: 3.0.18.1212 - DVDVideoSoft Ltd.)
Free DVD Video Converter version 2.0.15.1125 (HKLM-x32\...\Free DVD Video Converter_is1) (Version: 2.0.15.1125 - DVDVideoSoft Ltd.)
Free MP4 Video Converter version 5.0.46.820 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.46.820 - DVDVideoSoft Ltd.)
Free Studio version 6.5.0.324 (HKLM-x32\...\Free Studio_is1) (Version: 6.5.0.324 - DVDVideoSoft Ltd.)
Free Video Call Recorder for Skype version 1.2.8.1230 (HKLM-x32\...\Free Video Call Recorder for Skype_is1) (Version: 1.2.8.1230 - DVDVideoSoft Ltd.)
Free Video Dub version 2.0.21.827 (HKLM-x32\...\Free Video Dub_is1) (Version: 2.0.21.827 - DVDVideoSoft Ltd.)
Free Video Flip and Rotate version 2.1.9.822 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 2.1.9.822 - DVDVideoSoft Ltd.)
Free Video to Android Converter version 5.0.32.1230 (HKLM-x32\...\Free Video to Android Converter_is1) (Version: 5.0.32.1230 - DVDVideoSoft Ltd.)
Free Video to DVD Converter version 5.0.45.716 (HKLM-x32\...\Free Video to DVD Converter_is1) (Version: 5.0.45.716 - DVDVideoSoft Ltd.)
Free Video to iPod Converter version 5.0.27.725 (HKLM-x32\...\Free Video to iPod Converter_is1) (Version: 5.0.27.725 - DVDVideoSoft Ltd.)
Free Video to Samsung Phones Converter version 5.0.32.1230 (HKLM-x32\...\Free Video to Samsung Phones Converter_is1) (Version: 5.0.32.1230 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.20.1230 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.20.1230 - DVDVideoSoft Ltd.)
Free YouTube to DVD Converter version 3.1.13.925 (HKLM-x32\...\Free YouTube to DVD Converter_is1) (Version: 3.1.13.925 - DVDVideoSoft Ltd.)
Free YouTube to iPhone Converter version 2.12.20.1230 (HKLM-x32\...\Free YouTube to iPhone Converter_is1) (Version: 2.12.20.1230 - DVDVideoSoft Ltd.)
Free YouTube to iPod Converter version 3.11.12.827 (HKLM-x32\...\Free YouTube to iPod Converter_is1) (Version: 3.11.12.827 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.50.1111 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1111 - DVDVideoSoft Ltd.)
FRITZ!DSL64 (HKLM\...\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}) (Version: 2.04.03 - AVM Berlin)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin City Navigator Europe NT 2013.10 Update (HKLM-x32\...\{EC28FA6E-E38D-4F72-80EF-1FBE66B05668}) (Version: 16.10.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2014.30 Update (HKLM-x32\...\{F956C0BB-D2FA-4BA5-80D7-AC08E7CD611B}) (Version: 17.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2015.40 (HKLM-x32\...\{04B2E836-EF35-438B-89B8-59F484090283}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Gpg4win (2.1.1) (HKLM-x32\...\GPG4Win) (Version: 2.1.1 - The Gpg4win Project)
Horse Life (HKLM-x32\...\Horse Life_is1) (Version: - )
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Acer Incorporated)
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (HKLM\...\{0A8BEF69-0DD7-4A8F-9AED-0CB91BEBCB58}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Hilfe (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Product Detection (HKLM-x32\...\{42D10994-A566-495D-A5E7-D0C6B5C6B35C}) (Version: 11.14.0006 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ICA (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
IPM_PSP_COM (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.3.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.3.0 - )
Kontrola Windows Live Mesh ActiveX za daljinske veze (HKLM-x32\...\{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}) (Version: 15.4.5722.2 - Microsoft Corporation)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
LEGO® Batman™ 2: DC Super Heroes (HKLM-x32\...\{4E2EA555-3DAE-4BE1-96BF-6A632ACFE8DE}) (Version: 1.0.0.0 - Warner Bros. Interactive Entertainment)
LEGO® Star Wars™: Die Komplette Saga (HKLM-x32\...\InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}) (Version: 1.00.0000 - LucasArts)
LEGO® Star Wars™: The Complete Saga (x32 Version: 1.00.0000 - LucasArts) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Marketsplash Schnellzugriffe (HKLM-x32\...\{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}) (Version: 1.0.1.7 - Hewlett-Packard)
Matrix Code Emulator 1.50 (HKLM-x32\...\Matrix Code Emulator_is1) (Version: - Reality Rift Studios)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4517.1509 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WorldWide Telescope (HKLM-x32\...\{02E7492D-C46F-4A34-A197-D1C3F19A1F4A}) (Version: 5.0.3 - Microsoft Research)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\MyFreeCodec) (Version: - )
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.15 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.15 - Egis Technology Inc.) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10800.6.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4517.1509 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4517.1509 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4517.1509 - Microsoft Corporation) Hidden
OTR Homeloader 1.5.8.146 (HKLM-x32\...\OTR Homeloader) (Version: 1.5.8.146 - © onlinetvrecorder.com)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM-x32\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}) (Version: 15.4.5722.2 - Microsoft Corporation)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Pearl Harbor: Fire on the Water (x32 Version: 2.2.0.110 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Pflanzen gegen Zombies (HKLM-x32\...\Pflanzen gegen Zombies) (Version: - PopCap Games)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PonyGirl2 (HKLM-x32\...\PonyGirl2) (Version: - )
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.10 - ProtectDisc Software GmbH)
PSPPContent (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
PSPPro64 (Version: 14.0.0.345 - Corel Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6242 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.1.1.11124_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.1.1.11124_17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Setup (x32 Version: 14.0.0.345 - Ihr Firmenname) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Snapfish Fotobuch (HKLM-x32\...\Snapfish Fotobuch) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Space Fighters 3D (HKLM-x32\...\SpaceFighters3D) (Version: 1.0D - Anders und Seim Neue Medien AG)
SPEEDLINK Strike 2 Gamepad (HKLM-x32\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.08.17 - )
Sweet Home 3D version 4.6 (HKLM\...\Sweet Home 3D_is1) (Version: - eTeks)
TKKG16 (HKLM-x32\...\TKKG16) (Version: Das unheimliche Zimmer" - Tivola Development GmbH)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Urruneko konexioetarako Windows Live Mesh ActiveX kontrola (HKLM-x32\...\{7BA6DF02-B094-45D7-A3C9-BE3684253922}) (Version: 15.4.5722.2 - Microsoft Corporation)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (x32 Version: 4.0.10.2 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wireshark 1.12.4 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.4 - The Wireshark developer community, hxxp://www.wireshark.org)
WISO Mein Geld 2014 Standard (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\WISO Mein Geld 2014 Standard) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2014 Standard (x32 Version: 16.0.1.0 - Buhl Data Service GmbH) Hidden
WISO Steuer-Sparbuch 2012 (HKLM-x32\...\{0CC1DAFB-40C8-4903-953D-471E541477C7}) (Version: 19.03.7334 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{1A51972F-7455-4EF7-9B62-FAF851E0BE13}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{D31520BA-35B4-41A9-A176-6A69F6BDB046}) (Version: 22.02.8861 - Buhl Data Service GmbH)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย) (HKLM-x32\...\{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2015-05-14 10:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {06BD7732-AC4C-4D89-885B-23BA3DE7A669} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0FE833D6-1CC1-4D33-AD84-2DA4D5B307D0} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {13EDDADF-414A-4208-8B6A-08C5B5F9D110} - System32\Tasks\{AFE53008-C007-408D-AC1A-522FF6694D9D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{D596980D-17BE-4425-B8F0-5640719AADE9}\setup.exe" -c -runfromtemp -l0x0407
Task: {15080E1E-897B-4116-AC0B-A04DB15A74F3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {201022E4-9FC8-42D8-856E-97E0A2D248B6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-08-13] (Microsoft Corporation)
Task: {2BDB76D0-55AF-4A26-BD8B-612E7E9CE036} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {2F8C7232-6B89-4A83-A839-009522724610} - System32\Tasks\{BCA64A62-A2F0-4023-9FE4-D9BF2DD0AAB7} => pcalua.exe -a "C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2238UOIF\avm_fritz!wlan_usb_stick_x64_build_100906.exe" -d C:\Users\Michael\Desktop
Task: {38C5C3F5-7303-41FE-AA18-D55BF2CFDBF4} - System32\Tasks\hpUtility.exe_{9189978C-8FF7-42B9-8AE7-F38CEBEA73B8} => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\utils\hpUtility.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {415E614A-8D00-4D17-B889-DB9A42C89CC3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-02] (Adobe Systems Incorporated)
Task: {49735EFF-FBBD-4D0C-A45D-58A85253DDB6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-08-13] (Microsoft Corporation)
Task: {5C5FE30A-AAA1-4C2E-AD79-30544C05DA33} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {6453F120-7242-41F6-A713-3EB92534A46C} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-10-12] (CyberLink)
Task: {6E263B84-6926-4989-BDD9-4979DC4D5614} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {7F8039A3-75EC-4376-8A96-CB13A28A4989} - System32\Tasks\{77A7DFBC-3C5C-48ED-A38F-6DEC9589FD7E} => pcalua.exe -a E:\Driver\setup.exe -d E:\Driver
Task: {85E724A5-C5C5-435F-9201-631A24F3514B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-06-09] (Microsoft Corporation)
Task: {AA4AA929-BC40-4A19-BB5F-40006A45D073} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2012-09-18] (Acer Incorporated)
Task: {B2AF022D-4264-4CA8-A432-4D08941B54DD} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {B39F4286-CB41-4E8B-A96C-9ECCDF09CFFF} - System32\Tasks\{21BF5564-D73B-44F0-B06A-09046295D728} => pcalua.exe -a E:\setup.exe -d E:\
Task: {B7B67FE5-1CFE-41C2-8E99-8764874A0FAE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {E3CC3F58-509D-42BD-AD54-2D2F937A5B0E} - System32\Tasks\Microsoft_Hardware_Launch_vVX6000_exe => C:\Windows\vVX6000.exe [2010-05-20] (Microsoft Corporation
)
Task: {ECC392DF-FFA3-4336-B2D6-8D41460E2B8B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {F0DE2495-7482-4D61-971A-AA04E7CFBF8E} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2012-09-18] (CyberLink Corp.)
