Chrome Probleme - lande immer in den Nutzungsbedingungen von .com Seiten

senderos · 22.05.2015, 12:46

Hallo

Habe seit ein paar Tagen folgendes Problem mit Chrome am PC:
Wenn ich eine .com Seite öffne wie PayPal, eBay, Facebook, Youtube usw., dann lande ich beim öffnen der Seite in den Nutzungsbedingungen der jeweiligen Seite.. automatisch, ohne dass ich selber da drauf klicke. Bei .de Seiten passiert das nicht.

Habe Erweiterungen von Chrome deaktiviert -> hat nicht geholfen
Cookies gelöscht -> hat nicht geholfen
Chrome deinstalliert und wieder installiert -> hat nicht geholfen
Auf Malware oder Adware (z.B. mit ADWCleaner) überprüft -> nichts derartiges auf dem PC
Mein Virenscanner, Microsoft Essentials, hat auch nichts gefunden.

Jetzt habe ich den Tipp bekommen, ich solle dies doch mal von Experten überprüfen lassen. Eventuell ist es doch Mal- oder Adware.
Nun, hier bin ich nun.

Werde gleich hier alle meine Files posten!

FRST

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-05-2015
Ran by SA (administrator) on SA-PC on 22-05-2015 13:34:19
Running from C:\Users\SA\Downloads
Loaded Profiles: SA (Available profiles: SA)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Google Inc.) C:\Users\SA\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
() C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dropbox, Inc.) C:\Users\SA\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Users\SA\AppData\Local\Temp\Wunderlist-Bridge.exe
() C:\Users\SA\AppData\Local\Wunderlist-Bridge\Wunderlist-Setup-3.4.3.exe
() C:\Users\SA\AppData\Local\Wunderlist\Wunderlist.exe
() C:\Users\SA\AppData\Local\Wunderlist\Wunderlist.exe
() C:\Users\SA\AppData\Local\Wunderlist\Wunderlist.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Users\SA\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Trend Micro Inc.) C:\Users\SA\Downloads\hijackthis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [170264 2012-02-24] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [398616 2012-02-24] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [440600 2012-02-24] (Intel Corporation)
HKLM-x32\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-10] (Realtek Semiconductor)
HKLM-x32\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [368728 2011-12-21] (Alcor Micro Corp.)
HKLM-x32\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816816 2012-03-13] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8069024 2014-08-01] (Lenovo (Beijing) Limited)
HKLM-x32\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6201248 2014-08-01] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [{CDF13D74-E6AA-4006-818A-B360D6A3573C}] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [415272 2012-03-01] (Wistron Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-04-08] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [WAREHaus easy] => C:\Program Files (x86)\Nebenkosten easy\UDT2.exe [219312 2013-12-19] ()
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-10-16] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\Run: [Google Update] => C:\Users\SA\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-31] (Google Inc.)
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\Run: [Remotr] => C:\Program Files (x86)\Remotr\RemotrServer.exe
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\Run: [OneDrive] => C:\Users\SA\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382664 2015-05-22] (Microsoft Corporation)
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\Run: [SafeInCloud] => C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe [2666496 2015-04-29] ()
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\RunOnce: [Uninstall C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64"
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\RunOnce: [Uninstall C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5849.0427] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5849.0427"
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\MountPoints2: D - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\MountPoints2: {4155d142-b8d3-11e3-862f-3c970e776d20} - D:\LG_PC_Programs.exe
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\MountPoints2: {611d1304-f6eb-11e4-88e7-3c970e776d20} - D:\Setup.exe /s
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\MountPoints2: {7e8930cb-2950-11e4-aa90-3c970e776d20} - F:\LG_PC_Programs.exe
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\MountPoints2: {88dd8db0-9af9-11e3-91bc-3c970e776d20} - D:\LG_PC_Programs.exe
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\MountPoints2: {917a3552-dd68-11e4-acd7-3c970e776d20} - D:\Setup.exe /s
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\MountPoints2: {93817c4c-9040-11e4-98be-3c970e776d20} - D:\LG_PC_Programs.exe
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\MountPoints2: {98232776-4553-11e4-a98e-3c970e776d20} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\MountPoints2: {a19ab1bf-af7d-11e4-9a43-3c970e776d20} - D:\LG_PC_Programs.exe
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\MountPoints2: {a9989b67-b789-11e3-b373-3c970e776d20} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\MountPoints2: {e2956d0f-af4e-11e3-91e4-3c970e776d20} - D:\LG_PC_Programs.exe
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\MountPoints2: {e372c59d-02db-11e4-b234-3c970e776d20} - D:\setup.exe -a
Startup: C:\Users\SA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-01-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\SA\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://heise.de/
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1304990952-4288149683-1654658012-1000 -> DefaultScope {ACDAE7D7-9B55-493B-8451-B5C9BE61ACC3} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKU\S-1-5-21-1304990952-4288149683-1654658012-1000 -> {ACDAE7D7-9B55-493B-8451-B5C9BE61ACC3} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: No Name -> {0025320D-4D37-4C73-9A5C-0C28F04068A3} -> C:\Users\SA\AppData\LocalLow\IE-BHO\bho.dll No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-02] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-02] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default
FF Homepage: hxxp://www.heise.de/|www.wired.de|hxxp://www.androidauthority.com/|hxxp://www.dw.de/themen/kultur/s-1534|www.engadget|www.wired.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-18] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-18] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-22] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1304990952-4288149683-1654658012-1000: @tools.google.com/Google Update;version=3 -> C:\Users\SA\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-1304990952-4288149683-1654658012-1000: @tools.google.com/Google Update;version=9 -> C:\Users\SA\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\searchplugins\duckduckgo.xml [2014-06-26]
FF SearchPlugin: C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\searchplugins\idealode.xml [2014-01-13]
FF SearchPlugin: C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\searchplugins\ponscom--griechisch--deutsch.xml [2014-09-05]
FF SearchPlugin: C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\searchplugins\youtube.xml [2014-01-13]
FF Extension: WOT - C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-12]
FF Extension: DownloadHelper - C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: Block site - C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2014-03-20]
FF Extension: Media Hint - C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\Extensions\mediahint@jetpack.xpi [2014-02-05]
FF Extension: {00f6c944-aba3-4122-a391-4e244783e6d7} - C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\Extensions\{00f6c944-aba3-4122-a391-4e244783e6d7}.xpi [2014-11-05]
FF Extension: QuickTime Player - C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\Extensions\{8ac4ce99-0505-4401-ab1d-66735ed2731a}.xpi [2014-11-10]
FF Extension: Adblock Plus - C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-09]
FF Extension: Adblock Edge - C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-01-12]

Chrome: 
=======
CHR Profile: C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-22]
CHR Extension: (Google Docs) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-22]
CHR Extension: (Google Drive) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-22]
CHR Extension: (YouTube) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-22]
CHR Extension: (Google Search) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-22]
CHR Extension: (Google Sheets) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-22]
CHR Extension: (Bookmark Manager) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-22]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-05-22]
CHR Extension: (Google Wallet) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-22]
CHR Extension: (Gmail) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-22]
CHR Profile: C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-11]
CHR Extension: (Google Docs) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-11]
CHR Extension: (Google Drive) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-11]
CHR Extension: (WOT) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-04-11]
CHR Extension: (YouTube) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-11]
CHR Extension: (Google Cast) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-04-11]
CHR Extension: (Adblock Plus) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-11]
CHR Extension: (Pushbullet) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-05-05]
CHR Extension: (Adblock for Youtube™) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-04-11]
CHR Extension: (Google Search) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-11]
CHR Extension: (Youtube-to-MP3 GOLD) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejcmlonfegmnhinnopgjhibfghbgpeoc [2015-05-01]
CHR Extension: (Google Sheets) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-11]
CHR Extension: (Desktop Notifications for Android) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\giicnncicnopjohcpamieklkiacdoeni [2015-05-19]
CHR Extension: (Bookmark Manager) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (eBay Extension for Google Chrome™) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khhckppjhonfmcpegdjdibmngahahhck [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-11]
CHR Extension: (SafeInCloud Password Manager) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lchdigjbcmdgcfeijpfkpadacbijihjl [2015-04-11]
CHR Extension: (Save to Pocket) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-04-11]
CHR Extension: (Google Wallet) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-11]
CHR Extension: (Gmail) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-11]
CHR HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2014-07-02] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [119848 2011-12-21] (Wistron Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3532160 2011-10-11] (Sonix Technology Co., Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-10-16] (Cisco Systems, Inc.)
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 13:34 - 2015-05-22 13:34 - 00034313 _____ () C:\Users\SA\Downloads\FRST.txt
2015-05-22 13:33 - 2015-05-22 13:34 - 00000000 ____D () C:\FRST
2015-05-22 13:33 - 2015-05-22 13:33 - 02108416 _____ (Farbar) C:\Users\SA\Downloads\FRST64.exe
2015-05-22 13:32 - 2015-05-22 13:32 - 00380416 _____ () C:\Users\SA\Downloads\9hqdq6nw.exe
2015-05-22 13:24 - 2015-05-22 13:24 - 00013022 _____ () C:\Users\SA\Downloads\hijackthis.log
2015-05-22 12:59 - 2015-05-22 12:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\SA\Downloads\hijackthis.exe
2015-05-22 12:57 - 2015-05-22 12:57 - 00018842 _____ () C:\Users\SA\Downloads\Scene_23_Hobbs_Yard_Back_Room_Savegame.zip
2015-05-22 10:35 - 2015-05-22 10:35 - 00000000 ___HD () C:\OneDriveTemp
2015-05-22 03:56 - 2015-05-22 03:56 - 00002251 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-22 03:56 - 2015-05-22 03:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-22 03:55 - 2015-05-22 13:06 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-22 03:55 - 2015-05-22 04:06 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-22 03:55 - 2015-05-22 04:01 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-22 03:55 - 2015-05-22 04:01 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-22 03:55 - 2015-05-22 03:55 - 00000000 ____D () C:\Users\SA\AppData\Local\Deployment
2015-05-22 03:55 - 2015-05-22 03:55 - 00000000 ____D () C:\Users\SA\AppData\Local\Apps\2.0
2015-05-22 03:41 - 2015-05-22 03:41 - 00325518 _____ () C:\Users\SA\Desktop\bookmarks_22.05.15.html
2015-05-22 02:31 - 2015-05-22 02:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-22 00:45 - 2015-05-22 00:45 - 00000000 ____D () C:\Users\SA\Documents\Broken Sword 5
2015-05-22 00:34 - 2014-05-10 20:36 - 00000000 ____D () C:\Users\SA\Desktop\BS5_v1.11-win32
2015-05-21 21:13 - 2015-05-22 00:26 - 2886515926 _____ () C:\Users\SA\Downloads\BS5_v1.11-win32.zip
2015-05-21 16:10 - 2015-05-21 16:10 - 00001076 _____ () C:\Users\SA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wunderlist.lnk
2015-05-21 16:10 - 2015-05-21 16:10 - 00001068 _____ () C:\Users\SA\Desktop\Wunderlist.lnk
2015-05-21 16:10 - 2015-05-21 16:10 - 00000000 ____D () C:\Users\SA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wunderlist
2015-05-21 16:06 - 2015-05-21 16:06 - 00000000 ____D () C:\Users\SA\AppData\Local\Wunderlist-Bridge
2015-05-21 16:03 - 2015-05-21 16:03 - 02209792 _____ () C:\Users\SA\Downloads\adwcleaner_4.205 (2).exe
2015-05-21 16:02 - 2015-05-21 16:02 - 02209792 _____ () C:\Users\SA\Downloads\adwcleaner_4.205 (1).exe
2015-05-21 16:00 - 2015-05-22 13:34 - 00000000 ____D () C:\Users\SA\AppData\Roaming\NetSpeedMonitor
2015-05-21 15:59 - 2015-05-21 15:59 - 02209792 _____ () C:\Users\SA\Downloads\adwcleaner_4.205.exe
2015-05-21 15:53 - 2015-05-21 15:53 - 03652608 _____ () C:\Users\SA\Downloads\netspeedmonitor_2_5_4_0_x64_setup.msi
2015-05-21 14:39 - 2015-05-21 16:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-05-20 10:09 - 2015-05-22 03:30 - 00019182 ____H () C:\Users\SA\Desktop\~WRL1008.tmp
2015-05-20 10:09 - 2015-05-20 10:09 - 00013993 ____H () C:\Users\SA\Desktop\~WRL0198.tmp
2015-05-19 10:37 - 2015-05-19 10:37 - 00000000 ____D () C:\Program Files\Intugame
2015-05-19 02:37 - 2015-05-19 02:37 - 00004169 _____ () C:\Users\SA\Downloads\listaGreece.m3u
2015-05-19 02:36 - 2015-05-19 02:36 - 00000056 _____ () C:\Users\SA\Downloads\greecelist.txt
2015-05-19 01:27 - 2015-05-19 01:29 - 00000000 ____D () C:\Users\SA\adbfw125
2015-05-19 01:26 - 2015-05-19 01:27 - 54338034 _____ () C:\Users\SA\Downloads\adbfw125.zip
2015-05-19 01:19 - 2015-05-19 01:20 - 62638253 _____ () C:\Users\SA\Downloads\kodi-14.2-Helix-armeabi-v7a.apk
2015-05-18 14:17 - 2015-05-18 14:17 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1304990952-4288149683-1654658012-1000Core1d09164ac01cc15.job
2015-05-16 14:37 - 2015-05-12 20:26 - 00000000 ____D () C:\Users\SA\Desktop\Die Zeit 2015 20
2015-05-15 21:24 - 2015-05-15 21:24 - 00000000 ____D () C:\Users\SA\Desktop\Anträge Examen
2015-05-15 15:54 - 2015-05-15 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safe In Cloud
2015-05-15 15:54 - 2015-05-15 15:54 - 00000000 ____D () C:\Program Files (x86)\Safe In Cloud
2015-05-15 01:38 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 01:38 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 00:40 - 2015-05-15 14:40 - 00000000 ____D () C:\Program Files (x86)\Kingo ROOT
2015-05-14 00:40 - 2015-05-14 00:40 - 00000000 ____D () C:\Users\SA\AppData\Local\Kingosoft
2015-05-13 12:41 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 12:41 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 12:41 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 12:41 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 12:41 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 12:41 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 12:41 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 12:41 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 12:41 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 12:41 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 12:41 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 12:41 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 12:41 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 12:41 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 12:41 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 12:41 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 12:41 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 12:41 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 12:41 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 12:41 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 12:41 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 12:41 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 12:41 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 12:41 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 12:41 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 12:41 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 12:41 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 12:41 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 12:41 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 12:41 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 12:41 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 12:41 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 12:41 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 12:41 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 12:41 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 12:41 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 12:41 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 12:41 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 12:41 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 12:41 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 12:41 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 12:41 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 12:41 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 12:41 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 12:41 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 12:41 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 12:41 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 12:41 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 12:41 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 12:41 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 12:41 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 12:41 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 12:41 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 12:41 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 12:41 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 12:41 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 12:41 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 12:41 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 12:41 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 12:41 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 12:41 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 12:41 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 12:41 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 12:41 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 12:40 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 12:40 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 12:40 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 12:40 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 12:40 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 12:40 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 12:40 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 12:40 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 12:40 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 12:40 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 12:40 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 12:40 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 12:40 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 12:40 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 12:40 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 12:40 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 12:40 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 12:40 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 12:40 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 12:40 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 12:40 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 12:40 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 12:40 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 12:40 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 12:40 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 12:40 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 12:40 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 12:40 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 12:40 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 12:40 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 12:40 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 12:40 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 12:40 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 12:40 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 12:40 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 12:40 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 12:40 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 12:40 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 12:40 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 12:40 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 12:40 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 12:40 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 12:40 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 12:40 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 12:40 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 12:40 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 12:40 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 12:40 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 12:39 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 12:39 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 12:39 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 12:39 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 12:39 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 12:39 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 12:39 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 12:39 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 12:39 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 12:39 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 12:39 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 12:39 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 12:39 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 12:39 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 12:39 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 12:39 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 12:39 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-11 20:01 - 2015-05-11 20:01 - 08180736 _____ () C:\Users\SA\Downloads\chromeremotedesktophost.msi
2015-05-04 18:08 - 2015-05-04 18:34 - 00000000 ____D () C:\Users\SA\AppData\Roaming\Mp3tag
2015-05-04 18:08 - 2015-05-04 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2015-05-04 18:08 - 2015-05-04 18:08 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2015-05-04 10:03 - 2015-05-04 10:06 - 00000000 ____D () C:\Users\SA\Desktop\Medien Examen
2015-05-03 21:28 - 2015-05-03 21:28 - 00003538 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 2a5e9c29682a43af85b6fe518840a18b504807a879b6454aa1dd64f0dcf2f296
2015-05-03 20:09 - 2015-05-03 20:09 - 00000000 ____D () C:\Program Files\DivX
2015-05-01 11:43 - 2015-05-05 22:13 - 00000000 ____D () C:\Users\SA\Desktop\Mp3 Songs einzelne Sänger
2015-04-30 16:19 - 2015-04-30 16:22 - 170428968 _____ () C:\Users\SA\Downloads\OJ4630_198.exe
2015-04-30 16:08 - 2015-04-30 16:08 - 00000000 ____D () C:\ProgramData\Visan
2015-04-30 16:08 - 2015-04-30 16:08 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2015-04-30 16:08 - 2015-04-30 16:08 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2015-04-30 16:08 - 2015-04-30 16:08 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-04-30 16:07 - 2015-05-14 17:22 - 00000000 ____D () C:\Users\SA\AppData\Roaming\HpUpdate
2015-04-30 16:07 - 2015-05-03 17:21 - 00000000 ____D () C:\Program Files (x86)\HP
2015-04-30 16:07 - 2015-04-30 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-04-30 16:07 - 2015-04-30 16:07 - 00000000 ____D () C:\Program Files\HP
2015-04-30 16:07 - 2014-07-21 16:31 - 00763912 ____N (Hewlett-Packard Development Company, LP) C:\Windows\system32\HPDiscoPMC611.dll
2015-04-30 16:06 - 2015-04-30 16:06 - 00000057 _____ () C:\ProgramData\Ament.ini
2015-04-30 16:05 - 2015-04-30 17:08 - 00000000 ____D () C:\Users\SA\AppData\Local\HP
2015-04-30 15:34 - 2015-04-30 16:07 - 00000000 ____D () C:\ProgramData\HP
2015-04-25 23:29 - 2015-04-25 23:29 - 06786320 _____ (SD Association ) C:\Users\SA\Downloads\setup.exe
2015-04-25 17:22 - 2015-04-25 17:22 - 00000000 ____D () C:\Users\SA\AppData\Local\CrystalDiskMark