Task: C:\Windows\Tasks\Adobe Acrobat Update Task.job => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf89f1fda08b48.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfeadeb7541613.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfff7a2e6aa93.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d041e914e2aa29.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2013-01-12 14:42 - 2006-02-23 12:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2013-01-12 14:42 - 2006-02-22 11:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-28 18:50 - 2013-05-28 18:50 - 00218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-01-02 19:00 - 2014-12-08 08:27 - 06277952 _____ () C:\Users\Michael\AppData\Local\Amazon Music\Amazon Music Helper.exe
2013-11-17 13:21 - 2014-07-02 10:13 - 01427736 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
2011-08-11 05:58 - 2011-08-11 05:58 - 00627304 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-04-28 17:51 - 2013-06-20 13:03 - 00386216 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-04-28 17:51 - 2013-06-09 16:05 - 00518824 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-04-28 17:51 - 2013-06-09 16:05 - 00612520 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-05-28 18:44 - 2013-05-28 18:44 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2013-05-28 18:42 - 2013-05-28 18:42 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2013-05-28 18:41 - 2013-05-28 18:41 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2013-05-28 18:44 - 2013-05-28 18:44 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2013-05-28 18:45 - 2013-05-28 18:45 - 00627712 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 09789208 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 00035608 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 00309016 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 00322840 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2013-11-17 13:20 - 2014-07-02 10:14 - 03880216 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 00136472 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 02738456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 02116376 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01932568 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 04326168 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll
2013-11-17 13:20 - 2014-02-11 12:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll
2013-11-17 13:20 - 2014-02-11 12:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll
2013-11-17 13:20 - 2014-02-11 12:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01564952 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 05291288 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01698584 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01809688 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01627928 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01117976 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01341208 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01309464 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 07340824 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01286936 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01331480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll
2015-05-15 08:18 - 2015-05-15 08:18 - 00043008 _____ () c:\users\michael\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9wafys.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-05-15 08:16 - 2015-05-15 08:16 - 00098816 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\win32api.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00110080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\pywintypes27.dll
2015-05-15 08:16 - 2015-05-15 08:16 - 00364544 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\pythoncom27.dll
2015-05-15 08:16 - 2015-05-15 08:16 - 00045568 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\_socket.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 01161216 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\_ssl.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00320512 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\win32com.shell.shell.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00713216 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\_hashlib.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 01175040 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\wx._core_.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00805888 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\wx._gdi_.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00811008 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\wx._windows_.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 01062400 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\wx._controls_.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00735232 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\wx._misc_.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00682496 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\pysqlite2._sqlite.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00128512 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\_elementtree.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00127488 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\pyexpat.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00087552 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\_ctypes.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00119808 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\win32file.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00108544 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\win32security.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00007168 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\hashobjs_ext.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00017408 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\usb_ext.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00167936 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\win32gui.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00018432 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\win32event.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00013824 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\common.time34.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00036864 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\_psutil_windows.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00038912 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\win32inet.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00011264 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\win32crypt.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00070656 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\wx._html2.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00027136 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\_multiprocessing.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00020480 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\_yappi.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00035840 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\win32process.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00686080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\unicodedata.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00122368 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\wx._wizard.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00024064 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\win32pipe.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00010240 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\select.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00025600 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\win32pdh.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00525640 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\windows._lib_cacheinvalidation.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00017408 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\win32profile.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00022528 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\win32ts.pyd
2015-05-15 08:16 - 2015-05-15 08:16 - 00078336 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI23482\wx._animate.pyd
2011-08-11 05:57 - 2011-08-11 05:57 - 00151656 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2012-06-28 16:58 - 2012-06-28 16:58 - 00435584 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
2014-10-15 21:15 - 2014-10-15 21:15 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2011-11-24 07:12 - 2010-11-06 00:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\bayer.com -> hxxps://mymail.bayer.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\123simsen.com -> www.123simsen.com
There are 6845 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [{C9D242DC-25AF-4AF2-BB94-DAB940B3A60D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3C47A78D-7CCA-4D2E-A2B7-E41DEC3FB628}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{EF2AD903-CA8A-48B8-BA8D-AC8AF551734A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{7E9724D4-BBC2-4F08-A50C-B5CB49993F4A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9597C05A-1907-40A9-B1FA-916B94D1DCED}] => (Allow) LPort=2869
FirewallRules: [{600BA4A8-53A4-488A-A939-FD6B7E5939A7}] => (Allow) LPort=1900
FirewallRules: [{ED91579B-7073-4D88-BAA2-EF8754A652D9}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{388D3D32-53CD-44B6-9323-AB004EF5B290}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8FE7A59D-113B-4438-84C0-B111496F1CD5}] => (Allow) E:\fsetup.exe
FirewallRules: [{95FE17A3-C1D4-4425-88B5-F0028D7C06FF}] => (Allow) E:\fsetup.exe
FirewallRules: [{E759168D-02CB-4F7F-9789-A00E3C4C33ED}] => (Allow) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
FirewallRules: [{0DF8F296-597C-48D1-9378-706B92E8C884}] => (Allow) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
FirewallRules: [{04364AA0-AAC0-4CA3-9F35-373342E92752}] => (Allow) C:\Program Files\FRITZ!DSL\FBOXUPD.EXE
FirewallRules: [{9B275731-692F-439E-AFEB-1BADAB356C7A}] => (Allow) C:\Program Files\FRITZ!DSL\FBOXUPD.EXE
FirewallRules: [{176F6BD2-E313-4ACD-A144-59FD12CB2D72}] => (Allow) C:\Program Files\FRITZ!DSL\WebwaIgd.exe
FirewallRules: [{C2678EC3-1C35-4B04-B92C-D01FF239B191}] => (Allow) C:\Program Files\FRITZ!DSL\WebwaIgd.exe
FirewallRules: [{71DF01A8-3686-4D06-BEF4-56CDDFDB8AD3}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{763B9429-FF6F-4D99-BA7E-7E69B5EC8DB1}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{82F39FD0-930D-404E-8527-E4DE962866CE}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{D1A32A56-F835-4D22-9FB1-43F39DF56B9E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{0F0DEA32-5E0E-476B-B6F1-F125CB2BE877}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{E2F8D7EF-B881-4C99-9F39-22E35427B00C}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{3861C9F6-A5B8-4F20-B2DB-1E495564DB20}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{0500228A-C9AA-4EBD-9AD2-48446376E7F4}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{ADC8774B-A50A-43FC-B580-A6417F7DE597}] => (Allow) LPort=4481
FirewallRules: [{FE9A06C4-46CD-4772-8F35-BA3C46DBE2A1}] => (Allow) LPort=4481
FirewallRules: [{52BB8DF9-6381-4CC4-A793-831E1E6004BE}] => (Allow) LPort=4482
FirewallRules: [{3B34CFC9-0B67-49DC-9234-4E72BE801B5F}] => (Allow) LPort=4482
FirewallRules: [{E455E453-8EF5-4C02-B3B4-421ABC807F65}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{03E17A5A-B0CC-47E9-BAD5-C75A8C7C44B1}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{8DAE088C-D404-415E-8926-2F3507A41FA6}] => (Allow) LPort=4481
FirewallRules: [{568F1D79-2097-4DE4-BAD1-3B94093A530A}] => (Allow) LPort=4481
FirewallRules: [{EFDA4574-D805-45A3-89F3-730FDE578304}] => (Allow) LPort=4482
FirewallRules: [{69B928F6-04A0-4298-9B3C-6B7ACC7A6EC9}] => (Allow) LPort=4482
FirewallRules: [{D2E880E5-AEA1-46ED-898A-6A869E77B66D}] => (Allow) C:\Users\Michael\AppData\Local\Temp\_ISTMP3.DIR\_ISTMP0.DIR\igd_finder.exe
FirewallRules: [{3C4EA169-3582-4139-8D9E-B2289F585402}] => (Allow) C:\Users\Michael\AppData\Local\Temp\_ISTMP3.DIR\_ISTMP0.DIR\igd_finder.exe
FirewallRules: [{25DCF301-824F-4AAC-B756-B424AF758F22}] => (Allow) LPort=5031
FirewallRules: [{017C46D6-584C-4DA9-8532-7E57F5ACFF03}] => (Allow) C:\Users\Michael\AppData\Local\Temp\_ISTMP3.DIR\_INS5576._MP
FirewallRules: [{6C07132D-B959-40B0-A5E1-9381AB7B1C9C}] => (Allow) C:\Users\Michael\AppData\Local\Temp\_ISTMP3.DIR\_INS5576._MP
FirewallRules: [{8B142A97-0976-4D90-9368-DA57B6AAC677}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS5804\HPDiagnosticCoreUI.exe
FirewallRules: [{73889DA0-43A0-46C8-8CE2-901C1480D76B}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS5804\HPDiagnosticCoreUI.exe
FirewallRules: [{12064533-AE2E-4FD1-A04D-84761BD33E69}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS5961\hppiw.exe
FirewallRules: [{76FB54EB-A124-4BBB-BB3B-3FCE364671B7}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS5961\hppiw.exe
FirewallRules: [{12C49088-AC2B-41B3-9A8B-17329787105A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\FaxApplications.exe
FirewallRules: [{7D58C282-6184-40FA-B1E9-B88575459B1A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\DigitalWizards.exe
FirewallRules: [{51E6148A-6E4C-47FF-BA1B-B903F393D5AE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\SendAFax.exe
FirewallRules: [{7D085111-33A0-411D-A569-C9CA20B02D8A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe
FirewallRules: [{6A16B531-25B3-488F-80A0-42725A2DC96D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
FirewallRules: [{7D309AEE-D794-48BE-8F17-4615E3611BCD}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{B6323A56-ED26-4469-B3C2-FC140CE56DB0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{85BCD67E-C592-4F48-8988-FC32AC54D0D9}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{2F0214AC-E971-4A23-A7CA-81578925B65F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{F17E1B7C-2E36-47E8-AD0C-EA00A86910AA}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{2BBE5713-307F-4357-9FCA-95BCD3CBA5FE}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{81C86BF7-1306-48BB-9818-DD02A255512B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{9F570D08-D86B-4AE3-B9B4-C4F87AD1C4DF}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{EEE78BE8-8619-4972-BAD8-1C7F4D12C781}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{3B2F7565-7D7C-4780-8E4D-8743DEF9B36A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
FirewallRules: [{198864CE-CD10-4C99-BED4-2F4776406330}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\PlayMovie.exe
FirewallRules: [{CCBD6139-73A0-4808-941A-6A9AF6C22291}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{835101D6-156A-4027-B96D-9B62E562C48B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{6841C0F7-C1CD-44B5-84D4-4B980436EAA3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{E1732156-0092-4927-BEC2-CC4B98FD19F3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{8F42CF1E-43AE-4340-933F-B5B8B8949180}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{8828AAC2-9F98-41C5-B32B-24283D063037}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D6C4729D-BC9D-4EEE-8AD0-6303381D8574}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B0920B14-F1C9-405B-91FA-D9933AA65A04}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5B174C98-464A-433E-964D-8A5EE9C9E8EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E0957D46-DACD-4A59-AC15-A24D0DCBE9BE}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{92AE468D-DCF2-46CB-9BE5-354E1664C7C8}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{C24C8CBE-BC4D-4E17-A37E-CEA09DFA0A25}] => (Allow) C:\Users\Kerstin(1)\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{620AE8BA-C9EA-419E-94E0-00DECB5E0E06}] => (Allow) C:\Users\Kerstin(1)\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2CD4582C-2903-4A96-9401-AFEEA51CDB50}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{033B7368-8B98-4E99-A12E-5816EF7B5FCE}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{F09D235F-1111-4387-8B6A-CE939F3E0E6A}] => (Allow) C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe
FirewallRules: [{B38F3C9A-2096-469C-A305-21D6861FF3F7}] => (Allow) C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe
FirewallRules: [{F304595D-4C61-4B9A-BCE0-9FE19F073B2C}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Anno4.exe
FirewallRules: [{8CBC0F82-BF4E-4EC0-AC68-E3001567775A}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Anno4.exe
FirewallRules: [{3011FF30-5F17-48F9-8C84-3A4777535953}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Addon.exe
FirewallRules: [{FF96BB1B-558F-4990-91C8-4E4D2FA10254}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Addon.exe
FirewallRules: [{BFADD09D-72E5-4D79-8A44-B9A9645DBE87}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Anno4Web.exe
FirewallRules: [{BD150C6E-CDA3-4003-8A04-D98BE435618B}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Anno4Web.exe
FirewallRules: [{1512ADE2-6EFF-4D45-AD57-E9C5B220CA9D}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\AddonWeb.exe
FirewallRules: [{0130F6AD-FCE5-4E61-AD27-28B65163BFBC}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\AddonWeb.exe
FirewallRules: [{A77FEDFE-05A2-4A41-881B-EA2F378975D5}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Benchmark.exe
FirewallRules: [{A2C7781F-3A84-4476-980A-0B6CB2776ECE}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Benchmark.exe
FirewallRules: [{936CDF9C-21B0-49EC-B52D-F997BC42AABE}] => (Allow) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FCF49220-9855-4FD5-9828-6E734E926362}] => (Allow) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{2A51E31E-0825-4364-93A9-53B3111D4BEE}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{1DB5141C-2C7E-40E7-BD66-913BD4598F23}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{44CE2C93-06B4-46AF-AADB-422B81A0DAFB}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{BBD53D6A-1025-4870-B795-89896280248E}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{5238C553-D394-4075-9D3E-8D225137B983}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CF0DE276-C226-4232-A414-96F068B790DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{0A88D139-9D09-470A-B142-4F89F58DC8DF}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{7676DAC4-29C8-43B0-A342-7F48B24E1E83}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{BF9CF787-F1FD-4435-A239-8C46C3F0CF24}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{EC599DB0-83EE-44E2-B26A-DEBC3D01BEA9}C:\users\antonia\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\antonia\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{CAD62162-5C9A-4470-B683-DAED6BCB517A}C:\users\antonia\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\antonia\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{4A35D0C8-FFFB-40F6-95B1-B55D33815992}C:\users\kerstin(1)\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kerstin(1)\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{8F250A55-1BAA-45AF-A210-774AAC9CD52F}C:\users\kerstin(1)\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kerstin(1)\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{EA8692AD-A1CC-4676-AD47-FC393025FDAF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{1492FE07-7953-40AC-BCAE-81D5DE405213}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{BF0841E8-53A8-49B3-9686-0C30823FFDAC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: Officejet Pro 8500 A910
Description: Officejet Pro 8500 A910
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Officejet Pro 8500 A910
Description: Officejet Pro 8500 A910
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/15/2015 08:28:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 14.5.2015.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1ca4
Startzeit: 01d08ed802619cbc
Endzeit: 20
Anwendungspfad: C:\Users\Michael\Desktop\Trojan Tools\FRST64.exe
Berichts-ID: 921bf3bf-facb-11e4-b5e2-bc05430c7d61
Error: (05/15/2015 08:18:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/15/2015 08:17:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: StCenter.exe, Version: 2.4.3.0, Zeitstempel: 0x4a5ddb4b
Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161, Zeitstempel: 0x4dace4e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000036ede
ID des fehlerhaften Prozesses: 0xa20
Startzeit der fehlerhaften Anwendung: 0xStCenter.exe0
Pfad der fehlerhaften Anwendung: StCenter.exe1
Pfad des fehlerhaften Moduls: StCenter.exe2
Berichtskennung: StCenter.exe3
Error: (05/15/2015 08:15:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_DiagTrack, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8bfa
Ausnahmecode: 0xc000000d
Fehleroffset: 0x000000000006ec12
ID des fehlerhaften Prozesses: 0x8f4
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_DiagTrack0
Pfad der fehlerhaften Anwendung: svchost.exe_DiagTrack1
Pfad des fehlerhaften Moduls: svchost.exe_DiagTrack2
Berichtskennung: svchost.exe_DiagTrack3
Error: (05/14/2015 10:17:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/14/2015 01:55:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_DiagTrack, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8bfa
Ausnahmecode: 0xc000000d
Fehleroffset: 0x000000000006ec12
ID des fehlerhaften Prozesses: 0x984
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_DiagTrack0
Pfad der fehlerhaften Anwendung: svchost.exe_DiagTrack1
Pfad des fehlerhaften Moduls: svchost.exe_DiagTrack2
Berichtskennung: svchost.exe_DiagTrack3
Error: (05/14/2015 11:09:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/14/2015 10:57:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/14/2015 10:57:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: StCenter.exe, Version: 2.4.3.0, Zeitstempel: 0x4a5ddb4b
Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161, Zeitstempel: 0x4dace4e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000036ede
ID des fehlerhaften Prozesses: 0xe0c
Startzeit der fehlerhaften Anwendung: 0xStCenter.exe0
Pfad der fehlerhaften Anwendung: StCenter.exe1
Pfad des fehlerhaften Moduls: StCenter.exe2
Berichtskennung: StCenter.exe3
Error: (05/14/2015 10:52:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_DiagTrack, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8bfa
Ausnahmecode: 0xc000000d
Fehleroffset: 0x000000000006ec12
ID des fehlerhaften Prozesses: 0x8e8
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_DiagTrack0
Pfad der fehlerhaften Anwendung: svchost.exe_DiagTrack1
Pfad des fehlerhaften Moduls: svchost.exe_DiagTrack2
Berichtskennung: svchost.exe_DiagTrack3
System errors:
=============
Error: (05/15/2015 08:17:30 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (05/15/2015 08:16:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Garmin Device Interaction Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/15/2015 08:16:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Device Interaction Service erreicht.
Error: (05/15/2015 08:15:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Diagnostics Tracking Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/15/2015 08:15:08 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (05/15/2015 08:14:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/15/2015 08:14:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Email-Schutz" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (05/15/2015 08:14:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Microsoft Office-Dienst" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (05/15/2015 08:14:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/15/2015 08:14:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Acronis Nonstop Backup Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (05/15/2015 08:28:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe14.5.2015.21ca401d08ed802619cbc20C:\Users\Michael\Desktop\Trojan Tools\FRST64.exe921bf3bf-facb-11e4-b5e2-bc05430c7d61
Error: (05/15/2015 08:18:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/15/2015 08:17:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: StCenter.exe2.4.3.04a5ddb4bMSVCR90.dll9.0.30729.61614dace4e7c00000050000000000036edea2001d08ed6b7301a98C:\Program Files\FRITZ!DSL\StCenter.exeC:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCR90.dll071fb412-faca-11e4-b5e2-c89cdc6e0522
Error: (05/15/2015 08:15:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18839553e8bfac000000d000000000006ec128f401d08e82d2318fd4C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dllbf51fe50-fac9-11e4-b6e6-bc05430c7d61
Error: (05/14/2015 10:17:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/14/2015 01:55:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18839553e8bfac000000d000000000006ec1298401d08e2568b3600fC:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll2dc6b1dc-fa30-11e4-b7c2-bc05430c7d61
Error: (05/14/2015 11:09:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/14/2015 10:57:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/14/2015 10:57:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: StCenter.exe2.4.3.04a5ddb4bMSVCR90.dll9.0.30729.61614dace4e7c00000050000000000036edee0c01d08e239f273fc2C:\Program Files\FRITZ!DSL\StCenter.exeC:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCR90.dll3653feff-fa17-11e4-a6a2-bc05430c7d61
Error: (05/14/2015 10:52:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18839553e8bfac000000d000000000006ec128e801d08e20e635b203C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll9765d4a3-fa16-11e4-a546-bc05430c7d61
CodeIntegrity Errors:
===================================
Date: 2015-05-14 10:15:32.954
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-05-14 10:15:32.894
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-30 22:58:28.892
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-30 22:58:28.817
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-30 22:58:26.548
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-30 22:58:26.472
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-30 22:58:24.288
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-30 22:58:24.213
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-30 22:58:22.059
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-30 22:58:21.995
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 52%
Total physical RAM: 4078.01 MB
Available physical RAM: 1952.55 MB
Total Pagefile: 8154.22 MB
Available Pagefile: 5483.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:455.45 GB) (Free:78.51 GB) NTFS
Drive d: (DATA) (Fixed) (Total:455.96 GB) (Free:238.47 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D991B2E7)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=456 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
15.05.2015, 19:00
| #13 |
| /// the machine /// TB-Ausbilder | Positiver Befall mit 4 Trojanern unter Windows7 #1ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.05.2015, 11:43
| #14 |
| | Positiver Befall mit 4 Trojanern unter Windows7 #1 Der Treffer ist laut Chip kein echter - richtig? Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=b2e9e712389fcc4ea43a9d5c2227c672
# engine=23873
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-16 09:30:44
# local_time=2015-05-16 11:30:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 58330652 183398494 0 0
# scanned=493451
# found=1
# cleaned=0
# scan_time=12770
sh=806FA1B8E8FC5A1F0F002D8DA7CEF8EB17C03005 ft=1 fh=1c0e9861a3c02879 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michael\Desktop\Antivir Rescue\Avira RegCleaner - CHIP-Installer.exe"
Code:
ATTFilter Results of screen317's Security Check version 1.001
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java 8 Update 31
Java version 32-bit out of Date!