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 13:31 - 2014-08-15 20:33 - 01460762 _____ () C:\Windows\WindowsUpdate.log
2015-05-22 13:24 - 2014-01-12 05:36 - 00000000 ____D () C:\Users\SA\AppData\Local\VirtualStore
2015-05-22 13:04 - 2014-01-12 16:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-22 10:55 - 2014-04-30 23:57 - 03533824 ___SH () C:\Users\SA\Desktop\Thumbs.db
2015-05-22 10:35 - 2015-04-04 17:06 - 00002168 _____ () C:\Users\SA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-05-22 10:35 - 2015-03-04 18:58 - 00000000 ___RD () C:\Users\SA\OneDrive
2015-05-22 10:34 - 2014-01-12 06:02 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-05-22 04:07 - 2009-07-14 06:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-22 04:07 - 2009-07-14 06:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-22 03:56 - 2014-02-13 19:44 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-22 03:47 - 2014-01-13 16:23 - 00000000 ____D () C:\AdwCleaner
2015-05-21 21:08 - 2015-01-17 12:50 - 00000000 ____D () C:\Users\SA\AppData\Local\SafeInCloud
2015-05-21 17:12 - 2014-11-21 14:27 - 00000000 ____D () C:\Users\SA\AppData\Local\Wunderlist
2015-05-21 16:11 - 2014-01-12 05:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-21 16:03 - 2011-04-12 09:43 - 00702852 _____ () C:\Windows\system32\perfh007.dat
2015-05-21 16:03 - 2011-04-12 09:43 - 00150460 _____ () C:\Windows\system32\perfc007.dat
2015-05-21 16:03 - 2009-07-14 07:13 - 01627948 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-21 15:59 - 2014-01-12 06:58 - 00000000 ___RD () C:\Users\SA\Dropbox
2015-05-21 15:59 - 2014-01-12 06:57 - 00000000 ____D () C:\Users\SA\AppData\Roaming\Dropbox
2015-05-21 15:58 - 2014-01-12 06:02 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-05-21 15:58 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-21 03:00 - 2015-04-05 21:47 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-21 03:00 - 2015-04-05 21:47 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-20 22:39 - 2014-08-31 00:01 - 00000000 ____D () C:\Users\SA\Documents\Calibre-Bibliothek
2015-05-20 22:15 - 2014-12-11 15:13 - 00034304 ___SH () C:\Users\SA\Thumbs.db
2015-05-19 03:19 - 2014-01-12 05:36 - 00000000 ____D () C:\Users\SA
2015-05-19 01:22 - 2014-11-04 15:57 - 00000000 ____D () C:\Users\SA\AppData\Local\Amazon_FireTV_Utility_App
2015-05-18 23:10 - 2014-10-23 10:30 - 00000000 ____D () C:\Users\SA\AppData\Local\Adobe
2015-05-18 23:09 - 2014-01-12 16:34 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-18 23:09 - 2014-01-12 16:34 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-18 23:09 - 2014-01-12 16:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-18 14:17 - 2015-02-04 18:57 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1304990952-4288149683-1654658012-1000Core1d0409bb9bb568a.job
2015-05-18 00:04 - 2014-01-24 16:00 - 00000000 ____D () C:\Users\SA\AppData\Roaming\vlc
2015-05-15 16:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-15 15:53 - 2014-05-14 21:23 - 00000000 ____D () C:\Users\SA\AppData\Local\Downloaded Installations
2015-05-15 15:13 - 2014-01-12 16:25 - 00000000 ____D () C:\Users\SA\AppData\Roaming\Nitro PDF
2015-05-15 11:03 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-15 11:03 - 2009-07-14 06:45 - 00569072 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-15 11:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-15 01:50 - 2014-01-12 06:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-15 01:49 - 2014-01-12 17:06 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-15 01:49 - 2014-01-12 17:06 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-15 01:48 - 2014-01-12 17:06 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-15 01:48 - 2014-01-12 17:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-15 01:47 - 2014-01-14 04:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-15 01:42 - 2014-01-14 04:12 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-15 01:38 - 2014-01-31 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-15 01:37 - 2014-01-31 23:22 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-15 01:37 - 2014-01-31 23:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 00:41 - 2014-01-17 20:01 - 00000000 ____D () C:\Users\SA\.android
2015-05-12 21:26 - 2014-12-22 22:51 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-12 17:57 - 2014-01-12 06:58 - 00000000 ____D () C:\Users\SA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-04 10:03 - 2015-03-03 14:33 - 00000000 ____D () C:\Users\SA\Desktop\ESL mündlich Examen Diezemann
2015-05-03 21:38 - 2014-01-31 12:31 - 00000000 ____D () C:\Windows\Minidump
2015-05-03 20:10 - 2014-10-31 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-05-03 20:10 - 2014-10-31 17:00 - 00000000 ____D () C:\ProgramData\DivX
2015-05-03 20:10 - 2014-10-31 17:00 - 00000000 ____D () C:\Program Files (x86)\DivX
2015-05-03 17:20 - 2014-03-16 02:41 - 00000000 ____D () C:\Users\SA\AppData\Roaming\Notepad++
2015-05-03 17:20 - 2014-03-16 02:41 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2015-04-22 01:28 - 2014-08-01 18:04 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-22 01:09 - 2014-01-12 06:01 - 00174384 _____ () C:\Users\SA\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Files in the root of some directories =======

2014-07-25 21:40 - 2014-07-25 21:40 - 0000275 _____ () C:\Users\SA\AppData\Local\HamsterAudioConverterSettings.cfg
2014-08-05 14:04 - 2014-08-05 14:04 - 0003814 _____ () C:\Users\SA\AppData\Local\recently-used.xbel
2014-01-12 06:15 - 2014-01-12 06:15 - 0002193 _____ () C:\Users\SA\AppData\Local\WiDiSetupLog.20140112.051533.txt
2015-04-30 16:06 - 2015-04-30 16:06 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\SA\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0icf17.dll
C:\Users\SA\AppData\Local\Temp\Wunderlist-Bridge.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-14 02:34

==================== End of log ============================

senderos · 22.05.2015, 13:25

zweite Datei aus dem FRST Ordner

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2015
Ran by SA at 2015-05-22 13:34:58
Running from C:\Users\SA\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1304990952-4288149683-1654658012-500 - Administrator - Disabled)
Gast (S-1-5-21-1304990952-4288149683-1654658012-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1304990952-4288149683-1654658012-1002 - Limited - Enabled)
SA (S-1-5-21-1304990952-4288149683-1654658012-1000 - Administrator - Enabled) => C:\Users\SA

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

A New Beginning - Final Cut (HKLM-x32\...\Steam App 105000) (Version:  - Daedalic Entertainment)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version:  - Ensemble Studios)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.3.42.70280 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.3.42.70280 - Alcor Micro Corp.) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.9.9 - Atheros Communications Inc.)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
calibre (HKLM-x32\...\{69402281-8050-417B-93D8-9C2DB46C9DDC}) (Version: 2.1.0 - Kovid Goyal)
Canon Auto Update Service (HKLM-x32\...\Auto Update Service) (Version: 1.1.0.13 - Canon Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.9.0.8 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.8.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.9.0.6 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.6.0.11 - Canon Inc.)
Canon Utilities CameraWindow Launcher (HKLM-x32\...\CameraWindowLauncher) (Version: 7.6.0.1 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.3.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.5.0.1 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.8.0.10 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.6.0.15 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
ChromecastApp (HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05187 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05187 - Cisco Systems, Inc.) Hidden
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deponia (HKLM-x32\...\GOGPACKDEPONIA_is1) (Version: 2.1.0.7 - GOG.com)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC)
Dropbox (HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Duden Patch 3261 (HKLM-x32\...\{BACAF5AB-C67D-4A4F-B470-AD032E2FEAEE}) (Version: 9.0.0 - Bibliographisches Institut GmbH)
Duden-Rechtschreibprüfung PLUS (HKLM-x32\...\{B2893419-47C2-4A15-B1CE-80C2939EA8EE}) (Version: 9.0.0 - Bibliographisches Institut GmbH)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.2.5 - Lenovo)
Energy Management (x32 Version: 7.0.2.5 - Lenovo) Hidden
ETDWare PS/2-X64 10.4.4.4_WHQL (HKLM\...\Elantech) (Version: 10.4.4.4 - ELAN Microelectronic Corp.)
Euro Truck Simulator (HKLM-x32\...\Steam App 232010) (Version:  - SCS Software)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 4630 series - Grundlegende Software für das Gerät (HKLM\...\{3566FFED-696A-4260-8F12-073426CAC951}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet 4630 series Hilfe (HKLM-x32\...\{08B9332C-26DB-4EF3-85D6-6DC62B937681}) (Version: 31.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35132 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2656 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Launch Manager (HKLM-x32\...\{CDF13D74-E6AA-4006-818A-B360D6A3573C}) (Version: 1.0.1 - Wistron Corp.)
Lenovo EasyCamera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.56007.2 - Sonix)
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.1.3 (HKLM-x32\...\{DE46417A-9E9E-4BCD-BBDD-DA21943193BB}_is1) (Version: 1.1.3 - )
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
Mp3tag v2.70 (HKLM-x32\...\Mp3tag) (Version: v2.70 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nebenkosten easy (HKLM-x32\...\{BD88D49B-15CE-48DF-B24F-4C0BC683EBF2}) (Version: 13.1 - )
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OPPO USB Drivers 2.1.2.0 (HKLM\...\{60092746-6A0F-46A9-B9F1-53B62EC0E0A4}_is1) (Version: 2.1.2.0 - OPPO mobile telecommunications Corp., LTD)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6549 - Realtek Semiconductor Corp.)
SafeInCloud Password Manager (HKLM-x32\...\{B11DE4C7-E653-4750-8BEB-9448CF23EB94}) (Version: 3.1.2 - Andrey Shcherbakov)
ScummVM 1.6.0 (HKLM-x32\...\ScummVM_is1) (Version:  - The ScummVM Team)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version:  - BioWare)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.32.155 - Akademische Arbeitsgemeinschaft)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wunderlist - Wunderlist (HKLM-x32\...\Wunderlist Wunderlist) (Version: 3.4.3 - Wunderlist)
Wunderlist (HKLM-x32\...\{63DB0314-6BFF-464E-A9D9-270B2B500F00}) (Version: 3.2.1.1 - 6 Wunderkinder GmbH)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1304990952-4288149683-1654658012-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\SA\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1304990952-4288149683-1654658012-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\SA\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1304990952-4288149683-1654658012-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\SA\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1304990952-4288149683-1654658012-1000_Classes\CLSID\{25EE6EB9-0CE5-3070-924F-79BCFFE7D1AF}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1304990952-4288149683-1654658012-1000_Classes\CLSID\{388F93A0-9310-3EBA-90FB-361A2C5D8447}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1304990952-4288149683-1654658012-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1304990952-4288149683-1654658012-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1304990952-4288149683-1654658012-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1304990952-4288149683-1654658012-1000_Classes\CLSID\{AFD6BFDC-F329-41BB-9C53-764B965DD483}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1304990952-4288149683-1654658012-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1304990952-4288149683-1654658012-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\SA\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1304990952-4288149683-1654658012-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1304990952-4288149683-1654658012-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\SA\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1304990952-4288149683-1654658012-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\SA\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1304990952-4288149683-1654658012-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1304990952-4288149683-1654658012-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1304990952-4288149683-1654658012-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1304990952-4288149683-1654658012-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1304990952-4288149683-1654658012-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1304990952-4288149683-1654658012-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1304990952-4288149683-1654658012-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1304990952-4288149683-1654658012-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1304990952-4288149683-1654658012-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1304990952-4288149683-1654658012-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1304990952-4288149683-1654658012-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

21-05-2015 16:04:48 Removed NetSpeedMonitor 2.5.4.0 x64
22-05-2015 03:52:37 Removed Chrome Remote Desktop Host

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-01-09 15:51 - 00000825 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01EB602D-92E2-474C-9DEF-C3A5584C9B13} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {04140770-5924-41AE-AC4F-4A6F75C99080} - System32\Tasks\{6E0D87A8-8945-4FAF-9C3F-4A2BEC07664A} => pcalua.exe -a "D:\G480&amp;G580IMR Driver CD V1.1 20120606\Win7\10.Bluetooth\Install.exe" -d "D:\G480&amp;G580IMR Driver CD V1.1 20120606\Win7\10.Bluetooth"
Task: {091B3964-E3F4-4C58-AFF7-04C1CB4FC18D} - System32\Tasks\{805CA10A-4ADE-4B7E-9DC3-F25A3214AD16} => pcalua.exe -a C:\Users\SA\Downloads\B2CAppSetup.exe -d C:\Users\SA\Downloads
Task: {1F936761-0A13-441B-A1EC-0465105D22A2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {3FCA005E-C2AA-4759-82E9-B2ECEE09768F} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {4ECE74AE-6EA6-4901-BA5C-733562FCD3A0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-22] (Google Inc.)
Task: {7D5BFE89-93D6-4FF8-8A97-4D6EF3E37CD8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {7DB8A6F4-3DFC-4087-B579-A6C308BE2E2A} - System32\Tasks\HP AR Program Upload - 2a5e9c29682a43af85b6fe518840a18b504807a879b6454aa1dd64f0dcf2f296 => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {7F94ECE9-E04D-4792-8648-4333C279C4C8} - System32\Tasks\{B91D9E78-B942-4BB2-B602-B367381978F0} => pcalua.exe -a C:\ProgramData\LGMOBILEAX\LGMLauncher.exe -d C:\ProgramData\LGMOBILEAX
Task: {818CB193-1142-45C2-9D52-F0BEEC6AF52F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-22] (Google Inc.)
Task: {98B360EA-8D2E-4216-8441-BFB6458A294C} - System32\Tasks\{276D1F6F-57DD-4AD6-917F-017F77FC896B} => pcalua.exe -a C:\Users\SA\Desktop\JD\Setup.exe -d C:\Users\SA\Desktop\JD
Task: {E4B49929-C3FD-4E29-978E-DD1E7B8D4EB9} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {F24E41A8-60CA-4C67-972A-3B637329FB40} - System32\Tasks\{CCBE9619-5626-4B8D-8D1D-5CD45DCAB079} => C:\Program Files (x86)\Wunderlist\Wunderlist.exe
Task: {FC4F41E7-9A08-4815-8605-B094C4B66ED4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-18] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1304990952-4288149683-1654658012-1000Core.job => C:\Users\SA\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1304990952-4288149683-1654658012-1000Core1cff4efa37aaf20.job => C:\Users\SA\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1304990952-4288149683-1654658012-1000Core1cffeb4d0a3b446.job => C:\Users\SA\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1304990952-4288149683-1654658012-1000Core1d0409bb9bb568a.job => C:\Users\SA\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1304990952-4288149683-1654658012-1000Core1d09164ac01cc15.job => C:\Users\SA\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (Whitelisted) ==============

2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2014-01-12 06:02 - 2011-12-16 06:37 - 00128280 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-01-12 05:51 - 2012-02-17 02:21 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2008-12-20 03:20 - 2014-08-01 18:45 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-01-04 18:46 - 2014-08-01 18:45 - 01496480 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2008-12-20 03:20 - 2014-08-01 18:45 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2015-04-29 08:59 - 2015-04-29 08:59 - 02666496 _____ () C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2015-05-21 16:05 - 2015-05-21 16:06 - 41660344 _____ () C:\Users\SA\AppData\Local\Temp\Wunderlist-Bridge.exe
2015-03-18 17:34 - 2015-03-18 17:34 - 40506776 _____ () C:\Users\SA\AppData\Local\Wunderlist-Bridge\Wunderlist-Setup-3.4.3.exe
2015-03-18 17:33 - 2015-03-18 17:33 - 42781696 _____ () C:\Users\SA\AppData\Local\Wunderlist\Wunderlist.exe
2015-05-22 03:56 - 2015-05-13 18:52 - 01670472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libglesv2.dll
2015-05-22 03:56 - 2015-05-13 18:52 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libegl.dll
2015-05-22 03:56 - 2015-05-13 18:52 - 26787144 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\PepperFlash\pepflashplayer.dll
2014-10-16 07:48 - 2014-10-16 07:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2015-05-21 15:59 - 2015-05-21 15:59 - 00043008 _____ () c:\users\sa\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0icf17.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\SA\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\SA\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\SA\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\SA\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-10-17 20:32 - 2014-10-17 20:32 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll
2014-01-12 05:59 - 2011-11-29 21:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-01-12 06:02 - 2011-12-16 04:39 - 01198872 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-05-21 16:10 - 2015-05-21 16:10 - 00011264 _____ () C:\Users\SA\AppData\Local\Temp\nseD328.tmp\System.dll
2015-03-18 17:33 - 2015-03-18 17:33 - 01311232 _____ () C:\Users\SA\AppData\Local\Wunderlist\libglesv2.dll
2015-03-18 17:33 - 2015-03-18 17:33 - 00212992 _____ () C:\Users\SA\AppData\Local\Wunderlist\libegl.dll
2015-03-18 17:33 - 2015-03-18 17:33 - 00986624 _____ () C:\Users\SA\AppData\Local\Wunderlist\ffmpegsumo.dll
2012-09-23 21:43 - 2012-09-23 21:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2014-12-03 08:31 - 2014-12-03 08:31 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\SA\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: Duden Korrektor SysTray => C:\Program Files (x86)\Duden\Duden-Rechtschreibpruefung\DKTray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{19549A94-A5F8-4121-AF64-2284B2311311}] => (Allow) C:\Users\SA\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{3904746E-62BA-44E6-A154-A82E6B07DEE0}] => (Allow) C:\Users\SA\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{E3478139-9D9E-4A0B-A41D-2B8E9C0C8ED7}C:\users\sa\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\sa\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{89A58B94-4D2D-430D-8893-97CE4C5DEB3B}C:\users\sa\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\sa\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{2361A9A4-C8FB-4B21-AC2C-3C1436544088}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{CCA99A4D-4090-4B3C-ABB0-0586DDB2E7F9}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{7BEEAE95-6C25-4143-86C5-C507990C58F2}C:\users\sa\desktop\jd\broken.age.cracked-3dm\broken age\brokenage(1).exe] => (Allow) C:\users\sa\desktop\jd\broken.age.cracked-3dm\broken age\brokenage(1).exe
FirewallRules: [UDP Query User{9020AA03-327A-43A6-97E9-C0D9D7BA829E}C:\users\sa\desktop\jd\broken.age.cracked-3dm\broken age\brokenage(1).exe] => (Allow) C:\users\sa\desktop\jd\broken.age.cracked-3dm\broken age\brokenage(1).exe
FirewallRules: [TCP Query User{245709F7-2148-425F-8736-7DB851A2B7C8}C:\users\sa\desktop\jd\broken.age.cracked-3dm\broken age\brokenage.exe] => (Allow) C:\users\sa\desktop\jd\broken.age.cracked-3dm\broken age\brokenage.exe
FirewallRules: [UDP Query User{34C31005-1CF2-4698-BEA8-617D0C97C4D6}C:\users\sa\desktop\jd\broken.age.cracked-3dm\broken age\brokenage.exe] => (Allow) C:\users\sa\desktop\jd\broken.age.cracked-3dm\broken age\brokenage.exe
FirewallRules: [TCP Query User{B153639F-37DE-4EE6-971B-5E1EE09FDA5E}C:\users\sa\desktop\jd\the.stanley.parable.cracked-3dm\stanley.exe] => (Block) C:\users\sa\desktop\jd\the.stanley.parable.cracked-3dm\stanley.exe
FirewallRules: [UDP Query User{8BBFE435-023B-4CA9-83D1-EA5DA1DA41BC}C:\users\sa\desktop\jd\the.stanley.parable.cracked-3dm\stanley.exe] => (Block) C:\users\sa\desktop\jd\the.stanley.parable.cracked-3dm\stanley.exe
FirewallRules: [{95AC1F51-4FC2-4925-9E98-893396394D95}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E5067034-D197-4674-8BC2-EC74AA16ADFB}] => (Allow) LPort=2869
FirewallRules: [{DD513243-154D-4E3C-B3A7-58F6A9AA134D}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{9BC42791-589A-41FF-A231-43D9AC7906D1}C:\users\sa\downloads\shttps\http.exe] => (Allow) C:\users\sa\downloads\shttps\http.exe
FirewallRules: [UDP Query User{525625C8-D94E-41E4-A529-118041FF5F4E}C:\users\sa\downloads\shttps\http.exe] => (Allow) C:\users\sa\downloads\shttps\http.exe
FirewallRules: [{251418F3-8405-4A39-8CC1-869FF044F452}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{90267930-420A-4D56-85B0-AC985216CEEC}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{71D8861B-CB8A-4BC3-85A1-F3E72D19437A}] => (Allow) D:\Steam\SteamApps\common\A New Beginning\anb.exe
FirewallRules: [{B43C2CA7-5407-4C88-8B76-2BE4038EC8D0}] => (Allow) D:\Steam\SteamApps\common\A New Beginning\anb.exe
FirewallRules: [{6BD2F369-B3C5-4C8F-B4A6-FD1CE7D98812}] => (Allow) D:\Steam\SteamApps\common\A New Beginning\VisionaireConfigurationTool.exe
FirewallRules: [{6ED4C27A-5030-42B1-B18D-6CF720BD1947}] => (Allow) D:\Steam\SteamApps\common\A New Beginning\VisionaireConfigurationTool.exe
FirewallRules: [{0C9FAA96-88DC-4E14-9BAA-DF511377C61C}] => (Allow) D:\Steam\SteamApps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{846C024C-C381-4275-B1EB-A1E5A44BF067}] => (Allow) D:\Steam\SteamApps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{0B28F6F5-5027-4F34-AB6A-9D9086123BBD}] => (Allow) D:\Steam\SteamApps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{9714868D-4427-485D-A71C-8A8FCE23E0E2}] => (Allow) D:\Steam\SteamApps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{BBC40274-4426-451C-BA70-7B7550A98841}] => (Allow) D:\Steam\SteamApps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{FBD5F96F-90F5-4523-84F6-C4EEC1028422}] => (Allow) D:\Steam\SteamApps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{62FFE4CF-991A-4E37-A52A-59131CE57623}] => (Allow) D:\Steam\SteamApps\common\Euro Truck Simulator\eurotrucks.exe
FirewallRules: [{62CA6EB6-A8E4-4CB2-9A27-E7A5D16BFF2C}] => (Allow) D:\Steam\SteamApps\common\Euro Truck Simulator\eurotrucks.exe
FirewallRules: [{4D8C3665-B074-47AC-AB50-23CCA0D402BE}] => (Allow) D:\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{CF6D61E2-A4E4-4FF9-A090-0F20E23B866F}] => (Allow) D:\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [TCP Query User{B44945D2-DC42-4640-8EDC-F56DC5910A41}C:\users\sa\desktop\shttps\http.exe] => (Allow) C:\users\sa\desktop\shttps\http.exe
FirewallRules: [UDP Query User{AC1D54D8-F8E3-4925-B54F-EC0E7303AD7E}C:\users\sa\desktop\shttps\http.exe] => (Allow) C:\users\sa\desktop\shttps\http.exe
FirewallRules: [TCP Query User{BB63D9B6-FA0F-4697-BBAE-B9CB855C9EC2}C:\users\sa\g2 unroot sachen\shttps\http.exe] => (Allow) C:\users\sa\g2 unroot sachen\shttps\http.exe
FirewallRules: [UDP Query User{B6B90761-F3DF-42A6-A805-1E3DF899D65F}C:\users\sa\g2 unroot sachen\shttps\http.exe] => (Allow) C:\users\sa\g2 unroot sachen\shttps\http.exe
FirewallRules: [TCP Query User{8753DDDF-4B36-4C7D-8253-8B3788385D55}C:\users\sa\g2 unroot sachen\shttps\http.exe] => (Allow) C:\users\sa\g2 unroot sachen\shttps\http.exe
FirewallRules: [UDP Query User{FD48DBAA-6197-4597-BBB1-825A018E5BF1}C:\users\sa\g2 unroot sachen\shttps\http.exe] => (Allow) C:\users\sa\g2 unroot sachen\shttps\http.exe
FirewallRules: [{7E064453-13B8-4906-B613-D1896B11853E}] => (Allow) E:\fsetup.exe
FirewallRules: [{4EB2CE74-50DE-4DD1-81EE-1B871FC8F6D5}] => (Allow) E:\fsetup.exe
FirewallRules: [{DB5CF036-1DEF-43F9-8A40-7C76F3369F19}] => (Allow) E:\o2CD.exe
FirewallRules: [{53F36AF7-6B7C-4D02-B075-6F8710151B40}] => (Allow) E:\o2CD.exe
FirewallRules: [{AE1431DD-11EA-4575-9738-9F6B24D65A21}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{59538E46-BBBF-42F1-A84E-574003B9402C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{73BDE223-0BDA-4DBD-AE74-358D59AB46C8}] => (Allow) C:\Users\SA\AppData\Local\Vivaldi\Application\vivaldi.exe
FirewallRules: [{1A093F08-BA9C-4AE3-9145-AF486B9FEC93}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D3421315-09B1-4F8E-9EE5-8C15E1617EC6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DD57FE65-8E6B-4049-9709-73725859C318}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{210CDB54-D853-4AC3-8F4F-9B22BB169DE2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{40D24C8A-83C4-4D91-8B50-03561E1E845B}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{A0DEBC3F-E00B-4A21-8B93-85947725737E}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{FE216326-0D4F-43FD-9852-1E83BB244744}] => (Allow) D:\Steam\SteamApps\common\swkotor\swkotor.exe
FirewallRules: [{788FCB3B-7274-40AD-9CFC-51EF1A35D233}] => (Allow) D:\Steam\SteamApps\common\swkotor\swkotor.exe
FirewallRules: [{1571A66B-24D4-4C4A-97A1-CFA63CEDDFA7}] => (Allow) C:\Users\SA\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{97822D93-6A72-4D8B-9115-935E35DFB438}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\FaxApplications.exe
FirewallRules: [{8DAD8C51-4A6A-427D-8262-DDE8D8314F83}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\DigitalWizards.exe
FirewallRules: [{6807E022-CDFA-40DF-89A4-401E091BE750}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\SendAFax.exe
FirewallRules: [{E1E88037-8511-4E18-AD18-B7DC1A301B48}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe
FirewallRules: [{E8B32C16-ADBB-4993-8634-D371AAE04E9D}] => (Allow) LPort=5357
FirewallRules: [{6D7BDE74-4421-473A-ADDD-484504CDC14F}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{1F105E0B-3349-451F-8BAA-C2F2AB0202BF}C:\program files\intugame\intugame server\intugameserverui.exe] => (Allow) C:\program files\intugame\intugame server\intugameserverui.exe
FirewallRules: [UDP Query User{48F4B2E5-FD63-4A2A-81DC-25EBE445A0A6}C:\program files\intugame\intugame server\intugameserverui.exe] => (Allow) C:\program files\intugame\intugame server\intugameserverui.exe
FirewallRules: [{681EB0BB-1E25-4EEB-95EE-8B68601BF21A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/22/2015 00:19:16 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (05/22/2015 03:51:51 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (05/21/2015 03:58:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2015 00:49:35 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (05/19/2015 03:23:15 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (05/19/2015 11:46:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bca54
Name des fehlerhaften Moduls: igdumd64.dll, Version: 8.15.10.2656, Zeitstempel: 0x4f3e8e4b
Ausnahmecode: 0xc000041d
Fehleroffset: 0x000000000030ed16
ID des fehlerhaften Prozesses: 0x18d4
Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0
Pfad der fehlerhaften Anwendung: DllHost.exe1
Pfad des fehlerhaften Moduls: DllHost.exe2
Berichtskennung: DllHost.exe3