Adobe Flash Player 17.0.0.169
Adobe Reader XI
Mozilla Firefox (38.0.1)
Google Chrome (42.0.2311.135)
Google Chrome (42.0.2311.152)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015
Ran by Michael (administrator) on ABKM-2012 on 16-05-2015 12:32:12
Running from C:\Users\Michael\Desktop\Trojan Tools
Loaded Profiles: Michael (Available profiles: Michael & Antonia & Kerstin(1) & BENJAMIN)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation
) C:\Windows\vVX6000.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Users\Michael\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
(Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Seal One AG) C:\Users\Michael\AppData\Local\Temp\Seal One\SealOne.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeNotify.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-11] (Realtek Semiconductor)
HKLM\...\Run: [VX6000] => C:\Windows\vVX6000.exe [764784 2010-05-20] (Microsoft Corporation
)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403144 2012-06-28] (Acronis)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [188944 2012-09-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-11] ()
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5955088 2012-06-28] (Acronis)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1171336 2012-06-28] (Acronis)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-04-08] (DivX, LLC)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-01-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [OTR Homeloader] => C:\Program Files (x86)\OTRHomeloader\OTRHomeloader.exe [3567616 2014-02-28] (© onlinetvrecorder.com)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2015-01-14] (Samsung)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1565504 2015-01-14] (Samsung)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-24] (Google Inc.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [SealOne] => C:\Users\Michael\AppData\Roaming\Seal One\SealOne.exe [281080 2014-09-26] (Seal One AG)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [Amazon Music] => C:\Users\Michael\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe [927920 2015-05-02] (Adobe Systems Incorporated)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2012-04-12]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Kerstin(1)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-05-26]
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Kerstin(1)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Netzwerk).lnk [2013-02-22]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-10-31]
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk [2012-04-06]
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Users\Michael\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe ()
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk [2012-04-14]
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012-05-17]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Kopie 1).lnk [2013-02-16]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8500 A910 (Kopie 1).lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
GroupPolicyUsers\S-1-5-21-3665776361-1376430445-3332247537-1009\User: Group Policy Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3665776361-1376430445-3332247537-1005\User: Group Policy Restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000 -> DefaultScope {96823B65-B9E8-404A-AFE9-A36A99662E05} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000 -> {96823B65-B9E8-404A-AFE9-A36A99662E05} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2013-07-09] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: FRITZ!Box Addon BHO -> {C0C86BBE-9509-4296-8459-FDBFDAF4B673} -> C:\Program Files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll [2012-12-11] (AVM Berlin)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2013-08-13] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: FRITZ!Box Addon BHO -> {C0C86BBE-9509-4296-8459-FDBFDAF4B673} -> C:\Program Files (x86)\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll [2012-12-11] (AVM Berlin)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2013-08-13] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab
Handler-x32: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax [2011-10-20] (ACE GmbH)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2013-04-28] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8gcu6wpb.default-1421500931064
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-02] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-02] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-07-09] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @protectdisc.com/NPMPDRM -> C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll [2011-10-11] ( )
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll [2012-11-02] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-02-06] (Apple Inc.)
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8gcu6wpb.default-1421500931064\Extensions\2020Player_IKEA@2020Technologies.com [2015-03-21]
FF Extension: Bitdefender QuickScan - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8gcu6wpb.default-1421500931064\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2015-05-08]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8gcu6wpb.default-1421500931064\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-04-10]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-16]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-06-01]
Chrome:
=======
CHR DefaultSearchKeyword: Default -> search.snapdo.com
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-28]
CHR Extension: (Skype Click to Call) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-07-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-28]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-01]
CHR HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Michael\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-01-24]
CHR HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-03-15] (Adobe Systems) [File not signed]
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-12] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 avmident; C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe [76288 2011-09-27] (AVM Berlin) [File not signed]
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-05-28] () [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-09] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-25] (AVM Berlin)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-10-30] () [File not signed]
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-25] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 VX6000; C:\Windows\System32\DRIVERS\VX6000Xp.sys [2143600 2010-05-20] (Microsoft Corporation
)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-16 07:52 - 2015-05-16 07:52 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-16 07:41 - 2015-05-16 07:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-16 07:22 - 2015-05-16 07:22 - 00000022 _____ () C:\Windows\S.dirmngr
2015-05-15 14:05 - 2015-05-15 14:07 - 00000000 ____D () C:\Program Files (x86)\TKKG10
2015-05-15 08:01 - 2015-05-15 08:01 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ABKM-2012-Windows-7-Home-Premium-(64-bit).dat
2015-05-15 08:01 - 2015-05-15 08:01 - 00000000 ____D () C:\RegBackup
2015-05-15 07:40 - 2015-05-15 08:14 - 00000000 ____D () C:\AdwCleaner
2015-05-14 10:47 - 2015-05-14 10:47 - 00048438 _____ () C:\ComboFix.txt
2015-05-14 09:38 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-14 09:38 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-14 09:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-14 09:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-14 09:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-14 09:38 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-14 09:38 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-14 09:38 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-14 09:37 - 2015-05-14 10:47 - 00000000 ____D () C:\Qoobox
2015-05-14 09:37 - 2015-05-14 10:45 - 00000000 ____D () C:\Windows\erdnt
2015-05-14 00:24 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 00:24 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 15:01 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 15:01 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 15:01 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 15:01 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 15:01 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 15:01 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 15:01 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 15:01 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 15:01 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 15:01 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 15:01 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 15:01 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 15:01 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 15:01 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 15:01 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 15:01 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 15:01 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 15:01 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 15:01 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 15:01 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 15:01 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 15:01 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 15:01 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 15:01 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 15:01 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 15:01 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 15:01 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 15:01 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 15:01 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 15:01 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 15:01 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 15:01 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 15:01 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 15:01 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 15:01 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 15:01 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 15:01 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 15:01 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 15:01 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 15:01 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 15:01 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 15:01 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 15:01 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 15:01 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 15:01 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 15:01 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 15:01 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 15:01 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 15:01 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 15:01 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 15:01 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 15:01 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 15:01 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 15:01 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 15:01 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 15:01 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 15:01 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 15:01 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 15:01 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 15:01 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 15:01 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 15:01 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 15:01 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 15:01 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 15:00 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 15:00 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 15:00 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 15:00 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 15:00 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 15:00 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 15:00 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 15:00 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 15:00 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 15:00 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 15:00 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 15:00 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 15:00 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 15:00 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 15:00 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 15:00 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 15:00 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 15:00 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 15:00 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 15:00 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 15:00 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 15:00 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 15:00 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 15:00 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 15:00 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 15:00 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 15:00 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 15:00 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 15:00 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 15:00 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 15:00 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 15:00 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 15:00 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 15:00 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 15:00 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 15:00 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 15:00 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 14:59 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 14:59 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 14:59 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 14:59 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 14:59 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 14:59 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 14:59 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 14:59 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 14:59 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 14:59 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 14:59 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 14:59 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 14:59 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 14:59 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 14:59 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 09:53 - 2015-05-12 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-11 19:12 - 2015-05-11 19:12 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Local\{7914B217-5846-49DC-892A-F5C07EC41841}
2015-05-10 10:04 - 2015-05-10 11:34 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-09 15:13 - 2015-05-16 12:32 - 00000000 ____D () C:\FRST
2015-05-09 15:13 - 2015-05-09 15:13 - 00000000 _____ () C:\Users\Michael\defogger_reenable
2015-05-09 09:06 - 2015-05-16 12:32 - 00000000 ____D () C:\Users\Michael\Desktop\Trojan Tools
2015-05-08 17:21 - 2015-05-16 10:13 - 00000000 ____D () C:\Users\Michael\Desktop\Antivir Rescue
2015-05-08 15:01 - 2015-05-08 15:01 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-08 14:03 - 2015-05-08 14:03 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-08 14:01 - 2015-05-08 14:01 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\QuickScan
2015-05-08 11:37 - 2015-05-08 11:37 - 00000000 ____D () C:\Users\Antonia\Desktop\runtime
2015-05-08 11:35 - 2015-05-08 11:40 - 00000000 ____D () C:\Users\Antonia\Desktop\game
2015-05-08 11:03 - 2015-05-08 11:03 - 00000000 ____D () C:\Users\Antonia\AppData\Local\{56D3392A-6DA5-4C13-BEB3-CF502A9CC135}
2015-05-03 17:21 - 2015-05-03 17:21 - 00000000 ____D () C:\Users\Antonia\AppData\Local\{6677D07C-D21C-4218-A05E-5F02BFC9FCE3}
2015-05-02 17:55 - 2015-05-02 17:55 - 00007158 _____ () C:\Users\Kerstin(1)\Desktop\Fliesen - Verknüpfung.lnk
2015-05-02 17:54 - 2015-05-02 17:55 - 00000000 ____D () C:\Users\Public\Documents\Sentastr
2015-05-01 11:58 - 2015-05-01 11:58 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Local\{84B21787-061C-4822-9126-03D044371819}
2015-04-27 09:18 - 2015-04-27 09:18 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Local\{BDC3A217-B9AD-45C9-8C79-C291528228E8}
2015-04-24 15:24 - 2015-04-24 15:24 - 00000000 ____D () C:\Users\BENJAMIN.ABKM-2012\AppData\Roaming\Unity
2015-04-24 15:08 - 2015-04-24 15:08 - 00000000 ____D () C:\Users\BENJAMIN.ABKM-2012\AppData\Local\Unity
2015-04-24 15:07 - 2015-04-24 15:08 - 01088384 _____ (Unity Technologies ApS) C:\Users\BENJAMIN.ABKM-2012\Downloads\UnityWebPlayer(2).exe
2015-04-24 15:07 - 2015-04-24 15:07 - 01088384 _____ (Unity Technologies ApS) C:\Users\BENJAMIN.ABKM-2012\Downloads\UnityWebPlayer(1).exe
2015-04-24 15:06 - 2015-04-24 15:06 - 01088384 _____ (Unity Technologies ApS) C:\Users\BENJAMIN.ABKM-2012\Downloads\UnityWebPlayer.exe
2015-04-21 15:42 - 2015-04-21 15:42 - 00044032 ___SH () C:\Users\BENJAMIN.ABKM-2012\AppData\Roaming\Thumbs.db
2015-04-21 15:42 - 2015-04-21 15:42 - 00001526 _____ () C:\Users\BENJAMIN.ABKM-2012\AppData\Roaming\.minecraft - Verknüpfung.lnk
2015-04-21 15:28 - 2015-04-21 15:29 - 05263187 _____ () C:\Users\BENJAMIN.ABKM-2012\Downloads\FC Pack V8-1.7.10-4.8.0.zip
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-16 12:37 - 2012-04-06 20:14 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype
2015-05-16 12:29 - 2011-11-24 07:07 - 01333393 _____ () C:\Windows\WindowsUpdate.log
2015-05-16 10:32 - 2012-06-08 16:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-16 09:32 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-16 09:32 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-16 07:59 - 2012-04-11 20:45 - 00000000 ____D () C:\Users\Michael\Documents\Outlook-Dateien
2015-05-16 07:55 - 2011-11-20 07:23 - 00702980 _____ () C:\Windows\system32\perfh007.dat
2015-05-16 07:55 - 2011-11-20 07:23 - 00150620 _____ () C:\Windows\system32\perfc007.dat
2015-05-16 07:55 - 2009-07-14 07:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-16 07:28 - 2014-10-31 00:10 - 00000000 ___RD () C:\Users\Michael\Dropbox
2015-05-16 07:28 - 2013-05-26 21:11 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Dropbox
2015-05-16 07:27 - 2015-01-24 16:25 - 00000000 ___RD () C:\Users\Michael\Google Drive
2015-05-16 07:26 - 2012-04-06 17:44 - 00656335 _____ () C:\Users\Michael\DesktopStCenter.txt
2015-05-16 07:21 - 2009-07-14 06:51 - 00293249 _____ () C:\Windows\setupact.log
2015-05-15 16:04 - 2013-09-01 11:12 - 00000000 ____D () C:\Users\Antonia\AppData\Roaming\Skype
2015-05-15 14:35 - 2015-02-22 15:52 - 00000000 ____D () C:\Users\Antonia\AppData\Roaming\.minecraft
2015-05-15 14:06 - 2014-05-12 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tivola
2015-05-15 13:28 - 2014-02-07 17:06 - 00000000 ____D () C:\Users\BENJAMIN.ABKM-2012\AppData\Roaming\.minecraft
2015-05-15 12:08 - 2014-05-17 16:59 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-15 11:36 - 2011-05-24 16:40 - 00000000 ____D () C:\Users\Michael\Documents\Mein Steuer-Sparbuch Heute
2015-05-15 08:17 - 2012-04-28 11:34 - 00000000 ____D () C:\Users\Michael\AppData\Local\CrashDumps
2015-05-14 10:47 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-14 10:36 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-14 10:34 - 2010-11-21 05:47 - 01067604 _____ () C:\Windows\PFRO.log
2015-05-14 10:34 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\default.bak
2015-05-14 10:34 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-05-14 10:34 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-05-14 09:30 - 2014-10-31 00:09 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-14 09:29 - 2013-09-22 17:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-14 09:23 - 2012-05-06 13:46 - 00000000 ____D () C:\Users\Michael\Tracing
2015-05-14 09:12 - 2009-07-14 06:45 - 00446824 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 09:08 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 09:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-14 00:43 - 2012-04-06 21:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 00:41 - 2013-08-14 08:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 00:28 - 2012-04-14 17:33 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-14 00:24 - 2013-03-13 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-14 00:24 - 2013-03-13 21:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 00:24 - 2013-03-13 21:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 22:28 - 2012-04-15 21:31 - 00000000 ____D () C:\Users\Kerstin(1)\Documents\Outlook-Dateien
2015-05-13 08:03 - 2013-05-26 21:13 - 00000000 ___RD () C:\Users\Kerstin(1)\Dropbox
2015-05-13 08:03 - 2013-05-26 21:10 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Roaming\Dropbox
2015-05-12 09:51 - 2013-03-28 13:10 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-12 09:51 - 2013-03-28 13:10 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-10 19:58 - 2013-05-26 21:13 - 00001037 _____ () C:\Users\Kerstin(1)\Desktop\Dropbox.lnk
2015-05-10 19:58 - 2013-05-26 21:11 - 00000000 ____D () C:\Users\Kerstin(1)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-10 16:43 - 2012-12-09 12:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\DoNotTrackPlus
2015-05-10 10:03 - 2014-05-17 16:56 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-09 15:48 - 2015-01-24 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-09 15:13 - 2012-04-06 17:17 - 00000000 ____D () C:\Users\Michael
2015-05-08 15:01 - 2014-05-17 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-08 15:01 - 2014-05-17 16:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-05-03 19:29 - 2008-09-14 11:36 - 00000000 ____D () C:\Users\Michael\Documents\WISO Mein Geld
2015-05-03 17:59 - 2013-09-01 11:21 - 00000000 ____D () C:\Users\Antonia\Documents\Outlook-Dateien
2015-05-02 18:01 - 2011-07-11 11:54 - 00000000 ____D () C:\ProgramData\Skype
2015-05-02 17:59 - 2012-04-11 20:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-02 17:58 - 2012-04-11 20:20 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-02 17:58 - 2011-07-11 12:28 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-01 15:57 - 2013-09-14 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-05-01 15:57 - 2012-11-30 11:52 - 00001620 _____ () C:\Users\Michael\Desktop\DivX Movies.lnk
2015-05-01 15:57 - 2012-06-03 18:53 - 00000000 ____D () C:\Program Files (x86)\DivX
2015-05-01 15:57 - 2012-06-03 18:52 - 00000000 ____D () C:\ProgramData\DivX
2015-04-20 14:46 - 2008-09-14 11:36 - 00000000 ____D () C:\Users\Michael\Documents\Wielandstrasse
2015-04-20 14:44 - 2015-04-12 23:27 - 00000000 ____D () C:\Users\Michael\Documents\Sentastr
2015-04-19 13:24 - 2012-04-11 19:39 - 00000000 ____D () C:\Users\Michael\Documents\Computer
==================== Files in the root of some directories =======
2012-05-26 09:58 - 2014-11-08 15:44 - 0003258 _____ () C:\Users\Michael\AppData\Roaming\Rim.Desktop.Exception.log
2012-05-26 09:57 - 2013-09-08 15:08 - 0003361 _____ () C:\Users\Michael\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-05-26 09:58 - 2014-11-08 15:44 - 0000847 _____ () C:\Users\Michael\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-10-21 22:21 - 2014-11-08 15:44 - 0010010 _____ () C:\Users\Michael\AppData\Roaming\Rim.Transcoder.Exception.log
2015-04-10 20:51 - 2015-04-10 20:51 - 0190611 _____ () C:\Users\Michael\AppData\Local\4A594BA6_stp.CIS
2015-04-10 20:51 - 2015-04-10 20:51 - 0000290 _____ () C:\Users\Michael\AppData\Local\4A594BA6_stp.CIS.part
2015-04-10 20:49 - 2015-04-10 20:49 - 0385602 _____ () C:\Users\Michael\AppData\Local\5D515C96_stp.CIS
2015-04-10 20:49 - 2015-04-10 20:49 - 0000220 _____ () C:\Users\Michael\AppData\Local\5D515C96_stp.CIS.part
2015-04-10 20:51 - 2015-04-10 20:54 - 8437760 _____ () C:\Users\Michael\AppData\Local\784ED66F_stp.CIS
2015-04-10 20:51 - 2015-04-10 20:51 - 0000442 _____ () C:\Users\Michael\AppData\Local\784ED66F_stp.CIS.part
2012-04-13 19:18 - 2015-01-31 14:23 - 0026112 _____ () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-07 17:36 - 2014-12-07 17:36 - 0000017 _____ () C:\Users\Michael\AppData\Local\resmon.resmoncfg
2013-02-16 22:59 - 2013-02-16 22:59 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-11-24 07:21 - 2013-03-16 22:42 - 0002538 _____ () C:\ProgramData\ArcadeDeluxe5.log
Some content of TEMP:
====================
C:\Users\Antonia\AppData\Local\Temp\avgnt.exe
C:\Users\BENJAMIN.ABKM-2012\AppData\Local\Temp\avgnt.exe
C:\Users\Michael\AppData\Local\Temp\avgnt.exe
C:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpp3inwh.dll
C:\Users\Michael\AppData\Local\Temp\Quarantine.exe
C:\Users\Michael\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2013-09-01 12:28
==================== End Of Log ============================
--- --- --- --- --- --- |
|
16.05.2015, 11:44
| #15 |
| | Positiver Befall mit 4 Trojanern unter Windows7 #1Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05-2015
Ran by Michael at 2015-05-16 12:38:08
Running from C:\Users\Michael\Desktop\Trojan Tools
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3665776361-1376430445-3332247537-500 - Administrator - Disabled)
Antonia (S-1-5-21-3665776361-1376430445-3332247537-1005 - Limited - Enabled) => C:\Users\Antonia
BENJAMIN (S-1-5-21-3665776361-1376430445-3332247537-1009 - Limited - Enabled) => C:\Users\BENJAMIN.ABKM-2012
Gast (S-1-5-21-3665776361-1376430445-3332247537-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3665776361-1376430445-3332247537-1002 - Limited - Enabled)
Kerstin(1) (S-1-5-21-3665776361-1376430445-3332247537-1008 - Limited - Enabled) => C:\Users\Kerstin(1)
Michael (S-1-5-21-3665776361-1376430445-3332247537-1000 - Administrator - Enabled) => C:\Users\Michael
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: FireWall (Disabled) {753F9273-B322-2907-AC37-03D0F1702F22}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2weistein (HKLM-x32\...\{307702F6-FD2C-484A-8F2E-A1DCE85FD9CC}_is1) (Version: - Brainmonster Studios)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3505 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Acronis*True*Image*Home 2012 (HKLM-x32\...\{243EF3E5-537D-4A15-8EE8-47D5473D9C73}Visible) (Version: 15.0.7133 - Acronis)
Acronis*True*Image*Home 2012 (x32 Version: 15.0.7133 - Acronis) Hidden
ActiveX контрола на Windows Live Mesh за отдалечени връзки (HKLM-x32\...\{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}) (Version: 15.4.5722.2 - Microsoft Corporation)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements (HKLM-x32\...\Adobe Photoshop Elements 1.0) (Version: 1.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe SVG Viewer (HKLM-x32\...\Adobe SVG Viewer) (Version: 1.0 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon Music (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
ANNO 1404 - Königsedition (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 3.10.0000 - Ubisoft)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10405 - ATI Technologies Inc.) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
AVM FRITZ!Box AddOn (IE) (HKLM-x32\...\{CEAD06D8-D033-4D2A-9328-AF49089E129F}) (Version: 1.7.0 - AVM Berlin)
AVM FRITZ!Box AddOn (IE) (x64) (HKLM\...\{EC3671D7-98AC-4951-8FFD-5556BE066137}) (Version: 1.7.0 - AVM Berlin)
AVM FRITZ!Box-Kindersicherung (HKLM-x32\...\{7497BB4F-CE23-47D4-B2CB-62548080F74F}) (Version: 4.2.3 - AVM Berlin)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version: - AVM Berlin)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research in Motion Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
clear.fi (x32 Version: 1.5.3201_45059 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.9024 - CyberLink Corp.) Hidden
clear.fi (HKLM-x32\...\InstallShield_{37126D87-E4FD-4614-B908-A0BB7ECE3992}) (Version: 1.5.3318.35 - CyberLink Corp.)