Error: (05/19/2015 11:46:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bca54
Name des fehlerhaften Moduls: igdumd64.dll, Version: 8.15.10.2656, Zeitstempel: 0x4f3e8e4b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000030ed16
ID des fehlerhaften Prozesses: 0x18d4
Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0
Pfad der fehlerhaften Anwendung: DllHost.exe1
Pfad des fehlerhaften Moduls: DllHost.exe2
Berichtskennung: DllHost.exe3

Error: (05/19/2015 11:46:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bca54
Name des fehlerhaften Moduls: igdumd64.dll, Version: 8.15.10.2656, Zeitstempel: 0x4f3e8e4b
Ausnahmecode: 0xc000041d
Fehleroffset: 0x000000000030ed16
ID des fehlerhaften Prozesses: 0x1964
Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0
Pfad der fehlerhaften Anwendung: DllHost.exe1
Pfad des fehlerhaften Moduls: DllHost.exe2
Berichtskennung: DllHost.exe3

Error: (05/19/2015 11:46:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bca54
Name des fehlerhaften Moduls: igdumd64.dll, Version: 8.15.10.2656, Zeitstempel: 0x4f3e8e4b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000030ed16
ID des fehlerhaften Prozesses: 0x1964
Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0
Pfad der fehlerhaften Anwendung: DllHost.exe1
Pfad des fehlerhaften Moduls: DllHost.exe2
Berichtskennung: DllHost.exe3

Error: (05/19/2015 11:03:07 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.


System errors:
=============
Error: (05/21/2015 03:59:38 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{917ACD21-F1A7-441E-96DE-B36955237745}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (05/21/2015 03:58:23 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\bcmihvsrv64.dll

Error: (05/21/2015 03:58:23 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\bcmihvsrv64.dll

Error: (05/21/2015 03:58:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\bcmihvsrv64.dll

Error: (05/21/2015 03:58:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/21/2015 03:58:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Internet Pass-Through Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/21/2015 03:58:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Cisco AnyConnect Secure Mobility Agent" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 4000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/21/2015 03:58:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/21/2015 03:58:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Volumeschattenkopie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/21/2015 03:58:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office:
=========================
Error: (05/22/2015 00:19:16 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files (x86)\Duden\Duden-Rechtschreibpruefung\adxloader.dll.ManifestC:\Program Files (x86)\Duden\Duden-Rechtschreibpruefung\adxloader.dll.Manifest2

Error: (05/22/2015 03:51:51 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files (x86)\Duden\Duden-Rechtschreibpruefung\adxloader.dll.ManifestC:\Program Files (x86)\Duden\Duden-Rechtschreibpruefung\adxloader.dll.Manifest2

Error: (05/21/2015 03:58:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2015 00:49:35 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files (x86)\Duden\Duden-Rechtschreibpruefung\adxloader.dll.ManifestC:\Program Files (x86)\Duden\Duden-Rechtschreibpruefung\adxloader.dll.Manifest2

Error: (05/19/2015 03:23:15 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files (x86)\Duden\Duden-Rechtschreibpruefung\adxloader.dll.ManifestC:\Program Files (x86)\Duden\Duden-Rechtschreibpruefung\adxloader.dll.Manifest2

Error: (05/19/2015 11:46:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.1.7600.163854a5bca54igdumd64.dll8.15.10.26564f3e8e4bc000041d000000000030ed1618d401d092189fb02f78C:\Windows\system32\DllHost.exeC:\Windows\system32\igdumd64.dllde5b51fb-fe0b-11e4-873e-3c970e776d20

Error: (05/19/2015 11:46:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.1.7600.163854a5bca54igdumd64.dll8.15.10.26564f3e8e4bc0000005000000000030ed1618d401d092189fb02f78C:\Windows\system32\DllHost.exeC:\Windows\system32\igdumd64.dlldd7bc425-fe0b-11e4-873e-3c970e776d20

Error: (05/19/2015 11:46:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.1.7600.163854a5bca54igdumd64.dll8.15.10.26564f3e8e4bc000041d000000000030ed16196401d0921898a345caC:\Windows\system32\DllHost.exeC:\Windows\system32\igdumd64.dlldba68816-fe0b-11e4-873e-3c970e776d20

Error: (05/19/2015 11:46:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.1.7600.163854a5bca54igdumd64.dll8.15.10.26564f3e8e4bc0000005000000000030ed16196401d0921898a345caC:\Windows\system32\DllHost.exeC:\Windows\system32\igdumd64.dllda666246-fe0b-11e4-873e-3c970e776d20

Error: (05/19/2015 11:03:07 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files (x86)\Duden\Duden-Rechtschreibpruefung\adxloader.dll.ManifestC:\Program Files (x86)\Duden\Duden-Rechtschreibpruefung\adxloader.dll.Manifest2


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-2348M CPU @ 2.30GHz
Percentage of memory in use: 67%
Total physical RAM: 3941.37 MB
Available physical RAM: 1292.36 MB
Total Pagefile: 8614.6 MB
Available Pagefile: 1726.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:117.16 GB) (Free:39.97 GB) NTFS
Drive e: () (Removable) (Total:59.45 GB) (Free:35.79 GB) exFAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 117.4 GB) (Disk ID: 021E143B)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 59.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================

GMER
GMER Logfile:

Code:

ATTFilter

GMER 2.1.19357 - GMER - Rootkit Detector and Remover
Rootkit scan 2015-05-22 14:08:34
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SanDisk_ rev.3.1. 117,38GB
Running: 9hqdq6nw.exe; Driver: C:\Users\SA\AppData\Local\Temp\pxldypoc.sys

---- Processes - GMER 2.1 ----

Library  C:\Program Files\NetSpeedMonitor\nsm.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [3120]                                                                                                                                                      000007fee8ab0000
Library  c:\users\sa\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0icf17.dll (*** suspicious ***) @ C:\Users\SA\AppData\Roaming\Dropbox\bin\Dropbox.exe [4532](2015-05-21 13:59:00)                                       0000000005510000
Library  C:\Users\SA\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\SA\AppData\Roaming\Dropbox\bin\Dropbox.exe [4532] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:24)           0000000064270000
Library  C:\Users\SA\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\SA\AppData\Roaming\Dropbox\bin\Dropbox.exe [4532] (ICU I18N DLL/The ICU Project)(2015-03-04 21:45:30)                                                           000000004a900000
Library  C:\Users\SA\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\SA\AppData\Roaming\Dropbox\bin\Dropbox.exe [4532] (ICU Common DLL/The ICU Project)(2015-03-04 21:45:30)                                                         0000000005ca0000
Library  C:\Users\SA\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\SA\AppData\Roaming\Dropbox\bin\Dropbox.exe [4532] (ICU Data DLL/The ICU Project)(2015-03-04 21:45:30)                                                           000000004ad00000
Library  C:\Users\SA\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\SA\AppData\Roaming\Dropbox\bin\Dropbox.exe [4532] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28)        0000000063db0000
Library  C:\Users\SA\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\SA\AppData\Roaming\Dropbox\bin\Dropbox.exe [4532] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)            0000000063ac0000
Library  C:\Users\SA\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\SA\AppData\Roaming\Dropbox\bin\Dropbox.exe [4532](2015-03-04 21:45:30)                                                                                        0000000063a00000
Library  C:\Users\SA\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\SA\AppData\Roaming\Dropbox\bin\Dropbox.exe [4532] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)        0000000063820000
Library  C:\Users\SA\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\SA\AppData\Roaming\Dropbox\bin\Dropbox.exe [4532] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)         0000000062830000
Library  C:\Users\SA\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\SA\AppData\Roaming\Dropbox\bin\Dropbox.exe [4532] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)          0000000062580000
Library  C:\Users\SA\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\SA\AppData\Roaming\Dropbox\bin\Dropbox.exe [4532] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)            00000000622f0000
Library  C:\Users\SA\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\SA\AppData\Roaming\Dropbox\bin\Dropbox.exe [4532] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)            00000000622c0000
Library  C:\Users\SA\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\SA\AppData\Roaming\Dropbox\bin\Dropbox.exe [4532](2015-03-04 21:45:30)                                                                                           0000000062220000
Library  C:\Users\SA\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\SA\AppData\Roaming\Dropbox\bin\Dropbox.exe [4532] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28)  00000000621f0000
Library  C:\Users\SA\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\SA\AppData\Roaming\Dropbox\bin\Dropbox.exe [4532] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)         00000000621b0000
Library  C:\Users\SA\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\SA\AppData\Roaming\Dropbox\bin\Dropbox.exe [4532] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)   0000000062160000
Library  C:\Users\SA\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\SA\AppData\Roaming\Dropbox\bin\Dropbox.exe [4532](2015-03-04 21:45:30)                                                                       0000000061360000
Library  C:\Users\SA\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\SA\AppData\Roaming\Dropbox\bin\Dropbox.exe [4532](2015-03-04 21:45:30)                                                                       0000000061320000
Process  C:\Users\SA\AppData\Local\Temp\Wunderlist-Bridge.exe (*** suspicious ***) @ C:\Users\SA\AppData\Local\Temp\Wunderlist-Bridge.exe [5984] (FILE NOT FOUND)                                                                                            0000000000400000
Process  C:\Users\SA\AppData\Local\Wunderlist-Bridge\Wunderlist-Setup-3.4.3.exe (*** suspicious ***) @ C:\Users\SA\AppData\Local\Wunderlist-Bridge\Wunderlist-Setup-3.4.3.exe [1604] (FILE NOT FOUND)                                                        0000000000400000
Library  C:\Users\SA\AppData\Local\Temp\nseD328.tmp\System.dll (*** suspicious ***) @ C:\Users\SA\AppData\Local\Wunderlist-Bridge\Wunderlist-Setup-3.4.3.exe [1604](2015-05-21 14:10:24)                                                                     0000000010000000
Process  C:\Users\SA\AppData\Local\Wunderlist\Wunderlist.exe (*** suspicious ***) @ C:\Users\SA\AppData\Local\Wunderlist\Wunderlist.exe [3880](2015-03-18 15:33:32)                                                                                          0000000001220000
Process  C:\Users\SA\AppData\Local\Wunderlist\Wunderlist.exe (*** suspicious ***) @ C:\Users\SA\AppData\Local\Wunderlist\Wunderlist.exe [7080](2015-03-18 15:33:32)                                                                                          0000000001220000
Process  C:\Users\SA\AppData\Local\Wunderlist\Wunderlist.exe (*** suspicious ***) @ C:\Users\SA\AppData\Local\Wunderlist\Wunderlist.exe [6784](2015-03-18 15:33:32)                                                                                          0000000001220000

---- EOF - GMER 2.1 ----

--- --- ---

Musste die Beiträge spalten, weil zu viele Zeichen.

Ich danke schon mal im Voraus allen die mir helfen

schrauber · 22.05.2015, 16:36

hi,

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

senderos · 22.05.2015, 17:56

Danke für die Antwort

TDSS

Code:

ATTFilter

18:26:33.0565 0x146c  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
18:26:33.0565 0x146c  UEFI system
18:26:43.0248 0x146c  ============================================================
18:26:43.0248 0x146c  Current date / time: 2015/05/22 18:26:43.0248
18:26:43.0248 0x146c  SystemInfo:
18:26:43.0248 0x146c  
18:26:43.0248 0x146c  OS Version: 6.1.7601 ServicePack: 1.0
18:26:43.0248 0x146c  Product type: Workstation
18:26:43.0248 0x146c  ComputerName: SA-PC
18:26:43.0249 0x146c  UserName: SA
18:26:43.0250 0x146c  Windows directory: C:\Windows
18:26:43.0250 0x146c  System windows directory: C:\Windows
18:26:43.0250 0x146c  Running under WOW64
18:26:43.0251 0x146c  Processor architecture: Intel x64
18:26:43.0251 0x146c  Number of processors: 4
18:26:43.0251 0x146c  Page size: 0x1000
18:26:43.0251 0x146c  Boot type: Normal boot
18:26:43.0251 0x146c  ============================================================
18:26:44.0521 0x146c  KLMD registered as C:\Windows\system32\drivers\31904927.sys
18:26:44.0703 0x146c  System UUID: {72900D58-5B7F-19DD-BCE1-C760D754EB38}
18:26:45.0362 0x146c  Drive \Device\Harddisk0\DR0 - Size: 0x1D5849E000 ( 117.38 Gb ), SectorSize: 0x200, Cylinders: 0x3BDA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:26:45.0388 0x146c  Drive \Device\Harddisk1\DR1 - Size: 0xEDEA00000 ( 59.48 Gb ), SectorSize: 0x200, Cylinders: 0x1E54, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:26:45.0390 0x146c  ============================================================
18:26:45.0390 0x146c  \Device\Harddisk0\DR0:
18:26:45.0390 0x146c  GPT partitions:
18:26:45.0391 0x146c  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {AB5CBA96-8AEC-4D8E-BD5F-553095608157}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
18:26:45.0391 0x146c  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {5808B400-F054-4CFA-965F-CAF626FD9B2B}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
18:26:45.0392 0x146c  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {0166F30B-5D31-4623-BD64-AF52C0BFE2DE}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0xEA4F800
18:26:45.0392 0x146c  MBR partitions:
18:26:45.0392 0x146c  \Device\Harddisk1\DR1:
18:26:45.0392 0x146c  MBR partitions:
18:26:45.0392 0x146c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x8000, BlocksNum 0x76ED000
18:26:45.0392 0x146c  ============================================================
18:26:45.0396 0x146c  C: <-> \Device\Harddisk0\DR0\Partition3
18:26:45.0408 0x146c  ============================================================
18:26:45.0408 0x146c  Initialize success
18:26:45.0408 0x146c  ============================================================
18:27:39.0023 0x1420  ============================================================
18:27:39.0023 0x1420  Scan started
18:27:39.0023 0x1420  Mode: Manual; 
18:27:39.0023 0x1420  ============================================================
18:27:39.0023 0x1420  KSN ping started
18:27:53.0752 0x1420  KSN ping finished: true
18:27:54.0185 0x1420  ================ Scan system memory ========================
18:27:54.0185 0x1420  System memory - ok
18:27:54.0187 0x1420  ================ Scan services =============================
18:27:54.0279 0x1420  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:27:54.0287 0x1420  1394ohci - ok
18:27:54.0317 0x1420  [ 7EEB488346FBFA3731276C3EE8A8FD9E, 97D2E49C2E615E38E8176F1C1551BF452CC6A00787FF90845EFF27A4E6E20B1F ] AAV UpdateService C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
18:27:54.0322 0x1420  AAV UpdateService - ok
18:27:54.0339 0x1420  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:27:54.0349 0x1420  ACPI - ok
18:27:54.0354 0x1420  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:27:54.0357 0x1420  AcpiPmi - ok
18:27:54.0363 0x1420  [ 5E813B11629007309E4FC0F0FD2B7C30, A8FDC3994D236248B7FAEA572E987C8D5903AF5305E06D624909DE786FA811BA ] ACPIVPC         C:\Windows\system32\DRIVERS\AcpiVpc.sys
18:27:54.0364 0x1420  ACPIVPC - ok
18:27:54.0374 0x1420  [ D0B11E40EA74A98A5E133DF1F5276240, BAD5885CD8CC271D59DFA95159EFC3AC36D2BA11B6DA593AAED0C45F1C2F280F ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
18:27:54.0402 0x1420  acsock - ok
18:27:54.0411 0x1420  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:27:54.0414 0x1420  AdobeARMservice - ok
18:27:54.0473 0x1420  [ 00CC35F515079F5F94FABC3AC5C7D363, 7CE8B1715009602059DEDD6CBCA9C18EF079EDA344E7809813D6C0A395622B82 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:27:54.0484 0x1420  AdobeFlashPlayerUpdateSvc - ok
18:27:54.0509 0x1420  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:27:54.0523 0x1420  adp94xx - ok
18:27:54.0551 0x1420  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:27:54.0563 0x1420  adpahci - ok
18:27:54.0576 0x1420  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:27:54.0584 0x1420  adpu320 - ok
18:27:54.0594 0x1420  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:27:54.0598 0x1420  AeLookupSvc - ok
18:27:54.0618 0x1420  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
18:27:54.0638 0x1420  AFD - ok
18:27:54.0646 0x1420  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
18:27:54.0650 0x1420  agp440 - ok
18:27:54.0658 0x1420  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
18:27:54.0661 0x1420  ALG - ok
18:27:54.0667 0x1420  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:27:54.0669 0x1420  aliide - ok
18:27:54.0674 0x1420  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
18:27:54.0676 0x1420  amdide - ok
18:27:54.0682 0x1420  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:27:54.0685 0x1420  AmdK8 - ok
18:27:54.0692 0x1420  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
18:27:54.0694 0x1420  AmdPPM - ok
18:27:54.0702 0x1420  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:27:54.0706 0x1420  amdsata - ok
18:27:54.0715 0x1420  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
18:27:54.0721 0x1420  amdsbs - ok
18:27:54.0727 0x1420  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:27:54.0729 0x1420  amdxata - ok
18:27:54.0737 0x1420  [ C5D5B9BAF5A940953FE8393BF937AD60, 089985EB94755EBDC0D839173F2E7B29B104746DEF6CC503039E31D2791E2FDC ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
18:27:54.0740 0x1420  AmUStor - ok
18:27:54.0745 0x1420  andnetadb - ok
18:27:54.0751 0x1420  AndNetDiag - ok
18:27:54.0755 0x1420  ANDNetModem - ok
18:27:54.0764 0x1420  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
18:27:54.0766 0x1420  AppID - ok
18:27:54.0773 0x1420  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:27:54.0775 0x1420  AppIDSvc - ok
18:27:54.0781 0x1420  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
18:27:54.0784 0x1420  Appinfo - ok
18:27:54.0799 0x1420  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
18:27:54.0806 0x1420  AppMgmt - ok
18:27:54.0814 0x1420  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
18:27:54.0818 0x1420  arc - ok
18:27:54.0826 0x1420  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:27:54.0831 0x1420  arcsas - ok
18:27:54.0858 0x1420  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:27:54.0867 0x1420  aspnet_state - ok
18:27:54.0872 0x1420  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:27:54.0874 0x1420  AsyncMac - ok
18:27:54.0881 0x1420  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
18:27:54.0882 0x1420  atapi - ok
18:27:54.0911 0x1420  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:27:54.0931 0x1420  AudioEndpointBuilder - ok
18:27:54.0974 0x1420  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:27:54.0989 0x1420  AudioSrv - ok
18:27:55.0004 0x1420  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:27:55.0008 0x1420  AxInstSV - ok
18:27:55.0029 0x1420  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
18:27:55.0066 0x1420  b06bdrv - ok
18:27:55.0083 0x1420  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:27:55.0096 0x1420  b57nd60a - ok
18:27:55.0233 0x1420  [ 43AD3D3E7674833FCA9A7C4E7180AD54, 81CBF3146853FCCA26C14D23160892BD892269C5BB8B2167837339372BD38DA2 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
18:27:55.0359 0x1420  BCM43XX - ok
18:27:55.0374 0x1420  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:27:55.0377 0x1420  BDESVC - ok
18:27:55.0382 0x1420  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:27:55.0383 0x1420  Beep - ok
18:27:55.0411 0x1420  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
18:27:55.0431 0x1420  BFE - ok
18:27:55.0466 0x1420  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
18:27:55.0508 0x1420  BITS - ok
18:27:55.0515 0x1420  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:27:55.0518 0x1420  blbdrive - ok
18:27:55.0528 0x1420  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:27:55.0531 0x1420  bowser - ok
18:27:55.0539 0x1420  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
18:27:55.0540 0x1420  BrFiltLo - ok
18:27:55.0545 0x1420  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
18:27:55.0546 0x1420  BrFiltUp - ok
18:27:55.0557 0x1420  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
18:27:55.0561 0x1420  Browser - ok
18:27:55.0575 0x1420  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:27:55.0583 0x1420  Brserid - ok
18:27:55.0588 0x1420  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:27:55.0590 0x1420  BrSerWdm - ok
18:27:55.0595 0x1420  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:27:55.0596 0x1420  BrUsbMdm - ok
18:27:55.0601 0x1420  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:27:55.0603 0x1420  BrUsbSer - ok
18:27:55.0607 0x1420  BTCFilterService - ok
18:27:55.0616 0x1420  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:27:55.0621 0x1420  BTHMODEM - ok
18:27:55.0632 0x1420  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
18:27:55.0637 0x1420  bthserv - ok
18:27:55.0645 0x1420  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:27:55.0650 0x1420  cdfs - ok
18:27:55.0660 0x1420  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:27:55.0667 0x1420  cdrom - ok
18:27:55.0676 0x1420  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:27:55.0679 0x1420  CertPropSvc - ok
18:27:55.0686 0x1420  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
18:27:55.0689 0x1420  circlass - ok
18:27:55.0706 0x1420  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
18:27:55.0717 0x1420  CLFS - ok
18:27:55.0727 0x1420  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:27:55.0731 0x1420  clr_optimization_v2.0.50727_32 - ok
18:27:55.0744 0x1420  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:27:55.0749 0x1420  clr_optimization_v2.0.50727_64 - ok
18:27:55.0768 0x1420  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:27:55.0786 0x1420  clr_optimization_v4.0.30319_32 - ok
18:27:55.0794 0x1420  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:27:55.0808 0x1420  clr_optimization_v4.0.30319_64 - ok
18:27:55.0815 0x1420  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:27:55.0816 0x1420  CmBatt - ok
18:27:55.0821 0x1420  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:27:55.0824 0x1420  cmdide - ok
18:27:55.0841 0x1420  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
18:27:55.0857 0x1420  CNG - ok
18:27:55.0865 0x1420  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:27:55.0870 0x1420  Compbatt - ok
18:27:55.0913 0x1420  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
18:27:55.0917 0x1420  CompositeBus - ok
18:27:55.0922 0x1420  COMSysApp - ok
18:27:55.0980 0x1420  [ BEBCA166BCB82427CB1D029404BCBBC3, F099DA02A3AED4ED156C774BF17DE92A1E38C891F099207BBAF315976F868F12 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
18:27:56.0003 0x1420  cphs - ok
18:27:56.0008 0x1420  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:27:56.0010 0x1420  crcdisk - ok
18:27:56.0025 0x1420  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:27:56.0030 0x1420  CryptSvc - ok
18:27:56.0048 0x1420  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
18:27:56.0066 0x1420  CSC - ok
18:27:56.0094 0x1420  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
18:27:56.0120 0x1420  CscService - ok
18:27:56.0142 0x1420  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:27:56.0156 0x1420  DcomLaunch - ok
18:27:56.0171 0x1420  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
18:27:56.0181 0x1420  defragsvc - ok
18:27:56.0190 0x1420  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:27:56.0193 0x1420  DfsC - ok
18:27:56.0209 0x1420  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:27:56.0218 0x1420  Dhcp - ok
18:27:56.0268 0x1420  [ EA8A3E8C674B03CB4AFA1D344DBD7BC1, 564D9370AE4D12973647997684B9637B2A5A7480F66B87018F789CE4E43C8191 ] DiagTrack       C:\Windows\system32\diagtrack.dll
18:27:56.0344 0x1420  DiagTrack - ok
18:27:56.0356 0x1420  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
18:27:56.0359 0x1420  discache - ok
18:27:56.0372 0x1420  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
18:27:56.0375 0x1420  Disk - ok
18:27:56.0385 0x1420  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
18:27:56.0388 0x1420  dmvsc - ok
18:27:56.0400 0x1420  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:27:56.0407 0x1420  Dnscache - ok
18:27:56.0419 0x1420  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:27:56.0427 0x1420  dot3svc - ok
18:27:56.0436 0x1420  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
18:27:56.0442 0x1420  DPS - ok
18:27:56.0448 0x1420  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:27:56.0449 0x1420  drmkaud - ok
18:27:56.0482 0x1420  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:27:56.0511 0x1420  DXGKrnl - ok
18:27:56.0521 0x1420  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
18:27:56.0525 0x1420  EapHost - ok
18:27:56.0621 0x1420  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
18:27:56.0708 0x1420  ebdrv - ok
18:27:56.0719 0x1420  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] EFS             C:\Windows\System32\lsass.exe
18:27:56.0721 0x1420  EFS - ok
18:27:56.0746 0x1420  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:27:56.0767 0x1420  ehRecvr - ok
18:27:56.0775 0x1420  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
18:27:56.0780 0x1420  ehSched - ok
18:27:56.0802 0x1420  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:27:56.0821 0x1420  elxstor - ok
18:27:56.0826 0x1420  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:27:56.0828 0x1420  ErrDev - ok
18:27:56.0843 0x1420  [ DB3B229DD418211D06ED17F3043F50A5, 51A1D200A3275F1D8F037C3BCD4D64B2CEFD2BAE6FD31E1D87ECE402F6BFC1A8 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
18:27:56.0851 0x1420  ETD - ok
18:27:56.0870 0x1420  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
18:27:56.0880 0x1420  EventSystem - ok
18:27:56.0892 0x1420  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
18:27:56.0898 0x1420  exfat - ok
18:27:56.0909 0x1420  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:27:56.0915 0x1420  fastfat - ok
18:27:56.0940 0x1420  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
18:27:56.0961 0x1420  Fax - ok
18:27:56.0969 0x1420  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
18:27:56.0971 0x1420  fdc - ok
18:27:56.0976 0x1420  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
18:27:56.0978 0x1420  fdPHost - ok
18:27:56.0984 0x1420  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:27:56.0986 0x1420  FDResPub - ok
18:27:56.0993 0x1420  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:27:56.0996 0x1420  FileInfo - ok
18:27:57.0002 0x1420  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:27:57.0006 0x1420  Filetrace - ok
18:27:57.0011 0x1420  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
18:27:57.0013 0x1420  flpydisk - ok
18:27:57.0026 0x1420  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:27:57.0034 0x1420  FltMgr - ok
18:27:57.0074 0x1420  [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache       C:\Windows\system32\FntCache.dll
18:27:57.0105 0x1420  FontCache - ok
18:27:57.0113 0x1420  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:27:57.0116 0x1420  FontCache3.0.0.0 - ok
18:27:57.0123 0x1420  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:27:57.0125 0x1420  FsDepends - ok
18:27:57.0131 0x1420  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:27:57.0133 0x1420  Fs_Rec - ok
18:27:57.0147 0x1420  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:27:57.0155 0x1420  fvevol - ok
18:27:57.0161 0x1420  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:27:57.0164 0x1420  gagp30kx - ok
18:27:57.0192 0x1420  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:27:57.0213 0x1420  gpsvc - ok
18:27:57.0225 0x1420  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:27:57.0229 0x1420  gupdate - ok
18:27:57.0235 0x1420  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:27:57.0240 0x1420  gupdatem - ok
18:27:57.0245 0x1420  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:27:57.0247 0x1420  hcw85cir - ok
18:27:57.0261 0x1420  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:27:57.0270 0x1420  HdAudAddService - ok
18:27:57.0278 0x1420  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:27:57.0282 0x1420  HDAudBus - ok
18:27:57.0288 0x1420  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
18:27:57.0290 0x1420  HidBatt - ok
18:27:57.0298 0x1420  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:27:57.0302 0x1420  HidBth - ok
18:27:57.0309 0x1420  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:27:57.0312 0x1420  HidIr - ok
18:27:57.0318 0x1420  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
18:27:57.0321 0x1420  hidserv - ok
18:27:57.0328 0x1420  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:27:57.0329 0x1420  HidUsb - ok
18:27:57.0337 0x1420  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:27:57.0343 0x1420  hkmsvc - ok
18:27:57.0355 0x1420  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:27:57.0364 0x1420  HomeGroupListener - ok
18:27:57.0375 0x1420  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:27:57.0385 0x1420  HomeGroupProvider - ok
18:27:57.0393 0x1420  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:27:57.0397 0x1420  HpSAMD - ok
18:27:57.0403 0x1420  [ F47CEC45FB85791D4AB237563AD0FA8F, 1035066D48BD179855BCA7F62EFA1B951E6E839D2E29E15A31844E18A126DD41 ] HTCAND64        C:\Windows\system32\Drivers\ANDROIDUSB.sys
18:27:57.0418 0x1420  HTCAND64 - ok
18:27:57.0425 0x1420  [ B8B1B284362E1D8135112573395D5DA5, 97BC6A7B2DCD7CC854B912A85BB2FCF199592E8E16A7C405EAF89B02D5DE4AEE ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
18:27:57.0446 0x1420  htcnprot - ok
18:27:57.0456 0x1420  [ 7C7C986776D00E575BFBDE5DCBDC615D, 4CF12851A5A45917C3A9139B19D79434F2038611B617F83A714506CC7A1A6C61 ] HtcVCom32       C:\Windows\system32\DRIVERS\HtcVComV64.sys
18:27:57.0475 0x1420  HtcVCom32 - ok
18:27:57.0500 0x1420  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:27:57.0522 0x1420  HTTP - ok
18:27:57.0530 0x1420  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:27:57.0532 0x1420  hwpolicy - ok
18:27:57.0541 0x1420  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:27:57.0545 0x1420  i8042prt - ok
18:27:57.0569 0x1420  [ C224331A54571C8C9162F7714400BBBD, C2CA4881ACD46071E67435BE5E3DB133D0743B026FD20D6D6E26B2FE7A03FCAA ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
18:27:57.0585 0x1420  iaStor - ok
18:27:57.0592 0x1420  [ 7D4B9A48430ED57ACA6373B71D5904CA, 6ED72DAA7A4951142F036364E8F237E74246EF3E9EA089448DEF15380DAB0DB3 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:27:57.0593 0x1420  IAStorDataMgrSvc - ok
18:27:57.0610 0x1420  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:27:57.0623 0x1420  iaStorV - ok
18:27:57.0667 0x1420  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:27:57.0701 0x1420  idsvc - ok
18:27:57.0707 0x1420  IEEtwCollectorService - ok
18:27:58.0078 0x1420  [ 7054941241807E91663A83A38BCE3F0D, 340F724554CCF4F52C1F426A7E3C8B0C4DE73C38DA102AFBD375D0FC8AF31086 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
18:27:58.0435 0x1420  igfx - ok
18:27:58.0460 0x1420  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:27:58.0463 0x1420  iirsp - ok
18:27:58.0492 0x1420  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
18:27:58.0513 0x1420  IKEEXT - ok
18:27:58.0646 0x1420  [ BB0D3D57C25D6C5215077A8FAA7AD4B3, 886B543BB75F01F8EE7C8BC1603189259248B8EC397BD851ECBBB0DDAE1D2D69 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:27:58.0754 0x1420  IntcAzAudAddService - ok
18:27:58.0780 0x1420  [ 2D66067C7A8A0112156BCD1C0BAA7042, 89F77EEE59FF3AD2E777DA15187F1447F6E112E8831417A0DE656ACB82E7B22E ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
18:27:58.0795 0x1420  Intel(R) Capability Licensing Service Interface - ok
18:27:58.0804 0x1420  [ C9DCE1CB628AEED3C0C30ABBF4F1E718, 794E6BE05010E315C321DA75ED8FF427CAF3C2AA7C723B267CB22A5D9FC8C4C8 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
18:27:58.0809 0x1420  Intel(R) ME Service - ok
18:27:58.0815 0x1420  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:27:58.0817 0x1420  intelide - ok
18:27:58.0825 0x1420  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:27:58.0828 0x1420  intelppm - ok
18:27:58.0836 0x1420  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:27:58.0841 0x1420  IPBusEnum - ok
18:27:58.0847 0x1420  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:27:58.0850 0x1420  IpFilterDriver - ok
18:27:58.0871 0x1420  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:27:58.0889 0x1420  iphlpsvc - ok
18:27:58.0898 0x1420  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:27:58.0901 0x1420  IPMIDRV - ok
18:27:58.0911 0x1420  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:27:58.0915 0x1420  IPNAT - ok
18:27:58.0920 0x1420  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:27:58.0922 0x1420  IRENUM - ok
18:27:58.0927 0x1420  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:27:58.0929 0x1420  isapnp - ok
18:27:58.0944 0x1420  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:27:58.0953 0x1420  iScsiPrt - ok
18:27:58.0959 0x1420  [ 6BCEF45131C8B8E1C558BE540B190B3C, DFFED7FD9DCC15808184E65065DE6138FE010AC01217E5016B2D20A5B89AC570 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
18:27:58.0961 0x1420  iusb3hcs - ok
18:27:58.0977 0x1420  [ F080EADA8715F811B58BD35BB774F2F9, 06D5A70CBA89561A71B9CB64D7A298767F098395411A7022F414C7D0AC89A44D ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
18:27:58.0989 0x1420  iusb3hub - ok
18:27:59.0025 0x1420  [ 0F1756D9396740F053221FA6260FCE66, 0B722BF6BCF66BBD49DE0E92555742976AB33319CF504461A50181BF7A77E886 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
18:27:59.0048 0x1420  iusb3xhc - ok
18:27:59.0058 0x1420  [ 3628933AF5305EAB8173949BFF912F04, 8609C196B8D5D941CE7181E849A7C44E658BD66995D1405B80D42F1C029B09EB ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
18:27:59.0063 0x1420  jhi_service - ok
18:27:59.0070 0x1420  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:27:59.0072 0x1420  kbdclass - ok
18:27:59.0078 0x1420  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
18:27:59.0080 0x1420  kbdhid - ok
18:27:59.0086 0x1420  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] KeyIso          C:\Windows\system32\lsass.exe
18:27:59.0088 0x1420  KeyIso - ok
18:27:59.0096 0x1420  [ F7DFAE6040AC910B7C64EE208A34157D, AEF1100F12391692D9DB78519D843A90C97E199A80DDC4D43E3AF1919A9E8E56 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:27:59.0100 0x1420  KSecDD - ok
18:27:59.0110 0x1420  [ 8FE94F2EF9BF444E93E35D87E210D02F, 78E8F6FD7C1EA3556194947707BE6893538A9E25A550C22045866C5B30251D14 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:27:59.0116 0x1420  KSecPkg - ok
18:27:59.0123 0x1420  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:27:59.0125 0x1420  ksthunk - ok
18:27:59.0140 0x1420  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:27:59.0152 0x1420  KtmRm - ok
18:27:59.0161 0x1420  [ E84DA1A93978B3700EA63414357B9BA3, B6119D23457CDEE2CCEBA433F5427B183387C3C54E9E51B42D7C79D1524727A4 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
18:27:59.0166 0x1420  L1C - ok
18:27:59.0181 0x1420  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:27:59.0190 0x1420  LanmanServer - ok
18:27:59.0200 0x1420  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:27:59.0217 0x1420  LanmanWorkstation - ok
18:27:59.0227 0x1420  [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr          C:\Windows\system32\DRIVERS\LhdX64.sys
18:27:59.0230 0x1420  LHDmgr - ok
18:27:59.0239 0x1420  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:27:59.0242 0x1420  lltdio - ok
18:27:59.0260 0x1420  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:27:59.0271 0x1420  lltdsvc - ok
18:27:59.0278 0x1420  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:27:59.0280 0x1420  lmhosts - ok
18:27:59.0297 0x1420  [ BF22ACF4CF3734D61357E67F0521BC03, EDDFBDC4BE29BF26904B2DF7074F471711238469CDDBED1CA253A49B993F53DF ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:27:59.0306 0x1420  LMS - ok
18:27:59.0319 0x1420  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:27:59.0323 0x1420  LSI_FC - ok
18:27:59.0331 0x1420  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:27:59.0336 0x1420  LSI_SAS - ok
18:27:59.0343 0x1420  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
18:27:59.0347 0x1420  LSI_SAS2 - ok
18:27:59.0356 0x1420  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:27:59.0360 0x1420  LSI_SCSI - ok
18:27:59.0367 0x1420  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
18:27:59.0372 0x1420  luafv - ok
18:27:59.0378 0x1420  [ 1E9E32AEC3E1EB1B31B8169F33168B56, 39114585E1FDBBA31E1F781C6A627281907183F94626EB347B08D1F78992ED2A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
18:27:59.0381 0x1420  MBAMProtector - ok
18:27:59.0421 0x1420  [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
18:27:59.0449 0x1420  MBAMService - ok
18:27:59.0462 0x1420  [ E9CD058C79EA15B4AA93E259FA713B07, 2B09F65188D8782F9C797545F2F791EC7EAB85D8914B2C0B30BD869C412E3980 ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
18:27:59.0467 0x1420  MBAMSwissArmy - ok
18:27:59.0474 0x1420  [ F49FB3C88E263AE9A246593B0BB29294, FB53D6FA4A98B98334DCFF81E40712265256D31A9E9FF36022887BABD50F39EB ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
18:27:59.0477 0x1420  MBAMWebAccessControl - ok
18:27:59.0485 0x1420  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:27:59.0489 0x1420  Mcx2Svc - ok
18:27:59.0495 0x1420  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:27:59.0497 0x1420  megasas - ok
18:27:59.0512 0x1420  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
18:27:59.0522 0x1420  MegaSR - ok
18:27:59.0529 0x1420  [ 6B01B7414A105B9E51652089A03027CF, 9B113DC22F7D0D0B376E577C6D7083F9EDC09BBFE47726393E16D4FDAAAE21FE ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
18:27:59.0531 0x1420  MEIx64 - ok
18:27:59.0543 0x1420  Microsoft SharePoint Workspace Audit Service - ok
18:27:59.0551 0x1420  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
18:27:59.0556 0x1420  MMCSS - ok
18:27:59.0561 0x1420  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
18:27:59.0564 0x1420  Modem - ok
18:27:59.0569 0x1420  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:27:59.0571 0x1420  monitor - ok
18:27:59.0576 0x1420  motandroidusb - ok
18:27:59.0582 0x1420  motccgp - ok
18:27:59.0588 0x1420  motmodem - ok
18:27:59.0594 0x1420  MotoSwitchService - ok
18:27:59.0600 0x1420  Motousbnet - ok
18:27:59.0607 0x1420  motusbdevice - ok
18:27:59.0615 0x1420  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:27:59.0617 0x1420  mouclass - ok
18:27:59.0623 0x1420  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:27:59.0625 0x1420  mouhid - ok
18:27:59.0633 0x1420  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:27:59.0638 0x1420  mountmgr - ok
18:27:59.0649 0x1420  [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:27:59.0655 0x1420  MozillaMaintenance - ok
18:27:59.0669 0x1420  [ 73150F67D20270FF95A021A22E64F28A, A8878DEFBE437FB453F8E9243FB5C787D07AC7415A4475388D479C10417C524F ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
18:27:59.0678 0x1420  MpFilter - ok
18:27:59.0687 0x1420  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:27:59.0692 0x1420  mpio - ok
18:27:59.0700 0x1420  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:27:59.0704 0x1420  mpsdrv - ok
18:27:59.0735 0x1420  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:27:59.0757 0x1420  MpsSvc - ok
18:27:59.0769 0x1420  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:27:59.0775 0x1420  MRxDAV - ok
18:27:59.0784 0x1420  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:27:59.0790 0x1420  mrxsmb - ok
18:27:59.0806 0x1420  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:27:59.0814 0x1420  mrxsmb10 - ok
18:27:59.0822 0x1420  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:27:59.0827 0x1420  mrxsmb20 - ok
18:27:59.0834 0x1420  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:27:59.0836 0x1420  msahci - ok
18:27:59.0845 0x1420  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:27:59.0851 0x1420  msdsm - ok
18:27:59.0861 0x1420  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
18:27:59.0867 0x1420  MSDTC - ok
18:27:59.0879 0x1420  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:27:59.0880 0x1420  Msfs - ok
18:27:59.0890 0x1420  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:27:59.0891 0x1420  mshidkmdf - ok
18:27:59.0897 0x1420  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:27:59.0900 0x1420  msisadrv - ok
18:27:59.0910 0x1420  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:27:59.0916 0x1420  MSiSCSI - ok
18:27:59.0922 0x1420  msiserver - ok
18:27:59.0928 0x1420  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:27:59.0930 0x1420  MSKSSRV - ok
18:27:59.0936 0x1420  [ CE996C1821021ADF8E28E80A54E846A8, 99042E895B6C2EA80F3BA65563A12C8EBA882E3AD6A21DD8E799B0112C75DDD2 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
18:27:59.0937 0x1420  MsMpSvc - ok
18:27:59.0943 0x1420  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:27:59.0944 0x1420  MSPCLOCK - ok
18:27:59.0949 0x1420  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:27:59.0952 0x1420  MSPQM - ok
18:27:59.0970 0x1420  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:27:59.0980 0x1420  MsRPC - ok
18:27:59.0990 0x1420  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:27:59.0992 0x1420  mssmbios - ok
18:27:59.0997 0x1420  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:27:59.0998 0x1420  MSTEE - ok
18:28:00.0005 0x1420  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
18:28:00.0007 0x1420  MTConfig - ok
18:28:00.0014 0x1420  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
18:28:00.0018 0x1420  Mup - ok
18:28:00.0039 0x1420  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
18:28:00.0052 0x1420  napagent - ok
18:28:00.0067 0x1420  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:28:00.0076 0x1420  NativeWifiP - ok
18:28:00.0105 0x1420  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:28:00.0129 0x1420  NDIS - ok
18:28:00.0136 0x1420  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:28:00.0138 0x1420  NdisCap - ok
18:28:00.0143 0x1420  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:28:00.0145 0x1420  NdisTapi - ok
18:28:00.0152 0x1420  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:28:00.0156 0x1420  Ndisuio - ok
18:28:00.0165 0x1420  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:28:00.0171 0x1420  NdisWan - ok
18:28:00.0177 0x1420  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:28:00.0180 0x1420  NDProxy - ok
18:28:00.0186 0x1420  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:28:00.0188 0x1420  NetBIOS - ok
18:28:00.0204 0x1420  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:28:00.0212 0x1420  NetBT - ok
18:28:00.0218 0x1420  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] Netlogon        C:\Windows\system32\lsass.exe
18:28:00.0219 0x1420  Netlogon - ok
18:28:00.0236 0x1420  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
18:28:00.0247 0x1420  Netman - ok
18:28:00.0268 0x1420  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:28:00.0275 0x1420  NetMsmqActivator - ok
18:28:00.0282 0x1420  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:28:00.0287 0x1420  NetPipeActivator - ok