clear.fi (x32 Version: 1.5.3318.35 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.05.3002 - Acer Incorporated)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Control ActiveX del Windows Live Mesh per a connexions remotes (HKLM-x32\...\{76C064E2-BB99-4453-8FDA-42BC01AD0734}) (Version: 15.4.5722.2 - Microsoft Corporation)
Control ActiveX Windows Live Mesh pentru conexiuni la distanță (HKLM-x32\...\{260E3D78-94E6-47EC-8E29-46301572BB1E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controle ActiveX do Windows Live Mesh para Conexões Remotas (HKLM-x32\...\{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Applications (HKLM-x32\...\Corel Applications) (Version: - )
Corel PaintShop Pro X4 (HKLM-x32\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.345 - Corel Corporation)
Corel PaintShop Pro X4 (x32 Version: 14.1.0.5 - Corel Corporation) Hidden
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Jagd nach dem blauen Kristall (HKLM-x32\...\Die Jagd nach dem blauen Kristall) (Version: - )
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC)
Dropbox (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Elevated Installer (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Etron USB3.0 Host Controller (x32 Version: 0.106 - Etron Technology) Hidden
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.0.8 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.0.8 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free Audio CD Burner version 2.0.24.827 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: 2.0.24.827 - DVDVideoSoft Ltd.)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free Audio Converter version 5.0.27.725 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.27.725 - DVDVideoSoft Ltd.)
Free Disc Burner version 3.0.18.1212 (HKLM-x32\...\Free Disc Burner_is1) (Version: 3.0.18.1212 - DVDVideoSoft Ltd.)
Free DVD Video Converter version 2.0.15.1125 (HKLM-x32\...\Free DVD Video Converter_is1) (Version: 2.0.15.1125 - DVDVideoSoft Ltd.)
Free MP4 Video Converter version 5.0.46.820 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.46.820 - DVDVideoSoft Ltd.)
Free Studio version 6.5.0.324 (HKLM-x32\...\Free Studio_is1) (Version: 6.5.0.324 - DVDVideoSoft Ltd.)
Free Video Call Recorder for Skype version 1.2.8.1230 (HKLM-x32\...\Free Video Call Recorder for Skype_is1) (Version: 1.2.8.1230 - DVDVideoSoft Ltd.)
Free Video Dub version 2.0.21.827 (HKLM-x32\...\Free Video Dub_is1) (Version: 2.0.21.827 - DVDVideoSoft Ltd.)
Free Video Flip and Rotate version 2.1.9.822 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 2.1.9.822 - DVDVideoSoft Ltd.)
Free Video to Android Converter version 5.0.32.1230 (HKLM-x32\...\Free Video to Android Converter_is1) (Version: 5.0.32.1230 - DVDVideoSoft Ltd.)
Free Video to DVD Converter version 5.0.45.716 (HKLM-x32\...\Free Video to DVD Converter_is1) (Version: 5.0.45.716 - DVDVideoSoft Ltd.)
Free Video to iPod Converter version 5.0.27.725 (HKLM-x32\...\Free Video to iPod Converter_is1) (Version: 5.0.27.725 - DVDVideoSoft Ltd.)
Free Video to Samsung Phones Converter version 5.0.32.1230 (HKLM-x32\...\Free Video to Samsung Phones Converter_is1) (Version: 5.0.32.1230 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.20.1230 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.20.1230 - DVDVideoSoft Ltd.)
Free YouTube to DVD Converter version 3.1.13.925 (HKLM-x32\...\Free YouTube to DVD Converter_is1) (Version: 3.1.13.925 - DVDVideoSoft Ltd.)
Free YouTube to iPhone Converter version 2.12.20.1230 (HKLM-x32\...\Free YouTube to iPhone Converter_is1) (Version: 2.12.20.1230 - DVDVideoSoft Ltd.)
Free YouTube to iPod Converter version 3.11.12.827 (HKLM-x32\...\Free YouTube to iPod Converter_is1) (Version: 3.11.12.827 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.50.1111 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1111 - DVDVideoSoft Ltd.)
FRITZ!DSL64 (HKLM\...\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}) (Version: 2.04.03 - AVM Berlin)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin City Navigator Europe NT 2013.10 Update (HKLM-x32\...\{EC28FA6E-E38D-4F72-80EF-1FBE66B05668}) (Version: 16.10.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2014.30 Update (HKLM-x32\...\{F956C0BB-D2FA-4BA5-80D7-AC08E7CD611B}) (Version: 17.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2015.40 (HKLM-x32\...\{04B2E836-EF35-438B-89B8-59F484090283}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Gpg4win (2.1.1) (HKLM-x32\...\GPG4Win) (Version: 2.1.1 - The Gpg4win Project)
Horse Life (HKLM-x32\...\Horse Life_is1) (Version: - )
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Acer Incorporated)
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (HKLM\...\{0A8BEF69-0DD7-4A8F-9AED-0CB91BEBCB58}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Hilfe (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Product Detection (HKLM-x32\...\{42D10994-A566-495D-A5E7-D0C6B5C6B35C}) (Version: 11.14.0006 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ICA (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
IPM_PSP_COM (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.3.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.3.0 - )
Kontrola Windows Live Mesh ActiveX za daljinske veze (HKLM-x32\...\{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}) (Version: 15.4.5722.2 - Microsoft Corporation)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
LEGO® Batman™ 2: DC Super Heroes (HKLM-x32\...\{4E2EA555-3DAE-4BE1-96BF-6A632ACFE8DE}) (Version: 1.0.0.0 - Warner Bros. Interactive Entertainment)
LEGO® Star Wars™: Die Komplette Saga (HKLM-x32\...\InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}) (Version: 1.00.0000 - LucasArts)
LEGO® Star Wars™: The Complete Saga (x32 Version: 1.00.0000 - LucasArts) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Marketsplash Schnellzugriffe (HKLM-x32\...\{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}) (Version: 1.0.1.7 - Hewlett-Packard)
Matrix Code Emulator 1.50 (HKLM-x32\...\Matrix Code Emulator_is1) (Version: - Reality Rift Studios)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4517.1509 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WorldWide Telescope (HKLM-x32\...\{02E7492D-C46F-4A34-A197-D1C3F19A1F4A}) (Version: 5.0.3 - Microsoft Research)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\MyFreeCodec) (Version: - )
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.15 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.15 - Egis Technology Inc.) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10800.6.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4517.1509 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4517.1509 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4517.1509 - Microsoft Corporation) Hidden
OTR Homeloader 1.5.8.146 (HKLM-x32\...\OTR Homeloader) (Version: 1.5.8.146 - © onlinetvrecorder.com)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM-x32\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}) (Version: 15.4.5722.2 - Microsoft Corporation)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Pearl Harbor: Fire on the Water (x32 Version: 2.2.0.110 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Pflanzen gegen Zombies (HKLM-x32\...\Pflanzen gegen Zombies) (Version: - PopCap Games)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PonyGirl2 (HKLM-x32\...\PonyGirl2) (Version: - )
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.10 - ProtectDisc Software GmbH)
PSPPContent (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
PSPPro64 (Version: 14.0.0.345 - Corel Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6242 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.1.1.11124_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.1.1.11124_17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Setup (x32 Version: 14.0.0.345 - Ihr Firmenname) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Snapfish Fotobuch (HKLM-x32\...\Snapfish Fotobuch) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Space Fighters 3D (HKLM-x32\...\SpaceFighters3D) (Version: 1.0D - Anders und Seim Neue Medien AG)
SPEEDLINK Strike 2 Gamepad (HKLM-x32\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.08.17 - )
Sweet Home 3D version 4.6 (HKLM\...\Sweet Home 3D_is1) (Version: - eTeks)
TKKG10 (HKLM-x32\...\TKKG10) (Version: - )
TKKG16 (HKLM-x32\...\TKKG16) (Version: Das unheimliche Zimmer" - Tivola Development GmbH)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Urruneko konexioetarako Windows Live Mesh ActiveX kontrola (HKLM-x32\...\{7BA6DF02-B094-45D7-A3C9-BE3684253922}) (Version: 15.4.5722.2 - Microsoft Corporation)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (x32 Version: 4.0.10.2 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wireshark 1.12.4 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.4 - The Wireshark developer community, hxxp://www.wireshark.org)
WISO Mein Geld 2014 Standard (HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\WISO Mein Geld 2014 Standard) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2014 Standard (x32 Version: 16.0.1.0 - Buhl Data Service GmbH) Hidden
WISO Steuer-Sparbuch 2012 (HKLM-x32\...\{0CC1DAFB-40C8-4903-953D-471E541477C7}) (Version: 19.03.7334 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{1A51972F-7455-4EF7-9B62-FAF851E0BE13}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{D31520BA-35B4-41A9-A176-6A69F6BDB046}) (Version: 22.02.8861 - Buhl Data Service GmbH)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย) (HKLM-x32\...\{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2015-05-14 10:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {06BD7732-AC4C-4D89-885B-23BA3DE7A669} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0FE833D6-1CC1-4D33-AD84-2DA4D5B307D0} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {13EDDADF-414A-4208-8B6A-08C5B5F9D110} - System32\Tasks\{AFE53008-C007-408D-AC1A-522FF6694D9D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{D596980D-17BE-4425-B8F0-5640719AADE9}\setup.exe" -c -runfromtemp -l0x0407
Task: {15080E1E-897B-4116-AC0B-A04DB15A74F3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {201022E4-9FC8-42D8-856E-97E0A2D248B6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-08-13] (Microsoft Corporation)
Task: {2BDB76D0-55AF-4A26-BD8B-612E7E9CE036} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {2F8C7232-6B89-4A83-A839-009522724610} - System32\Tasks\{BCA64A62-A2F0-4023-9FE4-D9BF2DD0AAB7} => pcalua.exe -a "C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2238UOIF\avm_fritz!wlan_usb_stick_x64_build_100906.exe" -d C:\Users\Michael\Desktop
Task: {38C5C3F5-7303-41FE-AA18-D55BF2CFDBF4} - System32\Tasks\hpUtility.exe_{9189978C-8FF7-42B9-8AE7-F38CEBEA73B8} => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\utils\hpUtility.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {415E614A-8D00-4D17-B889-DB9A42C89CC3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-02] (Adobe Systems Incorporated)
Task: {49735EFF-FBBD-4D0C-A45D-58A85253DDB6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-08-13] (Microsoft Corporation)
Task: {5C5FE30A-AAA1-4C2E-AD79-30544C05DA33} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {6453F120-7242-41F6-A713-3EB92534A46C} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-10-12] (CyberLink)
Task: {6E263B84-6926-4989-BDD9-4979DC4D5614} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {7F8039A3-75EC-4376-8A96-CB13A28A4989} - System32\Tasks\{77A7DFBC-3C5C-48ED-A38F-6DEC9589FD7E} => pcalua.exe -a E:\Driver\setup.exe -d E:\Driver
Task: {85E724A5-C5C5-435F-9201-631A24F3514B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-06-09] (Microsoft Corporation)
Task: {AA4AA929-BC40-4A19-BB5F-40006A45D073} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2012-09-18] (Acer Incorporated)
Task: {B2AF022D-4264-4CA8-A432-4D08941B54DD} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {B39F4286-CB41-4E8B-A96C-9ECCDF09CFFF} - System32\Tasks\{21BF5564-D73B-44F0-B06A-09046295D728} => pcalua.exe -a E:\setup.exe -d E:\
Task: {B7B67FE5-1CFE-41C2-8E99-8764874A0FAE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {E3CC3F58-509D-42BD-AD54-2D2F937A5B0E} - System32\Tasks\Microsoft_Hardware_Launch_vVX6000_exe => C:\Windows\vVX6000.exe [2010-05-20] (Microsoft Corporation
)
Task: {ECC392DF-FFA3-4336-B2D6-8D41460E2B8B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {F0DE2495-7482-4D61-971A-AA04E7CFBF8E} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2012-09-18] (CyberLink Corp.)