18:28:00.0309 0x1420  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
18:28:00.0326 0x1420  netprofm - ok
18:28:00.0334 0x1420  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:28:00.0338 0x1420  NetTcpActivator - ok
18:28:00.0346 0x1420  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:28:00.0350 0x1420  NetTcpPortSharing - ok
18:28:00.0356 0x1420  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:28:00.0359 0x1420  nfrd960 - ok
18:28:00.0370 0x1420  [ 4774AD83C650001B337B92E5E5DA337B, 138ECC7F556D8A12AE58B78B68F6515BE4C00F9F062596B48B6CA6C010F13035 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:28:00.0374 0x1420  NisDrv - ok
18:28:00.0389 0x1420  [ 96B7D15161A778B359E707796CCEA646, 9E4A25D9848FAECC517474EAD548E7975CBE3F41AAA964E5245E78F2A723925E ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
18:28:00.0400 0x1420  NisSrv - ok
18:28:00.0415 0x1420  [ 2FF6B48563AAFC12BB8CE2B4E4D7C65F, AAA77EBD643D4EE7EF40E9388CC6F8EA9AC19E491DDE64A8D8B0CAD666B21C94 ] NitroReaderDriverReadSpool3 C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
18:28:00.0424 0x1420  NitroReaderDriverReadSpool3 - ok
18:28:00.0442 0x1420  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:28:00.0453 0x1420  NlaSvc - ok
18:28:00.0459 0x1420  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:28:00.0462 0x1420  Npfs - ok
18:28:00.0468 0x1420  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
18:28:00.0470 0x1420  nsi - ok
18:28:00.0476 0x1420  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:28:00.0478 0x1420  nsiproxy - ok
18:28:00.0542 0x1420  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:28:00.0594 0x1420  Ntfs - ok
18:28:00.0602 0x1420  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
18:28:00.0603 0x1420  Null - ok
18:28:00.0613 0x1420  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:28:00.0619 0x1420  nvraid - ok
18:28:00.0629 0x1420  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:28:00.0635 0x1420  nvstor - ok
18:28:00.0644 0x1420  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:28:00.0648 0x1420  nv_agp - ok
18:28:00.0656 0x1420  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:28:00.0659 0x1420  ohci1394 - ok
18:28:00.0670 0x1420  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:28:00.0675 0x1420  ose - ok
18:28:00.0829 0x1420  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:28:00.0965 0x1420  osppsvc - ok
18:28:00.0988 0x1420  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:28:00.0998 0x1420  p2pimsvc - ok
18:28:01.0018 0x1420  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
18:28:01.0030 0x1420  p2psvc - ok
18:28:01.0039 0x1420  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
18:28:01.0043 0x1420  Parport - ok
18:28:01.0052 0x1420  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:28:01.0055 0x1420  partmgr - ok
18:28:01.0070 0x1420  [ 446462BBA744DA60379574926FD51EAB, 4A79E8EF28670333F4733FA0016508DC88E9BDC566B455DA5EDEDC514612180A ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
18:28:01.0076 0x1420  PassThru Service - ok
18:28:01.0088 0x1420  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:28:01.0097 0x1420  PcaSvc - ok
18:28:01.0106 0x1420  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
18:28:01.0112 0x1420  pci - ok
18:28:01.0119 0x1420  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
18:28:01.0120 0x1420  pciide - ok
18:28:01.0132 0x1420  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:28:01.0142 0x1420  pcmcia - ok
18:28:01.0151 0x1420  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:28:01.0154 0x1420  pcw - ok
18:28:01.0186 0x1420  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:28:01.0207 0x1420  PEAUTH - ok
18:28:01.0260 0x1420  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
18:28:01.0298 0x1420  PeerDistSvc - ok
18:28:01.0350 0x1420  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:28:01.0365 0x1420  PerfHost - ok
18:28:01.0412 0x1420  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
18:28:01.0452 0x1420  pla - ok
18:28:01.0472 0x1420  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:28:01.0484 0x1420  PlugPlay - ok
18:28:01.0491 0x1420  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:28:01.0494 0x1420  PNRPAutoReg - ok
18:28:01.0510 0x1420  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:28:01.0519 0x1420  PNRPsvc - ok
18:28:01.0542 0x1420  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:28:01.0556 0x1420  PolicyAgent - ok
18:28:01.0569 0x1420  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
18:28:01.0577 0x1420  Power - ok
18:28:01.0591 0x1420  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:28:01.0596 0x1420  PptpMiniport - ok
18:28:01.0605 0x1420  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
18:28:01.0608 0x1420  Processor - ok
18:28:01.0623 0x1420  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:28:01.0630 0x1420  ProfSvc - ok
18:28:01.0637 0x1420  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:28:01.0640 0x1420  ProtectedStorage - ok
18:28:01.0651 0x1420  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:28:01.0658 0x1420  Psched - ok
18:28:01.0666 0x1420  [ C32ECB99AD25E9A04F01C8665DF29EF8, 0489B3DEC6A33E50D8A48A8DAD3F5B923A81F7300E4A71358D90D2879BAC9AA2 ] pwdrvio         C:\Windows\system32\pwdrvio.sys
18:28:01.0687 0x1420  pwdrvio - ok
18:28:01.0694 0x1420  [ D619356B955EEFA642F5FF72755E8B3C, 1FD54978A77ACD6FBF1236E177ED074894743A9141E4169FE9AFE28680FC93C5 ] pwdspio         C:\Windows\system32\pwdspio.sys
18:28:01.0713 0x1420  pwdspio - ok
18:28:01.0766 0x1420  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:28:01.0806 0x1420  ql2300 - ok
18:28:01.0817 0x1420  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:28:01.0823 0x1420  ql40xx - ok
18:28:01.0837 0x1420  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
18:28:01.0847 0x1420  QWAVE - ok
18:28:01.0854 0x1420  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:28:01.0856 0x1420  QWAVEdrv - ok
18:28:01.0861 0x1420  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:28:01.0863 0x1420  RasAcd - ok
18:28:01.0871 0x1420  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:28:01.0873 0x1420  RasAgileVpn - ok
18:28:01.0881 0x1420  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
18:28:01.0886 0x1420  RasAuto - ok
18:28:01.0896 0x1420  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:28:01.0900 0x1420  Rasl2tp - ok
18:28:01.0916 0x1420  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
18:28:01.0926 0x1420  RasMan - ok
18:28:01.0933 0x1420  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:28:01.0937 0x1420  RasPppoe - ok
18:28:01.0945 0x1420  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:28:01.0949 0x1420  RasSstp - ok
18:28:01.0964 0x1420  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:28:01.0976 0x1420  rdbss - ok
18:28:01.0982 0x1420  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:28:01.0984 0x1420  rdpbus - ok
18:28:01.0989 0x1420  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:28:01.0991 0x1420  RDPCDD - ok
18:28:02.0005 0x1420  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
18:28:02.0011 0x1420  RDPDR - ok
18:28:02.0017 0x1420  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:28:02.0019 0x1420  RDPENCDD - ok
18:28:02.0027 0x1420  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:28:02.0029 0x1420  RDPREFMP - ok
18:28:02.0041 0x1420  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:28:02.0048 0x1420  RDPWD - ok
18:28:02.0060 0x1420  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:28:02.0069 0x1420  rdyboost - ok
18:28:02.0077 0x1420  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:28:02.0081 0x1420  RemoteAccess - ok
18:28:02.0091 0x1420  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:28:02.0099 0x1420  RemoteRegistry - ok
18:28:02.0107 0x1420  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:28:02.0112 0x1420  RpcEptMapper - ok
18:28:02.0117 0x1420  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
18:28:02.0119 0x1420  RpcLocator - ok
18:28:02.0139 0x1420  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
18:28:02.0154 0x1420  RpcSs - ok
18:28:02.0163 0x1420  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:28:02.0167 0x1420  rspndr - ok
18:28:02.0172 0x1420  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
18:28:02.0174 0x1420  s3cap - ok
18:28:02.0181 0x1420  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] SamSs           C:\Windows\system32\lsass.exe
18:28:02.0183 0x1420  SamSs - ok
18:28:02.0192 0x1420  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:28:02.0197 0x1420  sbp2port - ok
18:28:02.0210 0x1420  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:28:02.0217 0x1420  SCardSvr - ok
18:28:02.0223 0x1420  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:28:02.0226 0x1420  scfilter - ok
18:28:02.0264 0x1420  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
18:28:02.0295 0x1420  Schedule - ok
18:28:02.0305 0x1420  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:28:02.0307 0x1420  SCPolicySvc - ok
18:28:02.0317 0x1420  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:28:02.0323 0x1420  SDRSVC - ok
18:28:02.0330 0x1420  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:28:02.0332 0x1420  secdrv - ok
18:28:02.0338 0x1420  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
18:28:02.0341 0x1420  seclogon - ok
18:28:02.0348 0x1420  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
18:28:02.0353 0x1420  SENS - ok
18:28:02.0358 0x1420  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:28:02.0361 0x1420  SensrSvc - ok
18:28:02.0367 0x1420  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
18:28:02.0369 0x1420  Serenum - ok
18:28:02.0376 0x1420  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
18:28:02.0381 0x1420  Serial - ok
18:28:02.0388 0x1420  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:28:02.0390 0x1420  sermouse - ok
18:28:02.0406 0x1420  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
18:28:02.0412 0x1420  SessionEnv - ok
18:28:02.0417 0x1420  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:28:02.0419 0x1420  sffdisk - ok
18:28:02.0425 0x1420  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:28:02.0427 0x1420  sffp_mmc - ok
18:28:02.0432 0x1420  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:28:02.0434 0x1420  sffp_sd - ok
18:28:02.0440 0x1420  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:28:02.0442 0x1420  sfloppy - ok
18:28:02.0460 0x1420  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:28:02.0471 0x1420  SharedAccess - ok
18:28:02.0488 0x1420  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:28:02.0498 0x1420  ShellHWDetection - ok
18:28:02.0504 0x1420  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
18:28:02.0507 0x1420  SiSRaid2 - ok
18:28:02.0514 0x1420  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:28:02.0519 0x1420  SiSRaid4 - ok
18:28:02.0525 0x1420  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:28:02.0529 0x1420  Smb - ok
18:28:02.0540 0x1420  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:28:02.0543 0x1420  SNMPTRAP - ok
18:28:02.0641 0x1420  [ B5FF7F6EB690B573C55B46FF365FFFF4, F1F51F4B4EBAE471BF936E63B6BC075209A23A32BB9CF9125454FB11F3E900EC ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
18:28:02.0733 0x1420  SNP2UVC - ok
18:28:02.0745 0x1420  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:28:02.0747 0x1420  spldr - ok
18:28:02.0768 0x1420  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
18:28:02.0785 0x1420  Spooler - ok
18:28:02.0882 0x1420  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
18:28:02.0970 0x1420  sppsvc - ok
18:28:02.0982 0x1420  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:28:02.0987 0x1420  sppuinotify - ok
18:28:03.0006 0x1420  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:28:03.0019 0x1420  srv - ok
18:28:03.0039 0x1420  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:28:03.0050 0x1420  srv2 - ok
18:28:03.0060 0x1420  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:28:03.0066 0x1420  srvnet - ok
18:28:03.0077 0x1420  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:28:03.0085 0x1420  SSDPSRV - ok
18:28:03.0093 0x1420  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:28:03.0097 0x1420  SstpSvc - ok
18:28:03.0128 0x1420  [ 25C16F7D749F1BA7D573756338658727, 4A4056F34C0D34D793E0A24D37842F8122A5C072F9A2ED9192763FB0CC8FDADC ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
18:28:03.0595 0x1420  Steam Client Service - ok
18:28:03.0602 0x1420  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
18:28:03.0604 0x1420  stexstor - ok
18:28:03.0611 0x1420  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
18:28:03.0613 0x1420  StillCam - ok
18:28:03.0636 0x1420  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
18:28:03.0651 0x1420  stisvc - ok
18:28:03.0659 0x1420  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
18:28:03.0661 0x1420  storflt - ok
18:28:03.0667 0x1420  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
18:28:03.0670 0x1420  StorSvc - ok
18:28:03.0678 0x1420  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
18:28:03.0680 0x1420  storvsc - ok
18:28:03.0685 0x1420  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:28:03.0687 0x1420  swenum - ok
18:28:03.0705 0x1420  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
18:28:03.0723 0x1420  swprv - ok
18:28:03.0777 0x1420  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
18:28:03.0821 0x1420  SysMain - ok
18:28:03.0831 0x1420  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:28:03.0836 0x1420  TabletInputService - ok
18:28:03.0850 0x1420  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:28:03.0861 0x1420  TapiSrv - ok
18:28:03.0870 0x1420  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
18:28:03.0874 0x1420  TBS - ok
18:28:03.0933 0x1420  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:28:03.0978 0x1420  Tcpip - ok
18:28:04.0033 0x1420  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:28:04.0074 0x1420  TCPIP6 - ok
18:28:04.0086 0x1420  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:28:04.0089 0x1420  tcpipreg - ok
18:28:04.0099 0x1420  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:28:04.0100 0x1420  TDPIPE - ok
18:28:04.0107 0x1420  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:28:04.0109 0x1420  TDTCP - ok
18:28:04.0118 0x1420  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:28:04.0123 0x1420  tdx - ok
18:28:04.0130 0x1420  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:28:04.0132 0x1420  TermDD - ok
18:28:04.0157 0x1420  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
18:28:04.0176 0x1420  TermService - ok
18:28:04.0184 0x1420  [ 9201BE2BAB8A9FF8E20D8439AE3BB04D, D973C4FE5B8D02B15476D72B49105840A04DBFF8BCB77117C0354D046E6C02FB ] Themes          C:\Windows\system32\themeservice.dll
18:28:04.0188 0x1420  Themes - ok
18:28:04.0194 0x1420  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
18:28:04.0198 0x1420  THREADORDER - ok
18:28:04.0209 0x1420  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
18:28:04.0215 0x1420  TrkWks - ok
18:28:04.0227 0x1420  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:28:04.0232 0x1420  TrustedInstaller - ok
18:28:04.0242 0x1420  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:28:04.0244 0x1420  tssecsrv - ok
18:28:04.0252 0x1420  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:28:04.0255 0x1420  TsUsbFlt - ok
18:28:04.0262 0x1420  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
18:28:04.0264 0x1420  TsUsbGD - ok
18:28:04.0273 0x1420  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:28:04.0278 0x1420  tunnel - ok
18:28:04.0285 0x1420  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:28:04.0288 0x1420  uagp35 - ok
18:28:04.0304 0x1420  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:28:04.0314 0x1420  udfs - ok
18:28:04.0326 0x1420  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:28:04.0330 0x1420  UI0Detect - ok
18:28:04.0351 0x1420  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:28:04.0353 0x1420  uliagpkx - ok
18:28:04.0360 0x1420  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:28:04.0362 0x1420  umbus - ok
18:28:04.0367 0x1420  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
18:28:04.0369 0x1420  UmPass - ok
18:28:04.0380 0x1420  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
18:28:04.0387 0x1420  UmRdpService - ok
18:28:04.0403 0x1420  [ B097EBA0E3FEB020BB65FE43AF5ECCFF, B8FE680EE49B633F3FAFD81E8CE5063397774F63636C9F3C280815114A0ABD0F ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:28:04.0413 0x1420  UNS - ok
18:28:04.0428 0x1420  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
18:28:04.0438 0x1420  upnphost - ok
18:28:04.0446 0x1420  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
18:28:04.0448 0x1420  USBAAPL64 - ok
18:28:04.0456 0x1420  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
18:28:04.0462 0x1420  usbaudio - ok
18:28:04.0470 0x1420  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:28:04.0474 0x1420  usbccgp - ok
18:28:04.0483 0x1420  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:28:04.0487 0x1420  usbcir - ok
18:28:04.0494 0x1420  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
18:28:04.0496 0x1420  usbehci - ok
18:28:04.0512 0x1420  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:28:04.0523 0x1420  usbhub - ok
18:28:04.0529 0x1420  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:28:04.0531 0x1420  usbohci - ok
18:28:04.0537 0x1420  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:28:04.0539 0x1420  usbprint - ok
18:28:04.0546 0x1420  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:28:04.0548 0x1420  usbscan - ok
18:28:04.0555 0x1420  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:28:04.0571 0x1420  USBSTOR - ok
18:28:04.0577 0x1420  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:28:04.0579 0x1420  usbuhci - ok
18:28:04.0592 0x1420  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
18:28:04.0598 0x1420  usbvideo - ok
18:28:04.0605 0x1420  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
18:28:04.0609 0x1420  UxSms - ok
18:28:04.0615 0x1420  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] VaultSvc        C:\Windows\system32\lsass.exe
18:28:04.0617 0x1420  VaultSvc - ok
18:28:04.0623 0x1420  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:28:04.0625 0x1420  vdrvroot - ok
18:28:04.0648 0x1420  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
18:28:04.0663 0x1420  vds - ok
18:28:04.0669 0x1420  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:28:04.0672 0x1420  vga - ok
18:28:04.0677 0x1420  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:28:04.0680 0x1420  VgaSave - ok
18:28:04.0691 0x1420  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:28:04.0699 0x1420  vhdmp - ok
18:28:04.0707 0x1420  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:28:04.0710 0x1420  viaide - ok
18:28:04.0720 0x1420  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
18:28:04.0727 0x1420  vmbus - ok
18:28:04.0732 0x1420  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
18:28:04.0734 0x1420  VMBusHID - ok
18:28:04.0741 0x1420  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:28:04.0744 0x1420  volmgr - ok
18:28:04.0761 0x1420  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:28:04.0771 0x1420  volmgrx - ok
18:28:04.0786 0x1420  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:28:04.0795 0x1420  volsnap - ok
18:28:04.0820 0x1420  [ 6C60B5B5E6510BBC0CC3BA78722E8C80, F9E445566C314FF2F22382C051A090083741E86986729E905F07767DD9B84ABE ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
18:28:04.0839 0x1420  vpnagent - ok
18:28:04.0846 0x1420  [ 0F42C39016F82F345C0F2DB2D5B90EB4, 2E957E72BB8D0293F61FA7385BA9400DF7759E1E3D35FE24F3877A6460988F4D ] vpnva           C:\Windows\system32\DRIVERS\vpnva64-6.sys
18:28:04.0863 0x1420  vpnva - ok
18:28:04.0874 0x1420  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:28:04.0880 0x1420  vsmraid - ok
18:28:04.0932 0x1420  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
18:28:04.0975 0x1420  VSS - ok
18:28:04.0984 0x1420  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:28:04.0986 0x1420  vwifibus - ok
18:28:04.0994 0x1420  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:28:04.0998 0x1420  vwififlt - ok
18:28:05.0016 0x1420  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
18:28:05.0030 0x1420  W32Time - ok
18:28:05.0039 0x1420  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:28:05.0041 0x1420  WacomPen - ok
18:28:05.0051 0x1420  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:28:05.0055 0x1420  WANARP - ok
18:28:05.0062 0x1420  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:28:05.0064 0x1420  Wanarpv6 - ok
18:28:05.0107 0x1420  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
18:28:05.0151 0x1420  wbengine - ok
18:28:05.0164 0x1420  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:28:05.0171 0x1420  WbioSrvc - ok
18:28:05.0187 0x1420  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:28:05.0197 0x1420  wcncsvc - ok
18:28:05.0208 0x1420  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:28:05.0211 0x1420  WcsPlugInService - ok
18:28:05.0219 0x1420  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
18:28:05.0220 0x1420  Wd - ok
18:28:05.0250 0x1420  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:28:05.0270 0x1420  Wdf01000 - ok
18:28:05.0284 0x1420  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:28:05.0289 0x1420  WdiServiceHost - ok
18:28:05.0295 0x1420  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:28:05.0300 0x1420  WdiSystemHost - ok
18:28:05.0313 0x1420  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
18:28:05.0323 0x1420  WebClient - ok
18:28:05.0339 0x1420  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:28:05.0349 0x1420  Wecsvc - ok
18:28:05.0356 0x1420  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:28:05.0360 0x1420  wercplsupport - ok
18:28:05.0368 0x1420  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:28:05.0374 0x1420  WerSvc - ok
18:28:05.0379 0x1420  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:28:05.0381 0x1420  WfpLwf - ok
18:28:05.0388 0x1420  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:28:05.0390 0x1420  WIMMount - ok
18:28:05.0407 0x1420  WinDefend - ok
18:28:05.0415 0x1420  WinHttpAutoProxySvc - ok
18:28:05.0434 0x1420  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:28:05.0444 0x1420  Winmgmt - ok
18:28:05.0501 0x1420  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
18:28:05.0556 0x1420  WinRM - ok
18:28:05.0572 0x1420  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
18:28:05.0575 0x1420  WinUsb - ok
18:28:05.0587 0x1420  [ 4CEEFBB4D646848A6FCEC512B8C39479, 7FD15B04E22A6C8656C9105EE42AC39763E1ECC941B75F3F5C4D366166CBD315 ] WisLMSvc        C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
18:28:05.0593 0x1420  WisLMSvc - ok
18:28:05.0623 0x1420  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:28:05.0649 0x1420  Wlansvc - ok
18:28:05.0719 0x1420  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:28:05.0783 0x1420  wlidsvc - ok
18:28:05.0792 0x1420  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
18:28:05.0795 0x1420  WmiAcpi - ok
18:28:05.0809 0x1420  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:28:05.0815 0x1420  wmiApSrv - ok
18:28:05.0821 0x1420  WMPNetworkSvc - ok
18:28:05.0828 0x1420  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:28:05.0831 0x1420  WPCSvc - ok
18:28:05.0841 0x1420  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:28:05.0848 0x1420  WPDBusEnum - ok
18:28:05.0857 0x1420  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:28:05.0858 0x1420  ws2ifsl - ok
18:28:05.0868 0x1420  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
18:28:05.0873 0x1420  wscsvc - ok
18:28:05.0878 0x1420  WSearch - ok
18:28:05.0957 0x1420  [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:28:06.0019 0x1420  wuauserv - ok
18:28:06.0030 0x1420  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:28:06.0034 0x1420  WudfPf - ok
18:28:06.0047 0x1420  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:28:06.0056 0x1420  WUDFRd - ok
18:28:06.0064 0x1420  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:28:06.0068 0x1420  wudfsvc - ok
18:28:06.0082 0x1420  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:28:06.0091 0x1420  WwanSvc - ok
18:28:06.0102 0x1420  ================ Scan global ===============================
18:28:06.0108 0x1420  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
18:28:06.0121 0x1420  [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
18:28:06.0141 0x1420  [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
18:28:06.0154 0x1420  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
18:28:06.0170 0x1420  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
18:28:06.0182 0x1420  [ Global ] - ok
18:28:06.0183 0x1420  ================ Scan MBR ==================================
18:28:06.0186 0x1420  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:28:06.0192 0x1420  \Device\Harddisk0\DR0 - ok
18:28:06.0928 0x1420  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
18:28:06.0941 0x1420  \Device\Harddisk1\DR1 - ok
18:28:06.0943 0x1420  ================ Scan VBR ==================================
18:28:06.0946 0x1420  [ C78FC1B7D574DBDA6B22150F0C51BEE0 ] \Device\Harddisk0\DR0\Partition1
18:28:06.0947 0x1420  \Device\Harddisk0\DR0\Partition1 - ok
18:28:06.0956 0x1420  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition2
18:28:06.0956 0x1420  \Device\Harddisk0\DR0\Partition2 - ok
18:28:06.0960 0x1420  [ 1EEB9720A90CE91557E90A819512B96C ] \Device\Harddisk0\DR0\Partition3
18:28:06.0962 0x1420  \Device\Harddisk0\DR0\Partition3 - ok
18:28:06.0969 0x1420  [ 5E96E98542616AEA83A57DE96F95BF76 ] \Device\Harddisk1\DR1\Partition1
18:28:06.0970 0x1420  \Device\Harddisk1\DR1\Partition1 - ok
18:28:06.0973 0x1420  ================ Scan generic autorun ======================
18:28:06.0980 0x1420  [ 2F24294330D7A3FEF156C346B7B0B18D, DFB609A72FA80884C230B060278AAF431FB837E17DF035CB4013EAA2284AB47C ] C:\Windows\system32\igfxtray.exe
18:28:06.0985 0x1420  IgfxTray - ok
18:28:07.0001 0x1420  [ 65887009AA1D15F80DB43CFEADEB0A25, 5CFB8C9E675B31A5BE2928382056B326E7FDF4BF1C8437F289560DBC32910F1D ] C:\Windows\system32\hkcmd.exe
18:28:07.0011 0x1420  HotKeysCmds - ok
18:28:07.0026 0x1420  [ D2D948CEB3A9A3ABE4A8F26394BC5A35, DD5242AA072FAE89FB84C4BB3E4459A1EAC90565CCEDE76B0CDB3E1B6C157B8F ] C:\Windows\system32\igfxpers.exe
18:28:07.0038 0x1420  Persistence - ok
18:28:07.0362 0x1420  [ 4320A7045EC51CCC554E607B1CE0FA26, 67BBCD69B54C4C02A91BA4D0960C4F31675DE3C5B06C74852061A754FCF4E0E0 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
18:28:07.0701 0x1420  RtHDVCpl - ok
18:28:07.0747 0x1420  [ 350AE710634AF327DDC90B897BBBA23A, E4F0C0D50894A9CA63311AC48EA22F7B9BCA35AE3AC71AD6259C0FAC6FA134B9 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
18:28:07.0777 0x1420  RtHDVBg_Dolby - ok
18:28:07.0792 0x1420  [ 02F2FE12B0C924D649F16073D0B011D1, E6D61ADD817A1DF882F176E901E55B99141F6D4FD848A97E47FF34BB7A36B28E ] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
18:28:07.0803 0x1420  AmIcoSinglun64 - ok
18:28:07.0804 0x1420  ETDCtrl - ok
18:28:08.0046 0x1420  [ 0EC61D81D929CDC4866450148AAE97F5, 76C1BA06B11A15EAEA637669DC00383AEBDA237A1D7DEA2580D1295EF35DF68C ] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
18:28:08.0277 0x1420  Energy Management - ok
18:28:08.0503 0x1420  [ 9BD21473A5FB8192CE57E6C22D724626, BDC8E3585A75C058D5395612794D222BAFCCFD01B8AB92AB5F7D9118A545F12B ] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
18:28:08.0678 0x1420  EnergyUtility - ok
18:28:08.0724 0x1420  [ 35BA4E6632BA690EA6421C1E03537D0E, 99D6B4DB12ABE3A7F44AB1B2D626978E85231185AE280D9516986027BC8385CB ] c:\Program Files\Microsoft Security Client\msseces.exe
18:28:08.0763 0x1420  MSC - ok
18:28:08.0777 0x1420  [ 766AE515B1749F2141E418CC6C08515B, 02DDB5A7DB8278AA47A951604818E73DB69155DBF1ECD06B6E11926204EADAE7 ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
18:28:08.0785 0x1420  IAStorIcon - ok
18:28:08.0787 0x1420  snp2uvc - ok
18:28:08.0800 0x1420  [ 4D241A6A8F6BA9FA32FF836551FFDCEA, DEE87DFB6A8E87D40E3653435223B54AF2AB232DDC02D22468C126C54096F006 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
18:28:08.0810 0x1420  USB3MON - ok
18:28:08.0827 0x1420  [ 71AB5A0A54ACFF2929C76545322DAC5C, F72A27C287ABB5380C8F6253A3866B749C3185D0F69DD3F4948A7EE30A874437 ] C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
18:28:08.0839 0x1420  {CDF13D74-E6AA-4006-818A-B360D6A3573C} - ok
18:28:08.0851 0x1420  [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
18:28:08.0855 0x1420  BCSSync - ok
18:28:08.0861 0x1420  EaseUS EPM tray - ok
18:28:08.0882 0x1420  [ C8D2344DAED56FCE1504D006669F2F34, 4BD6D75E94D7171D9248BBFA3696C53317FBEEA556396564B60B9A84E374B465 ] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
18:28:08.0954 0x1420  DivXMediaServer - ok
18:28:09.0025 0x1420  [ 16AFB34618E1286FF856DC600AC49C79, 431EC110507685A0F4472EAE35383B4C1E3DC0B56E01CDECFB18F753181DC995 ] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
18:28:09.0072 0x1420  DivXUpdate - ok
18:28:09.0084 0x1420  [ 914535EB45F9F4B722C53FFA5799D11A, 16302C63BB98D5B9C3A3C39A6CE914CD0F64094FEAD1CABB21C3DFFFBEBEBD48 ] C:\Program Files (x86)\Nebenkosten easy\UDT2.exe
18:28:09.0690 0x1420  WAREHaus easy - ok
18:28:09.0713 0x1420  [ F7D9D141F9C64EDA38294710E9450F3C, 95267ACE721E8C3C7CE35AE1FE294CF13AE0485743F209A4E42085B0ACE435CB ] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
18:28:09.0729 0x1420  Cisco AnyConnect Secure Mobility Agent for Windows - ok
18:28:09.0736 0x1420  [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
18:28:09.0740 0x1420  HP Software Update - ok
18:28:09.0775 0x1420  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
18:28:09.0806 0x1420  Sidebar - ok
18:28:09.0815 0x1420  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
18:28:09.0820 0x1420  mctadmin - ok
18:28:09.0856 0x1420  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
18:28:09.0879 0x1420  Sidebar - ok
18:28:09.0887 0x1420  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
18:28:09.0890 0x1420  mctadmin - ok
18:28:09.0907 0x1420  [ B22CB67919EBAD88B0E8BB9CDA446010, 2F744FEAC48EDE7D6B6D2727F7DDFA80B26D9E3B0009741B00992B19AD85E128 ] C:\Windows\System32\StikyNot.exe
18:28:09.0920 0x1420  RESTART_STICKY_NOTES - ok
18:28:09.0922 0x1420  GoogleDriveSync - ok
18:28:09.0935 0x1420  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] C:\Users\SA\AppData\Local\Google\Update\GoogleUpdate.exe
18:28:09.0939 0x1420  Google Update - ok
18:28:09.0939 0x1420  Remotr - ok
18:28:09.0963 0x1420  [ 3A9FA910E679385D3F5647B9B8CF5CA2, DE321EB829E461CF91474C942FEDCC6FA0C20D9674067FE21C6F3DF438F61A4B ] C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
18:28:09.0987 0x1420  OfficeSyncProcess - ok
18:28:10.0004 0x1420  [ 50E999CDFBCFEBC7B14452E35D1E4C83, 007EBBC78603F4C691FD65B60B93A0E4C0CDB5EB7D9555212E1C36B268C981D2 ] C:\Users\SA\AppData\Local\Microsoft\OneDrive\OneDrive.exe
18:28:10.0015 0x1420  OneDrive - ok
18:28:10.0107 0x1420  [ 501E808B5832505C51F539874E586353, 2F0C36BBB52052DD86E31BD7E0D3B7DD3BB7CF84E212900518E9CBE0C935DC43 ] C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
18:28:10.0203 0x1420  HP Officejet 4630 series (NET) - ok
18:28:10.0291 0x1420  [ E35C5C690F92ED8556B28BDB2F5B34AE, 8B4A169F9D8FBBD63339600D16BD59F5486AA79FD0AB146DC5332224265266CB ] C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe
18:28:10.0361 0x1420  SafeInCloud - ok
18:28:10.0365 0x1420  Waiting for KSN requests completion. In queue: 43
18:28:11.0365 0x1420  Waiting for KSN requests completion. In queue: 43
18:28:12.0365 0x1420  Waiting for KSN requests completion. In queue: 43
18:28:13.0395 0x1420  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x61000 ( enabled : updated )
18:28:13.0403 0x1420  Win FW state via NFP2: enabled
18:28:16.0105 0x1420  ============================================================
18:28:16.0105 0x1420  Scan finished
18:28:16.0105 0x1420  ============================================================
18:28:16.0115 0x134c  Detected object count: 0
18:28:16.0115 0x134c  Actual detected object count: 0