Task: C:\Windows\Tasks\Adobe Acrobat Update Task.job => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf89f1fda08b48.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfeadeb7541613.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfff7a2e6aa93.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d041e914e2aa29.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2013-01-12 14:42 - 2006-02-23 12:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2013-01-12 14:42 - 2006-02-22 11:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-28 18:50 - 2013-05-28 18:50 - 00218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2013-04-28 17:51 - 2013-06-20 13:03 - 00386216 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-04-28 17:51 - 2013-06-09 16:05 - 00518824 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-04-28 17:51 - 2013-06-09 16:05 - 00612520 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2009-01-22 01:45 - 2009-01-22 01:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2015-01-02 19:00 - 2014-12-08 08:27 - 06277952 _____ () C:\Users\Michael\AppData\Local\Amazon Music\Amazon Music Helper.exe
2013-11-17 13:21 - 2014-07-02 10:13 - 01427736 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
2011-08-11 05:58 - 2011-08-11 05:58 - 00627304 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-05-28 18:44 - 2013-05-28 18:44 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2013-05-28 18:42 - 2013-05-28 18:42 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2013-05-28 18:41 - 2013-05-28 18:41 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2013-05-28 18:44 - 2013-05-28 18:44 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2013-05-28 18:45 - 2013-05-28 18:45 - 00627712 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2012-06-28 16:58 - 2012-06-28 16:58 - 00435584 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
2014-10-15 21:15 - 2014-10-15 21:15 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2011-11-24 07:12 - 2010-11-06 00:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 09789208 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 00035608 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 00309016 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 00322840 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2013-11-17 13:20 - 2014-07-02 10:14 - 03880216 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 00136472 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 02738456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 02116376 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01932568 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 04326168 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll
2013-11-17 13:20 - 2014-02-11 12:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll
2013-11-17 13:20 - 2014-02-11 12:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll
2013-11-17 13:20 - 2014-02-11 12:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01564952 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 05291288 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01698584 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01809688 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01627928 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01117976 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01341208 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01309464 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 07340824 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01286936 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll
2013-11-17 13:20 - 2014-07-02 10:13 - 01331480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll
2015-05-16 07:27 - 2015-05-16 07:27 - 00043008 _____ () c:\users\michael\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpp3inwh.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2011-08-11 05:57 - 2011-08-11 05:57 - 00151656 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2015-05-16 07:26 - 2015-05-16 07:26 - 00098816 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\win32api.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00110080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\pywintypes27.dll
2015-05-16 07:26 - 2015-05-16 07:26 - 00364544 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\pythoncom27.dll
2015-05-16 07:26 - 2015-05-16 07:26 - 00045568 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\_socket.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 01161216 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\_ssl.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00320512 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\win32com.shell.shell.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00713216 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\_hashlib.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 01175040 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\wx._core_.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00805888 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\wx._gdi_.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00811008 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\wx._windows_.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 01062400 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\wx._controls_.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00735232 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\wx._misc_.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00682496 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\pysqlite2._sqlite.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00128512 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\_elementtree.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00127488 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\pyexpat.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00087552 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\_ctypes.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00119808 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\win32file.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00108544 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\win32security.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00007168 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\hashobjs_ext.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00017408 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\usb_ext.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00167936 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\win32gui.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00018432 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\win32event.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00013824 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\common.time34.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00036864 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\_psutil_windows.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00038912 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\win32inet.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00011264 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\win32crypt.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00070656 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\wx._html2.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00027136 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\_multiprocessing.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00020480 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\_yappi.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00035840 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\win32process.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00686080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\unicodedata.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00122368 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\wx._wizard.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00024064 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\win32pipe.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00010240 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\select.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00025600 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\win32pdh.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00525640 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\windows._lib_cacheinvalidation.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00017408 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\win32profile.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00022528 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\win32ts.pyd
2015-05-16 07:26 - 2015-05-16 07:26 - 00078336 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI51802\wx._animate.pyd
2012-06-28 17:27 - 2012-06-28 17:27 - 01492888 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\universal_restore.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\bayer.com -> hxxps://mymail.bayer.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\...\123simsen.com -> www.123simsen.com
There are 6845 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3665776361-1376430445-3332247537-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [{C9D242DC-25AF-4AF2-BB94-DAB940B3A60D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3C47A78D-7CCA-4D2E-A2B7-E41DEC3FB628}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{EF2AD903-CA8A-48B8-BA8D-AC8AF551734A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{7E9724D4-BBC2-4F08-A50C-B5CB49993F4A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9597C05A-1907-40A9-B1FA-916B94D1DCED}] => (Allow) LPort=2869
FirewallRules: [{600BA4A8-53A4-488A-A939-FD6B7E5939A7}] => (Allow) LPort=1900
FirewallRules: [{ED91579B-7073-4D88-BAA2-EF8754A652D9}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{388D3D32-53CD-44B6-9323-AB004EF5B290}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8FE7A59D-113B-4438-84C0-B111496F1CD5}] => (Allow) E:\fsetup.exe
FirewallRules: [{95FE17A3-C1D4-4425-88B5-F0028D7C06FF}] => (Allow) E:\fsetup.exe
FirewallRules: [{E759168D-02CB-4F7F-9789-A00E3C4C33ED}] => (Allow) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
FirewallRules: [{0DF8F296-597C-48D1-9378-706B92E8C884}] => (Allow) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
FirewallRules: [{04364AA0-AAC0-4CA3-9F35-373342E92752}] => (Allow) C:\Program Files\FRITZ!DSL\FBOXUPD.EXE
FirewallRules: [{9B275731-692F-439E-AFEB-1BADAB356C7A}] => (Allow) C:\Program Files\FRITZ!DSL\FBOXUPD.EXE
FirewallRules: [{176F6BD2-E313-4ACD-A144-59FD12CB2D72}] => (Allow) C:\Program Files\FRITZ!DSL\WebwaIgd.exe
FirewallRules: [{C2678EC3-1C35-4B04-B92C-D01FF239B191}] => (Allow) C:\Program Files\FRITZ!DSL\WebwaIgd.exe
FirewallRules: [{71DF01A8-3686-4D06-BEF4-56CDDFDB8AD3}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{763B9429-FF6F-4D99-BA7E-7E69B5EC8DB1}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{82F39FD0-930D-404E-8527-E4DE962866CE}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{D1A32A56-F835-4D22-9FB1-43F39DF56B9E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{0F0DEA32-5E0E-476B-B6F1-F125CB2BE877}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{E2F8D7EF-B881-4C99-9F39-22E35427B00C}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{3861C9F6-A5B8-4F20-B2DB-1E495564DB20}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{0500228A-C9AA-4EBD-9AD2-48446376E7F4}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{ADC8774B-A50A-43FC-B580-A6417F7DE597}] => (Allow) LPort=4481
FirewallRules: [{FE9A06C4-46CD-4772-8F35-BA3C46DBE2A1}] => (Allow) LPort=4481
FirewallRules: [{52BB8DF9-6381-4CC4-A793-831E1E6004BE}] => (Allow) LPort=4482
FirewallRules: [{3B34CFC9-0B67-49DC-9234-4E72BE801B5F}] => (Allow) LPort=4482
FirewallRules: [{E455E453-8EF5-4C02-B3B4-421ABC807F65}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{03E17A5A-B0CC-47E9-BAD5-C75A8C7C44B1}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{8DAE088C-D404-415E-8926-2F3507A41FA6}] => (Allow) LPort=4481
FirewallRules: [{568F1D79-2097-4DE4-BAD1-3B94093A530A}] => (Allow) LPort=4481
FirewallRules: [{EFDA4574-D805-45A3-89F3-730FDE578304}] => (Allow) LPort=4482
FirewallRules: [{69B928F6-04A0-4298-9B3C-6B7ACC7A6EC9}] => (Allow) LPort=4482
FirewallRules: [{D2E880E5-AEA1-46ED-898A-6A869E77B66D}] => (Allow) C:\Users\Michael\AppData\Local\Temp\_ISTMP3.DIR\_ISTMP0.DIR\igd_finder.exe
FirewallRules: [{3C4EA169-3582-4139-8D9E-B2289F585402}] => (Allow) C:\Users\Michael\AppData\Local\Temp\_ISTMP3.DIR\_ISTMP0.DIR\igd_finder.exe
FirewallRules: [{25DCF301-824F-4AAC-B756-B424AF758F22}] => (Allow) LPort=5031
FirewallRules: [{017C46D6-584C-4DA9-8532-7E57F5ACFF03}] => (Allow) C:\Users\Michael\AppData\Local\Temp\_ISTMP3.DIR\_INS5576._MP
FirewallRules: [{6C07132D-B959-40B0-A5E1-9381AB7B1C9C}] => (Allow) C:\Users\Michael\AppData\Local\Temp\_ISTMP3.DIR\_INS5576._MP
FirewallRules: [{8B142A97-0976-4D90-9368-DA57B6AAC677}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS5804\HPDiagnosticCoreUI.exe
FirewallRules: [{73889DA0-43A0-46C8-8CE2-901C1480D76B}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS5804\HPDiagnosticCoreUI.exe
FirewallRules: [{12064533-AE2E-4FD1-A04D-84761BD33E69}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS5961\hppiw.exe
FirewallRules: [{76FB54EB-A124-4BBB-BB3B-3FCE364671B7}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS5961\hppiw.exe
FirewallRules: [{12C49088-AC2B-41B3-9A8B-17329787105A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\FaxApplications.exe
FirewallRules: [{7D58C282-6184-40FA-B1E9-B88575459B1A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\DigitalWizards.exe
FirewallRules: [{51E6148A-6E4C-47FF-BA1B-B903F393D5AE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\SendAFax.exe
FirewallRules: [{7D085111-33A0-411D-A569-C9CA20B02D8A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe
FirewallRules: [{6A16B531-25B3-488F-80A0-42725A2DC96D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
FirewallRules: [{7D309AEE-D794-48BE-8F17-4615E3611BCD}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{B6323A56-ED26-4469-B3C2-FC140CE56DB0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{85BCD67E-C592-4F48-8988-FC32AC54D0D9}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{2F0214AC-E971-4A23-A7CA-81578925B65F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{F17E1B7C-2E36-47E8-AD0C-EA00A86910AA}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{2BBE5713-307F-4357-9FCA-95BCD3CBA5FE}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{81C86BF7-1306-48BB-9818-DD02A255512B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{9F570D08-D86B-4AE3-B9B4-C4F87AD1C4DF}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{EEE78BE8-8619-4972-BAD8-1C7F4D12C781}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{3B2F7565-7D7C-4780-8E4D-8743DEF9B36A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
FirewallRules: [{198864CE-CD10-4C99-BED4-2F4776406330}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\PlayMovie.exe
FirewallRules: [{CCBD6139-73A0-4808-941A-6A9AF6C22291}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{835101D6-156A-4027-B96D-9B62E562C48B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{6841C0F7-C1CD-44B5-84D4-4B980436EAA3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{E1732156-0092-4927-BEC2-CC4B98FD19F3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{8F42CF1E-43AE-4340-933F-B5B8B8949180}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{8828AAC2-9F98-41C5-B32B-24283D063037}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D6C4729D-BC9D-4EEE-8AD0-6303381D8574}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B0920B14-F1C9-405B-91FA-D9933AA65A04}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5B174C98-464A-433E-964D-8A5EE9C9E8EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E0957D46-DACD-4A59-AC15-A24D0DCBE9BE}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{92AE468D-DCF2-46CB-9BE5-354E1664C7C8}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{C24C8CBE-BC4D-4E17-A37E-CEA09DFA0A25}] => (Allow) C:\Users\Kerstin(1)\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{620AE8BA-C9EA-419E-94E0-00DECB5E0E06}] => (Allow) C:\Users\Kerstin(1)\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2CD4582C-2903-4A96-9401-AFEEA51CDB50}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{033B7368-8B98-4E99-A12E-5816EF7B5FCE}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{F09D235F-1111-4387-8B6A-CE939F3E0E6A}] => (Allow) C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe
FirewallRules: [{B38F3C9A-2096-469C-A305-21D6861FF3F7}] => (Allow) C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe
FirewallRules: [{F304595D-4C61-4B9A-BCE0-9FE19F073B2C}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Anno4.exe
FirewallRules: [{8CBC0F82-BF4E-4EC0-AC68-E3001567775A}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Anno4.exe
FirewallRules: [{3011FF30-5F17-48F9-8C84-3A4777535953}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Addon.exe
FirewallRules: [{FF96BB1B-558F-4990-91C8-4E4D2FA10254}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Addon.exe
FirewallRules: [{BFADD09D-72E5-4D79-8A44-B9A9645DBE87}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Anno4Web.exe
FirewallRules: [{BD150C6E-CDA3-4003-8A04-D98BE435618B}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Anno4Web.exe
FirewallRules: [{1512ADE2-6EFF-4D45-AD57-E9C5B220CA9D}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\AddonWeb.exe
FirewallRules: [{0130F6AD-FCE5-4E61-AD27-28B65163BFBC}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\AddonWeb.exe
FirewallRules: [{A77FEDFE-05A2-4A41-881B-EA2F378975D5}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Benchmark.exe
FirewallRules: [{A2C7781F-3A84-4476-980A-0B6CB2776ECE}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Benchmark.exe
FirewallRules: [{936CDF9C-21B0-49EC-B52D-F997BC42AABE}] => (Allow) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FCF49220-9855-4FD5-9828-6E734E926362}] => (Allow) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{2A51E31E-0825-4364-93A9-53B3111D4BEE}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{1DB5141C-2C7E-40E7-BD66-913BD4598F23}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{44CE2C93-06B4-46AF-AADB-422B81A0DAFB}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{BBD53D6A-1025-4870-B795-89896280248E}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{5238C553-D394-4075-9D3E-8D225137B983}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CF0DE276-C226-4232-A414-96F068B790DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{0A88D139-9D09-470A-B142-4F89F58DC8DF}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{7676DAC4-29C8-43B0-A342-7F48B24E1E83}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{BF9CF787-F1FD-4435-A239-8C46C3F0CF24}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{EC599DB0-83EE-44E2-B26A-DEBC3D01BEA9}C:\users\antonia\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\antonia\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{CAD62162-5C9A-4470-B683-DAED6BCB517A}C:\users\antonia\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\antonia\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{4A35D0C8-FFFB-40F6-95B1-B55D33815992}C:\users\kerstin(1)\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kerstin(1)\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{8F250A55-1BAA-45AF-A210-774AAC9CD52F}C:\users\kerstin(1)\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kerstin(1)\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{EA8692AD-A1CC-4676-AD47-FC393025FDAF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{1492FE07-7953-40AC-BCAE-81D5DE405213}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{BF0841E8-53A8-49B3-9686-0C30823FFDAC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: Officejet Pro 8500 A910
Description: Officejet Pro 8500 A910
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Officejet Pro 8500 A910
Description: Officejet Pro 8500 A910
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/16/2015 07:56:24 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.
Error: (05/16/2015 07:52:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.
Error: (05/16/2015 07:52:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.
Error: (05/16/2015 07:52:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.
Error: (05/16/2015 07:52:33 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.
Error: (05/16/2015 07:23:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/15/2015 04:46:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_DiagTrack, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8bfa
Ausnahmecode: 0xc000000d
Fehleroffset: 0x000000000006ec12
ID des fehlerhaften Prozesses: 0x99c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_DiagTrack0
Pfad der fehlerhaften Anwendung: svchost.exe_DiagTrack1
Pfad des fehlerhaften Moduls: svchost.exe_DiagTrack2
Berichtskennung: svchost.exe_DiagTrack3
Error: (05/15/2015 10:28:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/15/2015 08:28:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 14.5.2015.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1ca4
Startzeit: 01d08ed802619cbc
Endzeit: 20
Anwendungspfad: C:\Users\Michael\Desktop\Trojan Tools\FRST64.exe
Berichts-ID: 921bf3bf-facb-11e4-b5e2-bc05430c7d61
Error: (05/15/2015 08:18:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (05/16/2015 07:23:18 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (05/15/2015 04:46:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Diagnostics Tracking Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/15/2015 04:08:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (05/15/2015 04:07:43 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (05/15/2015 11:02:21 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (05/15/2015 10:28:11 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (05/15/2015 08:17:30 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (05/15/2015 08:16:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Garmin Device Interaction Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/15/2015 08:16:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Device Interaction Service erreicht.
Error: (05/15/2015 08:15:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Diagnostics Tracking Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (05/16/2015 07:56:24 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (05/16/2015 07:52:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\Michael\Desktop\Trojan Tools\esetsmartinstaller_deu.exe
Error: (05/16/2015 07:52:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\Michael\Desktop\Trojan Tools\esetsmartinstaller_deu.exe
Error: (05/16/2015 07:52:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\Michael\Desktop\Trojan Tools\esetsmartinstaller_deu.exe
Error: (05/16/2015 07:52:33 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\Michael\Desktop\Trojan Tools\esetsmartinstaller_deu.exe
Error: (05/16/2015 07:23:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/15/2015 04:46:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18839553e8bfac000000d000000000006ec1299c01d08ee8e0624f75C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll365e29f2-fb11-11e4-aac0-bc05430c7d61
Error: (05/15/2015 10:28:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/15/2015 08:28:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe14.5.2015.21ca401d08ed802619cbc20C:\Users\Michael\Desktop\Trojan Tools\FRST64.exe921bf3bf-facb-11e4-b5e2-bc05430c7d61
Error: (05/15/2015 08:18:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2015-05-14 10:15:32.954
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-05-14 10:15:32.894
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-30 22:58:28.892
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-30 22:58:28.817
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-30 22:58:26.548
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-30 22:58:26.472
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-30 22:58:24.288
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-30 22:58:24.213
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-30 22:58:22.059
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-30 22:58:21.995
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 61%
Total physical RAM: 4078.01 MB
Available physical RAM: 1557.07 MB
Total Pagefile: 8154.22 MB
Available Pagefile: 5009.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:455.45 GB) (Free:77.75 GB) NTFS
Drive d: (DATA) (Fixed) (Total:455.96 GB) (Free:238.47 GB) NTFS
Drive i: (Elements) (Fixed) (Total:931.51 GB) (Free:464.43 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D991B2E7)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=456 GB) - (Type=07 NTFS)
========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0025BE3D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
| Themen zu Positiver Befall mit 4 Trojanern unter Windows7 #1 |
| adware, aktiv, antivir, antivirus, avira, avira aktiv und auf neuestem stand, bonjour, boot, browser, chkdsk, converter, datei, desktop, dsl, festplatte, firefox, flash player, geld, gmer, google, helper, herunterfahren, home, homepage, installation, internet, internet explorer, kein internet, kein update, malwarebytes, microsoft, mozilla, mp3, namen, programm, proxy, realtek, registry, scan, secur, security, server, software, spam, stick, svchost.exe, symantec, system, tr/cabhot.vuze, trojaner, update, usb, vista, windows, windows7, wiso |
Linear-Darstellung