Bei Malwarebytes Anti-Rootkit habe ich anscheinend Mist gebaut.
Habe es runtergeladen... aber ich hatte auf dem PC noch Malwarebytes Anti-Malware, ich dachte das wäre Malwarebytes Anti-Rootkit. Habe es gestartet und bin der Anleitung "gefolgt" dachte es wäre einfach auf Deutsch umgestellt. Habe Malwarebytes Anti-Malware gestartet, das hat so etwa 5 Objekte gefunden -> Neustart und gelöscht. Erst dann habe ich gesehen, dass Malwarebytes Anti-Rootkit was anderes ist. Habs letztendlich gestartet, aber das hat dann nichts mehr gefunden.
Nun habe zu Malwarebytes Anti-Malware keine Log-Datei

Log von Malwarebytes Ant-Malware doch gefunden

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 22.05.2015
Suchlauf-Zeit: 18:09:13
Logdatei: 
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.22.03
Rootkit Datenbank: v2015.05.16.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: SA

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 358081
Verstrichene Zeit: 10 Min, 33 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 5
PUP.Optional.IEBho.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0025320D-4D37-4C73-9A5C-0C28F04068A3}, In Quarantäne, [c6e5a1f59cee8fa717f92f27bf448a76], 
PUP.Optional.IEBho.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{0025320D-4D37-4C73-9A5C-0C28F04068A3}, In Quarantäne, [c6e5a1f59cee8fa717f92f27bf448a76], 
PUP.Optional.IEBho.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0025320D-4D37-4C73-9A5C-0C28F04068A3}, In Quarantäne, [c6e5a1f59cee8fa717f92f27bf448a76], 
PUP.Optional.IEBho.A, HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0025320D-4D37-4C73-9A5C-0C28F04068A3}, In Quarantäne, [c6e5a1f59cee8fa717f92f27bf448a76], 
PUP.Optional.IEBho.A, HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0025320D-4D37-4C73-9A5C-0C28F04068A3}, In Quarantäne, [c6e5a1f59cee8fa717f92f27bf448a76], 

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 1
PUP.Optional.Giga, C:\Users\SA\Downloads\Heiz--und-Nebenkosten-fr-Excel-2010-lnstall.exe, In Quarantäne, [8229dcba5832be783aba7d86ca3c49b7], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

senderos · 22.05.2015, 18:07

Weiß ja nicht was jetzt passiert ist, aber ich bin auf Youtube.com gegangen, wollte mit ein Video anschauen und dann kam folgendes (siehe Bild). Also eine Weiterleitung, ich konnte nicht auf Youtube zugreifen. Habe Chrome beendet. Nun geht Youtube wieder ohne die Weiterleitung auf diese komische Seite. Alles sehr komisch.

Habe nichts weiteres runtergeladen oder ähnliches.

schrauber · 23.05.2015, 16:40

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

senderos · 23.05.2015, 17:37

Hi & danke

Code:

ATTFilter

ComboFix 15-05-19.01 - SA 23.05.2015  18:29:56.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3941.2814 [GMT 2:00]
ausgeführt von:: c:\users\SA\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
c:\windows\SysWow64\CoolXPProgress.ocx
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-04-23 bis 2015-05-23  ))))))))))))))))))))))))))))))
.
.
2015-05-23 16:34 . 2015-05-23 16:34	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-05-22 16:35 . 2015-05-22 16:49	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-05-22 16:21 . 2015-05-22 16:21	--------	d-----w-	C:\OneDriveTemp
2015-05-22 12:09 . 2015-05-03 03:16	12214312	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA6722D9-6401-4520-96EF-DFB5570DA6BA}\mpengine.dll
2015-05-22 11:49 . 2015-05-22 16:24	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-22 11:49 . 2015-05-22 16:34	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-05-22 11:49 . 2015-05-22 16:06	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2015-05-22 11:49 . 2015-05-22 11:49	--------	d-----w-	c:\programdata\Malwarebytes
2015-05-22 11:49 . 2015-04-14 07:37	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-05-22 11:49 . 2015-04-14 07:37	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-05-22 11:33 . 2015-05-22 11:35	--------	d-----w-	C:\FRST
2015-05-22 08:47 . 2015-03-27 12:44	1187344	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2320313-719B-409E-B222-C5F5C771B111}\gapaengine.dll
2015-05-22 08:47 . 2015-05-03 03:16	12214312	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-05-22 01:55 . 2015-05-22 01:55	--------	d-----w-	c:\users\SA\AppData\Local\Deployment
2015-05-22 01:55 . 2015-05-22 01:55	--------	d-----w-	c:\users\SA\AppData\Local\Apps
2015-05-21 14:06 . 2015-05-21 14:06	--------	d-----w-	c:\users\SA\AppData\Local\Wunderlist-Bridge
2015-05-21 14:00 . 2015-05-22 13:38	--------	d-----w-	c:\users\SA\AppData\Roaming\NetSpeedMonitor
2015-05-21 12:39 . 2015-05-21 14:11	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2015-05-19 08:37 . 2015-05-19 08:37	--------	d-----w-	c:\program files\Intugame
2015-05-18 23:27 . 2015-05-18 23:29	--------	d-----w-	c:\users\SA\adbfw125
2015-05-15 13:54 . 2015-05-15 13:54	--------	d-----w-	c:\program files (x86)\Safe In Cloud
2015-05-14 23:38 . 2015-05-01 13:17	124112	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 23:38 . 2015-05-01 13:16	102608	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 22:40 . 2015-05-13 22:40	--------	d-----w-	c:\users\SA\AppData\Local\Kingosoft
2015-05-13 22:40 . 2015-05-15 12:40	--------	d-----w-	c:\program files (x86)\Kingo ROOT
2015-05-13 10:40 . 2015-04-13 03:28	328704	----a-w-	c:\windows\system32\services.exe
2015-05-13 10:39 . 2015-04-20 03:17	1647104	----a-w-	c:\windows\system32\DWrite.dll
2015-05-04 16:08 . 2015-05-04 16:34	--------	d-----w-	c:\users\SA\AppData\Roaming\Mp3tag
2015-05-04 16:08 . 2015-05-04 16:08	--------	d-----w-	c:\program files (x86)\Mp3tag
2015-05-03 18:09 . 2015-05-03 18:09	--------	d-----w-	c:\program files\DivX
2015-04-30 14:08 . 2015-04-30 14:08	--------	d-----w-	c:\program files (x86)\Hewlett-Packard
2015-04-30 14:08 . 2015-04-30 14:08	--------	d-----w-	c:\program files (x86)\HP Photo Creations
2015-04-30 14:08 . 2015-04-30 14:08	--------	d-----w-	c:\programdata\Visan
2015-04-30 14:08 . 2015-04-30 14:08	--------	d-----w-	c:\programdata\HP Photo Creations
2015-04-30 14:07 . 2015-05-14 15:22	--------	d-----w-	c:\users\SA\AppData\Roaming\HpUpdate
2015-04-30 14:07 . 2014-07-21 14:31	763912	------w-	c:\windows\system32\HPDiscoPMC611.dll
2015-04-30 14:07 . 2015-05-03 15:21	--------	d-----w-	c:\program files (x86)\HP
2015-04-30 14:07 . 2015-04-30 14:07	--------	d-----w-	c:\program files\HP
2015-04-30 14:05 . 2015-04-30 15:08	--------	d-----w-	c:\users\SA\AppData\Local\HP
2015-04-30 13:34 . 2015-04-30 14:07	--------	d-----w-	c:\programdata\HP
2015-04-25 15:22 . 2015-04-25 15:22	--------	d-----w-	c:\users\SA\AppData\Local\CrystalDiskMark
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-18 21:09 . 2014-01-12 14:34	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-05-18 21:09 . 2014-01-12 14:34	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-14 23:42 . 2014-01-14 02:12	140425016	----a-w-	c:\windows\system32\MRT.exe
2015-04-27 19:04 . 2015-05-13 10:40	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-04-14 01:38 . 2015-04-14 01:38	1217192	----a-w-	c:\windows\SysWow64\FM20.DLL
2015-03-27 12:44 . 2014-01-23 22:33	1187344	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-25 03:24 . 2015-04-15 15:31	98304	----a-w-	c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 15:31	37376	----a-w-	c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 15:31	35328	----a-w-	c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 15:31	3298816	----a-w-	c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 15:31	2553856	----a-w-	c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 15:31	191488	----a-w-	c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 15:31	696320	----a-w-	c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 15:31	60416	----a-w-	c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 15:31	12288	----a-w-	c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 15:31	36864	----a-w-	c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 15:31	135168	----a-w-	c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 15:31	92672	----a-w-	c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 15:31	566784	----a-w-	c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 15:31	29696	----a-w-	c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 15:31	173056	----a-w-	c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 15:31	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-15 15:30	726528	----a-w-	c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 15:30	769536	----a-w-	c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 15:30	419840	----a-w-	c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 15:30	957952	----a-w-	c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 15:30	30720	----a-w-	c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 15:30	192000	----a-w-	c:\windows\system32\aepic.dll
2015-03-23 03:24 . 2015-04-15 15:30	227328	----a-w-	c:\windows\system32\aepdu.dll
2015-03-23 03:17 . 2015-04-15 15:30	1111552	----a-w-	c:\windows\system32\aeinv.dll
2015-03-10 03:25 . 2015-04-15 15:30	1882624	----a-w-	c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-15 15:30	2048	----a-w-	c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-15 15:30	1237504	----a-w-	c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-15 15:30	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
2015-03-05 05:12 . 2015-04-15 15:30	404480	----a-w-	c:\windows\system32\gdi32.dll
2015-03-05 04:05 . 2015-04-15 15:30	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2015-03-04 17:34 . 2015-03-04 17:34	280376	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2015-03-04 17:34 . 2013-09-27 08:53	124568	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2015-03-04 04:55 . 2015-04-15 15:29	367552	----a-w-	c:\windows\system32\clfs.sys
2015-03-04 04:41 . 2015-04-15 15:29	79360	----a-w-	c:\windows\system32\clfsw32.dll
2015-03-04 04:41 . 2015-05-13 10:39	103424	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:41 . 2015-05-13 10:39	309248	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:10 . 2015-04-15 15:29	58880	----a-w-	c:\windows\SysWow64\clfsw32.dll
2015-03-04 04:10 . 2015-05-13 10:39	470528	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-13 10:39	2178560	----a-w-	c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-13 10:39	2560	----a-w-	c:\windows\apppatch\AcRes.dll
2015-03-03 13:17 . 2010-11-21 03:27	295552	------w-	c:\windows\system32\MpSigStub.exe
2015-02-25 03:18 . 2015-04-15 15:30	754688	----a-w-	c:\windows\system32\drivers\http.sys
2000-07-14 22:00	136192	--sha-r-	c:\windows\SysWOW64\MSDERUN.DLL
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-05-22 08:35	1605832	----a-w-	c:\users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-05-22 08:35	1605832	----a-w-	c:\users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-05-22 08:35	1605832	----a-w-	c:\users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-05-22 08:35	1605832	----a-w-	c:\users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-05-22 08:35	1605832	----a-w-	c:\users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\SA\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\SA\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\SA\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2015-03-18 720064]
"OneDrive"="c:\users\SA\AppData\Local\Microsoft\OneDrive\OneDrive.exe" [2015-05-22 382664]
"HP Officejet 4630 series (NET)"="c:\program files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe" [2014-07-21 3487240]
"SafeInCloud"="c:\program files (x86)\Safe In Cloud\SafeInCloud.exe" [2015-04-29 2666496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
"{CDF13D74-E6AA-4006-818A-B360D6A3573C}"="c:\program files (x86)\Launch Manager\HotkeyApp.exe" [2012-03-01 415272]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2015-04-08 448520]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2014-10-16 707472]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
c:\users\SA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\SA\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 43374104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys;c:\windows\SYSNATIVE\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S2 WisLMSvc;WisLMSvc;c:\program files (x86)\Launch Manager\WisLMSvc.exe;c:\program files (x86)\Launch Manager\WisLMSvc.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 86955789
*NewlyCreated* - MBAMPROTECTOR
*Deregistered* - 86955789
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\Duden ADXRegistrator on]
2013-02-21 12:01	132968	----a-w-	c:\program files (x86)\Duden\Duden-Rechtschreibpruefung\adxregistrator.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\Duden dkClean install]
2013-01-29 15:41	105064	----a-w-	c:\program files (x86)\Duden\Duden-Rechtschreibpruefung\DKClean.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\Duden dktray on]
2012-10-26 09:56	154728	----a-w-	c:\programdata\Duden\DKReg.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-12 21:09]
.
2015-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-05-22 01:55]
.
2015-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-05-22 01:55]
.
2014-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1304990952-4288149683-1654658012-1000Core.job
- c:\users\SA\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-31 09:47]
.
2014-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1304990952-4288149683-1654658012-1000Core1cff4efa37aaf20.job
- c:\users\SA\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-31 09:47]
.
2015-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1304990952-4288149683-1654658012-1000Core1cffeb4d0a3b446.job
- c:\users\SA\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-31 09:47]
.
2015-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1304990952-4288149683-1654658012-1000Core1d0409bb9bb568a.job
- c:\users\SA\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-31 09:47]
.
2015-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1304990952-4288149683-1654658012-1000Core1d09164ac01cc15.job
- c:\users\SA\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-31 09:47]
.
2015-05-22 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 12:41]
.
2015-05-23 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 12:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-05-22 08:35	1645256	----a-w-	c:\users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-05-22 08:35	1645256	----a-w-	c:\users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-05-22 08:35	1645256	----a-w-	c:\users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-05-22 08:35	1645256	----a-w-	c:\users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-05-22 08:35	1645256	----a-w-	c:\users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\SA\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\SA\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\SA\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\SA\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-24 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-24 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-24 440600]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-10 12445288]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 1156712]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-12-21 368728]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2014-08-01 8069024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2014-08-01 6201248]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://heise.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Lesezeichen ausschneiden - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.heise.de/|www.wired.de|hxxp://www.androidauthority.com/|hxxp://www.dw.de/themen/kultur/s-1534|www.engadget|www.wired.com
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKCU-Run-Remotr - c:\program files (x86)\Remotr\RemotrServer.exe
Wow6432Node-HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
Wow6432Node-HKLM-Run-EaseUS EPM tray - c:\program files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-GOGPACKDEPONIA_is1 - c:\gog games\Deponia\unins000.exe
AddRemove-Steam - d:\steam\uninstall.exe
AddRemove-Steam App 105000 - d:\steam\steam.exe
AddRemove-Steam App 105450 - d:\steam\steam.exe
AddRemove-Steam App 232010 - d:\steam\steam.exe
AddRemove-Steam App 32370 - d:\steam\steam.exe
AddRemove-Steam App 7670 - d:\steam\steam.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-05-23  18:36:17
ComboFix-quarantined-files.txt  2015-05-23 16:36
.
Vor Suchlauf: 12 Verzeichnis(se), 43.521.159.168 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 43.552.935.936 Bytes frei
.
- - End Of File - - 6B48DA479199BCF74EDFAF377173E31F

schrauber · 24.05.2015, 10:25

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

senderos · 24.05.2015, 18:51

MAM

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 24.05.2015
Suchlauf-Zeit: 19:14:49
Logdatei: 
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.24.03
Rootkit Datenbank: v2015.05.16.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: SA

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 372060
Verstrichene Zeit: 10 Min, 21 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

ADW

Code:

ATTFilter

# AdwCleaner v4.204 - Bericht erstellt 24/05/2015 um 19:35:01
# Aktualisiert 12/05/2015 von Xplode
# Datenbank : 2015-05-21.2 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : SA - SA-PC
# Gestarted von : C:\Users\SA\Downloads\adwcleaner_4.205.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.1 (x86 de)


-\\ Google Chrome v43.0.2357.65


*************************

AdwCleaner[R0].txt - [886 Bytes] - [13/01/2014 16:23:35]
AdwCleaner[R1].txt - [3038 Bytes] - [28/01/2015 04:22:47]
AdwCleaner[R2].txt - [3098 Bytes] - [28/01/2015 04:24:50]
AdwCleaner[R3].txt - [1102 Bytes] - [28/01/2015 04:31:42]
AdwCleaner[R4].txt - [1491 Bytes] - [04/03/2015 21:17:11]
AdwCleaner[R5].txt - [1707 Bytes] - [09/03/2015 02:28:29]
AdwCleaner[R6].txt - [1854 Bytes] - [21/05/2015 15:55:48]
AdwCleaner[R7].txt - [1475 Bytes] - [22/05/2015 03:47:14]
AdwCleaner[R8].txt - [1534 Bytes] - [23/05/2015 13:23:12]
AdwCleaner[R9].txt - [1589 Bytes] - [24/05/2015 19:29:39]
AdwCleaner[S0].txt - [946 Bytes] - [14/01/2014 02:17:02]
AdwCleaner[S1].txt - [3152 Bytes] - [28/01/2015 04:26:13]
AdwCleaner[S2].txt - [1722 Bytes] - [09/03/2015 02:32:01]
AdwCleaner[S3].txt - [1867 Bytes] - [21/05/2015 15:58:05]
AdwCleaner[S4].txt - [1509 Bytes] - [24/05/2015 19:35:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1568  Bytes] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.9 (05.24.2015:1)
OS: Windows 7 Professional x64
Ran by SA on 24.05.2015 at 19:39:08,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\SA\AppData\Roaming\mozilla\firefox\profiles\03zsoz7b.default\minidumps [196 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.05.2015 at 19:42:08,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-05-2015
Ran by SA (administrator) on SA-PC on 24-05-2015 19:49:04
Running from C:\Users\SA\Downloads
Loaded Profiles: SA (Available profiles: SA)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [170264 2012-02-24] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [398616 2012-02-24] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [440600 2012-02-24] (Intel Corporation)
HKLM-x32\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-10] (Realtek Semiconductor)
HKLM-x32\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [368728 2011-12-21] (Alcor Micro Corp.)
HKLM-x32\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816816 2012-03-13] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8069024 2014-08-01] (Lenovo (Beijing) Limited)
HKLM-x32\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6201248 2014-08-01] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [{CDF13D74-E6AA-4006-818A-B360D6A3573C}] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [415272 2012-03-01] (Wistron Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-04-08] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-10-16] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\Run: [OneDrive] => C:\Users\SA\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382664 2015-05-22] (Microsoft Corporation)
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\Run: [SafeInCloud] => C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe [2666496 2015-04-29] ()
Startup: C:\Users\SA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-01-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\SA\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://heise.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1304990952-4288149683-1654658012-1000 -> {ACDAE7D7-9B55-493B-8451-B5C9BE61ACC3} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-02] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-02] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default
FF Homepage: hxxp://www.heise.de/|www.wired.de|hxxp://www.androidauthority.com/|hxxp://www.dw.de/themen/kultur/s-1534|www.engadget|www.wired.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-18] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-18] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-22] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1304990952-4288149683-1654658012-1000: @tools.google.com/Google Update;version=3 -> C:\Users\SA\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-1304990952-4288149683-1654658012-1000: @tools.google.com/Google Update;version=9 -> C:\Users\SA\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\searchplugins\duckduckgo.xml [2014-06-26]
FF SearchPlugin: C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\searchplugins\idealode.xml [2014-01-13]
FF SearchPlugin: C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\searchplugins\ponscom--griechisch--deutsch.xml [2014-09-05]
FF SearchPlugin: C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\searchplugins\youtube.xml [2014-01-13]
FF Extension: WOT - C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-12]
FF Extension: Block site - C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2014-03-20]
FF Extension: Media Hint - C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\Extensions\mediahint@jetpack.xpi [2014-02-05]
FF Extension: {00f6c944-aba3-4122-a391-4e244783e6d7} - C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\Extensions\{00f6c944-aba3-4122-a391-4e244783e6d7}.xpi [2014-11-05]
FF Extension: QuickTime Player - C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\Extensions\{8ac4ce99-0505-4401-ab1d-66735ed2731a}.xpi [2014-11-10]
FF Extension: Video DownloadHelper - C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-05-22]
FF Extension: Adblock Plus - C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-09]
FF Extension: Adblock Edge - C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-01-12]

Chrome: 
=======
CHR Profile: C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-11]
CHR Extension: (Google Docs) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-11]
CHR Extension: (Google Drive) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-11]
CHR Extension: (WOT) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-04-11]
CHR Extension: (YouTube) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-11]
CHR Extension: (Google Cast) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-04-11]
CHR Extension: (Adblock Plus) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-11]
CHR Extension: (Pushbullet) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-05-05]
CHR Extension: (Adblock for Youtube™) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-04-11]
CHR Extension: (Google Search) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-11]
CHR Extension: (Youtube-to-MP3 GOLD) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejcmlonfegmnhinnopgjhibfghbgpeoc [2015-05-01]
CHR Extension: (Google Sheets) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-11]
CHR Extension: (Desktop Notifications for Android) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\giicnncicnopjohcpamieklkiacdoeni [2015-05-19]
CHR Extension: (Bookmark Manager) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (eBay Extension for Google Chrome™) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khhckppjhonfmcpegdjdibmngahahhck [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-11]
CHR Extension: (SafeInCloud Password Manager) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lchdigjbcmdgcfeijpfkpadacbijihjl [2015-04-11]
CHR Extension: (Save to Pocket) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-04-11]
CHR Extension: (Google Wallet) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-11]
CHR Extension: (Gmail) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-11]
CHR HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2014-07-02] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [119848 2011-12-21] (Wistron Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3532160 2011-10-11] (Sonix Technology Co., Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-10-16] (Cisco Systems, Inc.)
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 19:42 - 2015-05-24 19:42 - 00000727 _____ () C:\Users\SA\Desktop\JRT.txt
2015-05-24 19:39 - 2015-05-24 19:39 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SA-PC-Windows-7-Professional-(64-bit).dat
2015-05-24 19:39 - 2015-05-24 19:39 - 00000000 ____D () C:\RegBackup
2015-05-24 19:38 - 2015-05-24 19:38 - 02945770 _____ (Thisisu) C:\Users\SA\Downloads\JRT.exe
2015-05-24 11:23 - 2015-05-20 19:37 - 00048903 _____ () C:\Users\SA\Desktop\Game.of.Thrones.S05E06.HDTV.x264-ASAP.de-SC&TV4U.srt
2015-05-24 11:04 - 2015-05-24 11:04 - 00019067 _____ () C:\Users\SA\Downloads\Game.of.Thrones.S05E06.HDTV.x264-ASAP.de-SC&TV4U.rar
2015-05-24 11:04 - 2015-05-24 11:04 - 00019067 _____ () C:\Users\SA\Desktop\Game.of.Thrones.S05E06.HDTV.x264-ASAP.de-SC&TV4U.rar
2015-05-24 11:02 - 2015-05-24 11:22 - 189281107 _____ () C:\Users\SA\Desktop\Watch Game.of.Thrones.S05E06.HDTV.x264-ASAP online NowVideo.flv
2015-05-23 18:36 - 2015-05-23 18:36 - 00029716 _____ () C:\ComboFix.txt
2015-05-23 18:28 - 2015-05-23 18:36 - 00000000 ____D () C:\Qoobox
2015-05-23 18:28 - 2015-05-23 18:34 - 00000000 ____D () C:\Windows\erdnt
2015-05-23 18:28 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-23 18:28 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-23 18:28 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-23 18:28 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-23 18:28 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-23 18:28 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-23 18:28 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-23 18:28 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-23 18:27 - 2015-05-23 18:27 - 05627500 ____R (Swearware) C:\Users\SA\Desktop\ComboFix.exe
2015-05-23 18:27 - 2015-05-23 18:27 - 05627500 _____ (Swearware) C:\Users\SA\Downloads\ComboFix.exe
2015-05-22 18:35 - 2015-05-22 18:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-22 18:34 - 2015-05-22 18:49 - 00000000 ____D () C:\Users\SA\Desktop\mbar
2015-05-22 18:29 - 2015-05-22 18:29 - 00109231 _____ () C:\Users\SA\Desktop\Tdss.txt
2015-05-22 18:26 - 2015-05-22 18:25 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\SA\Desktop\tdsskiller.exe
2015-05-22 18:25 - 2015-05-22 18:25 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\SA\Downloads\tdsskiller.exe
2015-05-22 18:21 - 2015-05-22 18:21 - 00000000 ___HD () C:\OneDriveTemp
2015-05-22 18:05 - 2015-05-22 13:48 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\SA\Desktop\mbam-setup-2.1.6.1022.exe
2015-05-22 18:01 - 2015-05-22 18:01 - 16502728 _____ (Malwarebytes Corp.) C:\Users\SA\Downloads\mbar-1.09.1.1004.exe
2015-05-22 16:31 - 2015-05-24 19:28 - 00000000 ____D () C:\Users\SA\Desktop\Kaschki Wirtschaftspädagogik
2015-05-22 15:39 - 2015-05-24 19:35 - 00002072 _____ () C:\Windows\PFRO.log
2015-05-22 15:39 - 2015-05-24 19:35 - 00000168 _____ () C:\Windows\setupact.log
2015-05-22 15:39 - 2015-05-22 15:39 - 492509039 _____ () C:\Windows\MEMORY.DMP
2015-05-22 15:39 - 2015-05-22 15:39 - 00718752 _____ () C:\Windows\Minidump\052215-9734-01.dmp
2015-05-22 15:39 - 2015-05-22 15:39 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-22 14:08 - 2015-05-22 14:08 - 00007378 _____ () C:\Users\SA\Desktop\gmer.log
2015-05-22 14:01 - 2015-05-22 14:01 - 00000238 _____ () C:\Users\SA\Downloads\defogger_enable.log
2015-05-22 13:58 - 2015-05-22 14:00 - 00000466 _____ () C:\Users\SA\Downloads\defogger_disable.log
2015-05-22 13:58 - 2015-05-22 13:58 - 00050477 _____ () C:\Users\SA\Downloads\Defogger.exe
2015-05-22 13:49 - 2015-05-24 19:14 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-22 13:49 - 2015-05-22 18:34 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-22 13:49 - 2015-05-22 18:06 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-22 13:49 - 2015-05-22 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-22 13:49 - 2015-05-22 18:06 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-22 13:49 - 2015-05-22 13:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-22 13:49 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-22 13:49 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-22 13:47 - 2015-05-22 13:48 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\SA\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-22 13:34 - 2015-05-24 19:49 - 00025705 _____ () C:\Users\SA\Downloads\FRST.txt
2015-05-22 13:34 - 2015-05-22 13:35 - 00052999 _____ () C:\Users\SA\Downloads\Addition.txt
2015-05-22 13:33 - 2015-05-24 19:49 - 00000000 ____D () C:\FRST
2015-05-22 13:33 - 2015-05-22 13:33 - 02108416 _____ (Farbar) C:\Users\SA\Downloads\FRST64.exe
2015-05-22 13:32 - 2015-05-22 13:32 - 00380416 _____ () C:\Users\SA\Downloads\9hqdq6nw.exe
2015-05-22 12:57 - 2015-05-22 12:57 - 00018842 _____ () C:\Users\SA\Downloads\Scene_23_Hobbs_Yard_Back_Room_Savegame.zip
2015-05-22 03:56 - 2015-05-22 03:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-22 03:55 - 2015-05-24 19:35 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-22 03:55 - 2015-05-24 19:13 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-22 03:55 - 2015-05-22 04:01 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-22 03:55 - 2015-05-22 04:01 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-22 03:55 - 2015-05-22 03:55 - 00000000 ____D () C:\Users\SA\AppData\Local\Deployment
2015-05-22 03:55 - 2015-05-22 03:55 - 00000000 ____D () C:\Users\SA\AppData\Local\Apps\2.0
2015-05-22 02:31 - 2015-05-22 02:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-22 00:45 - 2015-05-22 00:45 - 00000000 ____D () C:\Users\SA\Documents\Broken Sword 5
2015-05-22 00:34 - 2014-05-10 20:36 - 00000000 ____D () C:\Users\SA\Desktop\BS5_v1.11-win32
2015-05-21 21:13 - 2015-05-22 00:26 - 2886515926 _____ () C:\Users\SA\Downloads\BS5_v1.11-win32.zip
2015-05-21 16:10 - 2015-05-21 16:10 - 00001076 _____ () C:\Users\SA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wunderlist.lnk
2015-05-21 16:10 - 2015-05-21 16:10 - 00000000 ____D () C:\Users\SA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wunderlist
2015-05-21 16:06 - 2015-05-21 16:06 - 00000000 ____D () C:\Users\SA\AppData\Local\Wunderlist-Bridge
2015-05-21 16:02 - 2015-05-21 16:02 - 02209792 _____ () C:\Users\SA\Downloads\adwcleaner_4.205 (1).exe
2015-05-21 16:00 - 2015-05-22 15:38 - 00000000 ____D () C:\Users\SA\AppData\Roaming\NetSpeedMonitor
2015-05-21 15:59 - 2015-05-21 15:59 - 02209792 _____ () C:\Users\SA\Downloads\adwcleaner_4.205.exe
2015-05-21 15:53 - 2015-05-21 15:53 - 03652608 _____ () C:\Users\SA\Downloads\netspeedmonitor_2_5_4_0_x64_setup.msi
2015-05-21 14:39 - 2015-05-21 16:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-05-20 10:09 - 2015-05-20 10:09 - 00013993 ____H () C:\Users\SA\Desktop\~WRL0198.tmp
2015-05-19 10:37 - 2015-05-19 10:37 - 00000000 ____D () C:\Program Files\Intugame
2015-05-19 02:37 - 2015-05-19 02:37 - 00004169 _____ () C:\Users\SA\Downloads\listaGreece.m3u
2015-05-19 02:36 - 2015-05-19 02:36 - 00000056 _____ () C:\Users\SA\Downloads\greecelist.txt
2015-05-19 01:27 - 2015-05-19 01:29 - 00000000 ____D () C:\Users\SA\adbfw125
2015-05-19 01:26 - 2015-05-19 01:27 - 54338034 _____ () C:\Users\SA\Downloads\adbfw125.zip
2015-05-19 01:19 - 2015-05-19 01:20 - 62638253 _____ () C:\Users\SA\Downloads\kodi-14.2-Helix-armeabi-v7a.apk
2015-05-18 14:17 - 2015-05-18 14:17 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1304990952-4288149683-1654658012-1000Core1d09164ac01cc15.job
2015-05-16 14:37 - 2015-05-12 20:26 - 00000000 ____D () C:\Users\SA\Desktop\Die Zeit 2015 20
2015-05-15 21:24 - 2015-05-15 21:24 - 00000000 ____D () C:\Users\SA\Desktop\Anträge Examen
2015-05-15 15:54 - 2015-05-15 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safe In Cloud
2015-05-15 15:54 - 2015-05-15 15:54 - 00000000 ____D () C:\Program Files (x86)\Safe In Cloud
2015-05-15 01:38 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 01:38 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 00:40 - 2015-05-15 14:40 - 00000000 ____D () C:\Program Files (x86)\Kingo ROOT
2015-05-14 00:40 - 2015-05-14 00:40 - 00000000 ____D () C:\Users\SA\AppData\Local\Kingosoft
2015-05-13 12:41 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 12:41 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 12:41 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 12:41 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 12:41 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 12:41 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 12:41 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 12:41 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 12:41 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 12:41 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 12:41 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 12:41 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 12:41 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 12:41 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 12:41 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 12:41 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 12:41 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 12:41 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 12:41 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 12:41 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 12:41 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 12:41 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 12:41 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 12:41 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 12:41 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 12:41 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 12:41 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 12:41 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 12:41 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 12:41 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 12:41 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 12:41 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 12:41 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 12:41 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 12:41 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 12:41 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 12:41 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 12:41 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 12:41 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 12:41 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 12:41 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 12:41 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 12:41 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 12:41 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 12:41 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 12:41 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 12:41 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 12:41 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 12:41 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 12:41 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 12:41 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 12:41 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 12:41 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 12:41 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 12:41 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 12:41 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 12:41 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 12:41 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 12:41 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 12:41 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 12:41 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 12:41 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 12:41 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 12:41 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 12:40 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 12:40 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 12:40 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 12:40 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 12:40 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 12:40 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 12:40 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 12:40 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 12:40 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 12:40 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 12:40 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 12:40 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 12:40 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 12:40 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 12:40 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 12:40 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 12:40 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 12:40 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 12:40 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 12:40 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 12:40 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 12:40 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 12:40 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 12:40 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 12:40 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 12:40 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 12:40 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 12:40 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 12:40 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 12:40 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 12:40 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 12:40 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 12:40 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 12:40 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 12:40 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 12:40 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 12:40 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 12:40 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 12:40 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 12:40 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 12:40 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 12:40 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 12:40 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 12:40 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 12:40 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 12:40 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 12:40 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 12:40 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 12:39 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 12:39 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 12:39 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 12:39 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 12:39 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 12:39 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 12:39 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 12:39 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 12:39 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 12:39 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 12:39 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 12:39 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 12:39 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 12:39 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 12:39 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 12:39 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 12:39 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-11 20:01 - 2015-05-11 20:01 - 08180736 _____ () C:\Users\SA\Downloads\chromeremotedesktophost.msi
2015-05-04 18:08 - 2015-05-04 18:34 - 00000000 ____D () C:\Users\SA\AppData\Roaming\Mp3tag
2015-05-04 18:08 - 2015-05-04 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2015-05-04 18:08 - 2015-05-04 18:08 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2015-05-04 10:03 - 2015-05-04 10:06 - 00000000 ____D () C:\Users\SA\Desktop\Medien Examen
2015-05-03 21:28 - 2015-05-03 21:28 - 00003538 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 2a5e9c29682a43af85b6fe518840a18b504807a879b6454aa1dd64f0dcf2f296
2015-05-03 20:09 - 2015-05-03 20:09 - 00000000 ____D () C:\Program Files\DivX
2015-05-01 11:43 - 2015-05-05 22:13 - 00000000 ____D () C:\Users\SA\Desktop\Mp3 Songs einzelne Sänger
2015-04-30 16:19 - 2015-04-30 16:22 - 170428968 _____ () C:\Users\SA\Downloads\OJ4630_198.exe
2015-04-30 16:08 - 2015-04-30 16:08 - 00000000 ____D () C:\ProgramData\Visan
2015-04-30 16:08 - 2015-04-30 16:08 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2015-04-30 16:08 - 2015-04-30 16:08 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2015-04-30 16:08 - 2015-04-30 16:08 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-04-30 16:07 - 2015-05-14 17:22 - 00000000 ____D () C:\Users\SA\AppData\Roaming\HpUpdate
2015-04-30 16:07 - 2015-05-03 17:21 - 00000000 ____D () C:\Program Files (x86)\HP
2015-04-30 16:07 - 2015-04-30 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-04-30 16:07 - 2015-04-30 16:07 - 00000000 ____D () C:\Program Files\HP
2015-04-30 16:07 - 2014-07-21 16:31 - 00763912 ____N (Hewlett-Packard Development Company, LP) C:\Windows\system32\HPDiscoPMC611.dll
2015-04-30 16:06 - 2015-04-30 16:06 - 00000057 _____ () C:\ProgramData\Ament.ini
2015-04-30 16:05 - 2015-04-30 17:08 - 00000000 ____D () C:\Users\SA\AppData\Local\HP
2015-04-30 15:34 - 2015-04-30 16:07 - 00000000 ____D () C:\ProgramData\HP
2015-04-25 23:29 - 2015-04-25 23:29 - 06786320 _____ (SD Association ) C:\Users\SA\Downloads\setup.exe
2015-04-25 17:22 - 2015-04-25 17:22 - 00000000 ____D () C:\Users\SA\AppData\Local\CrystalDiskMark

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 19:46 - 2009-07-14 06:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-24 19:46 - 2009-07-14 06:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-24 19:42 - 2011-04-12 09:43 - 00702852 _____ () C:\Windows\system32\perfh007.dat
2015-05-24 19:42 - 2011-04-12 09:43 - 00150460 _____ () C:\Windows\system32\perfc007.dat
2015-05-24 19:42 - 2009-07-14 07:13 - 01627948 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-24 19:39 - 2015-03-04 18:58 - 00000000 ___RD () C:\Users\SA\OneDrive
2015-05-24 19:36 - 2014-01-12 06:58 - 00000000 ___RD () C:\Users\SA\Dropbox
2015-05-24 19:35 - 2014-08-15 20:33 - 01670714 _____ () C:\Windows\WindowsUpdate.log
2015-05-24 19:35 - 2014-01-13 16:23 - 00000000 ____D () C:\AdwCleaner
2015-05-24 19:35 - 2014-01-12 06:57 - 00000000 ____D () C:\Users\SA\AppData\Roaming\Dropbox
2015-05-24 19:35 - 2014-01-12 06:02 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-05-24 19:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-24 19:28 - 2014-12-11 15:13 - 00034304 ___SH () C:\Users\SA\Thumbs.db
2015-05-24 19:13 - 2014-01-12 16:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-24 12:25 - 2014-01-24 16:00 - 00000000 ____D () C:\Users\SA\AppData\Roaming\vlc
2015-05-24 11:02 - 2014-01-14 19:58 - 00000000 ____D () C:\Users\SA\dwhelper
2015-05-24 11:00 - 2014-01-12 06:02 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-05-23 18:36 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-23 18:34 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-22 16:30 - 2014-04-30 23:57 - 03541504 ___SH () C:\Users\SA\Desktop\Thumbs.db
2015-05-22 15:39 - 2014-01-31 12:31 - 00000000 ____D () C:\Windows\Minidump
2015-05-22 15:39 - 2014-01-12 05:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-22 14:01 - 2014-01-12 05:36 - 00000000 ____D () C:\Users\SA
2015-05-22 13:24 - 2014-01-12 05:36 - 00000000 ____D () C:\Users\SA\AppData\Local\VirtualStore
2015-05-22 10:35 - 2015-04-04 17:06 - 00002168 _____ () C:\Users\SA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-05-22 03:56 - 2014-02-13 19:44 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-21 21:08 - 2015-01-17 12:50 - 00000000 ____D () C:\Users\SA\AppData\Local\SafeInCloud
2015-05-21 17:12 - 2014-11-21 14:27 - 00000000 ____D () C:\Users\SA\AppData\Local\Wunderlist
2015-05-21 03:00 - 2015-04-05 21:47 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-21 03:00 - 2015-04-05 21:47 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-20 22:39 - 2014-08-31 00:01 - 00000000 ____D () C:\Users\SA\Documents\Calibre-Bibliothek
2015-05-19 01:22 - 2014-11-04 15:57 - 00000000 ____D () C:\Users\SA\AppData\Local\Amazon_FireTV_Utility_App
2015-05-18 23:10 - 2014-10-23 10:30 - 00000000 ____D () C:\Users\SA\AppData\Local\Adobe
2015-05-18 23:09 - 2014-01-12 16:34 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-18 23:09 - 2014-01-12 16:34 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-18 23:09 - 2014-01-12 16:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-18 14:17 - 2015-02-04 18:57 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1304990952-4288149683-1654658012-1000Core1d0409bb9bb568a.job
2015-05-15 16:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-15 15:53 - 2014-05-14 21:23 - 00000000 ____D () C:\Users\SA\AppData\Local\Downloaded Installations
2015-05-15 15:13 - 2014-01-12 16:25 - 00000000 ____D () C:\Users\SA\AppData\Roaming\Nitro PDF
2015-05-15 11:03 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-15 11:03 - 2009-07-14 06:45 - 00569072 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-15 11:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-15 01:50 - 2014-01-12 06:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-15 01:49 - 2014-01-12 17:06 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-15 01:49 - 2014-01-12 17:06 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-15 01:48 - 2014-01-12 17:06 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-15 01:48 - 2014-01-12 17:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-15 01:47 - 2014-01-14 04:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-15 01:42 - 2014-01-14 04:12 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-15 01:38 - 2014-01-31 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-15 01:37 - 2014-01-31 23:22 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-15 01:37 - 2014-01-31 23:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 00:41 - 2014-01-17 20:01 - 00000000 ____D () C:\Users\SA\.android
2015-05-12 21:26 - 2014-12-22 22:51 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-12 17:57 - 2014-01-12 06:58 - 00000000 ____D () C:\Users\SA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-04 10:03 - 2015-03-03 14:33 - 00000000 ____D () C:\Users\SA\Desktop\ESL mündlich Examen Diezemann
2015-05-03 20:10 - 2014-10-31 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-05-03 20:10 - 2014-10-31 17:00 - 00000000 ____D () C:\ProgramData\DivX
2015-05-03 20:10 - 2014-10-31 17:00 - 00000000 ____D () C:\Program Files (x86)\DivX
2015-05-03 17:20 - 2014-03-16 02:41 - 00000000 ____D () C:\Users\SA\AppData\Roaming\Notepad++
2015-05-03 17:20 - 2014-03-16 02:41 - 00000000 ____D () C:\Program Files (x86)\Notepad++

==================== Files in the root of some directories =======

2014-07-25 21:40 - 2014-07-25 21:40 - 0000275 _____ () C:\Users\SA\AppData\Local\HamsterAudioConverterSettings.cfg
2014-08-05 14:04 - 2014-08-05 14:04 - 0003814 _____ () C:\Users\SA\AppData\Local\recently-used.xbel
2014-01-12 06:15 - 2014-01-12 06:15 - 0002193 _____ () C:\Users\SA\AppData\Local\WiDiSetupLog.20140112.051533.txt
2015-04-30 16:06 - 2015-04-30 16:06 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\SA\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcnittf.dll
C:\Users\SA\AppData\Local\Temp\Quarantine.exe
C:\Users\SA\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 14:26

==================== End of log ============================

Diese "Viral-Video Meldung" kam vorhin übrigens wieder, als ich ein Video bei youtube suchen wollte, also als ich die Suchleiste angeklickt habe.

schrauber · 25.05.2015, 11:09

Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

senderos · 25.05.2015, 20:28

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3b30957da920b5489f5423deb6b4cd02
# engine=24014
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-25 07:17:51
# local_time=2015-05-25 09:17:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 934139 55561865 0 0
# scanned=155688
# found=5
# cleaned=0
# scan_time=2864
sh=A916807E39DCEAF14C3A08A548CC5B5B62AF3B43 ft=1 fh=a878a36d5176c92e vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SA\AppData\Roaming\Security Systems\uninstall.exe.vir"
sh=2DCDF4E2718258FA61FA4F04486C5F618D43FC6E ft=1 fh=ecdae62e3857a1c4 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SA\AppData\Roaming\Security Systems\data\ucheck.exe.vir"
sh=F679F9CF95C7ABEEA0FEA1B1C1AFA1076E2B2F79 ft=0 fh=0000000000000000 vn="Android/Exploit.Towel.A Trojaner" ac=I fn="C:\Users\SA\adbfw125\tr.apk"
sh=FBB527417362944E5D22D97E8E3275C869A453CF ft=0 fh=0000000000000000 vn="Android/Exploit.Towel.A Trojaner" ac=I fn="C:\Users\SA\Downloads\adbfw125.zip"
sh=F679F9CF95C7ABEEA0FEA1B1C1AFA1076E2B2F79 ft=0 fh=0000000000000000 vn="Android/Exploit.Towel.A Trojaner" ac=I fn="C:\Users\SA\Fire TV App Sideload\apps\tr.apk"

Security Check

Code:

ATTFilter

 Results of screen317's Security Check version 1.001  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 25  
 Java version 32-bit out of Date! 
 Adobe Flash Player 17.0.0.188  
 Adobe Reader XI  
 Mozilla Firefox (38.0.1) 
 Mozilla Thunderbird (31.7.0) 
 Google Chrome (43.0.2357.81) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015
Ran by SA (administrator) on SA-PC on 25-05-2015 21:27:16
Running from C:\Users\SA\Downloads
Loaded Profiles: SA (Available Profiles: SA)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Users\SA\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [368728 2011-12-21] (Alcor Micro Corp.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816816 2012-03-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8069024 2014-08-01] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6201248 2014-08-01] (Lenovo(beijing) Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [{CDF13D74-E6AA-4006-818A-B360D6A3573C}] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [415272 2012-03-01] (Wistron Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-04-08] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-10-16] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\Run: [OneDrive] => C:\Users\SA\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382664 2015-05-22] (Microsoft Corporation)
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\Run: [SafeInCloud] => C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe [2666496 2015-04-29] ()
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\...\Run: [GoogleChromeAutoLaunch_767E88C3CBE738135FEC1D3A44A04FDD] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)
Startup: C:\Users\SA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-01-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\SA\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\SA\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SA\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1304990952-4288149683-1654658012-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://heise.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1304990952-4288149683-1654658012-1000 -> {ACDAE7D7-9B55-493B-8451-B5C9BE61ACC3} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-02] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-02] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default
FF Homepage: hxxp://www.heise.de/|www.wired.de|hxxp://www.androidauthority.com/|hxxp://www.dw.de/themen/kultur/s-1534|www.engadget|www.wired.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-18] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-18] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-25] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1304990952-4288149683-1654658012-1000: @tools.google.com/Google Update;version=3 -> C:\Users\SA\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-1304990952-4288149683-1654658012-1000: @tools.google.com/Google Update;version=9 -> C:\Users\SA\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\searchplugins\duckduckgo.xml [2014-06-26]
FF SearchPlugin: C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\searchplugins\idealode.xml [2014-01-13]
FF SearchPlugin: C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\searchplugins\ponscom--griechisch--deutsch.xml [2014-09-05]
FF SearchPlugin: C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\searchplugins\youtube.xml [2014-01-13]
FF Extension: WOT - C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-12]
FF Extension: Block site - C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2014-03-20]
FF Extension: Media Hint - C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\Extensions\mediahint@jetpack.xpi [2014-02-05]
FF Extension: {00f6c944-aba3-4122-a391-4e244783e6d7} - C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\Extensions\{00f6c944-aba3-4122-a391-4e244783e6d7}.xpi [2014-11-05]
FF Extension: QuickTime Player - C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\Extensions\{8ac4ce99-0505-4401-ab1d-66735ed2731a}.xpi [2014-11-10]
FF Extension: Video DownloadHelper - C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-05-22]
FF Extension: Adblock Plus - C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-09]
FF Extension: Adblock Edge - C:\Users\SA\AppData\Roaming\Mozilla\Firefox\Profiles\03zsoz7b.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-01-12]

Chrome: 
=======
CHR Profile: C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-25]
CHR Extension: (Google Docs) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-25]
CHR Extension: (Google Drive) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-25]
CHR Extension: (WOT) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-05-25]
CHR Extension: (YouTube) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-25]
CHR Extension: (Google Cast) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-05-25]
CHR Extension: (Adblock Plus) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-25]
CHR Extension: (Pushbullet) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-05-25]
CHR Extension: (Adblock for Youtube™) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-05-25]
CHR Extension: (Google Search) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-25]
CHR Extension: (Google Sheets) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-25]
CHR Extension: (Desktop Notifications for Android) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\giicnncicnopjohcpamieklkiacdoeni [2015-05-25]
CHR Extension: (Bookmark Manager) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-25]
CHR Extension: (eBay Extension for Google Chrome™) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck [2015-05-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-25]
CHR Extension: (SafeInCloud Password Manager) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lchdigjbcmdgcfeijpfkpadacbijihjl [2015-05-25]
CHR Extension: (Save to Pocket) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-05-25]
CHR Extension: (Google Wallet) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-25]
CHR Extension: (Gmail) - C:\Users\SA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () []
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2014-07-02] (Microsoft Corporation) []
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [119848 2011-12-21] (Wistron Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3532160 2011-10-11] (Sonix Technology Co., Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) []
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-10-16] (Cisco Systems, Inc.)
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 21:27 - 2015-05-25 21:27 - 00000000 ____D () C:\Users\SA\Downloads\FRST-OlderVersion
2015-05-25 21:23 - 2015-05-25 21:23 - 00852630 _____ () C:\Users\SA\Downloads\SecurityCheck.exe
2015-05-25 20:02 - 2015-05-25 20:03 - 02347384 _____ (ESET) C:\Users\SA\Downloads\esetsmartinstaller_deu.exe
2015-05-25 19:57 - 2015-05-25 19:57 - 00002251 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-25 19:57 - 2015-05-25 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-25 19:55 - 2015-05-25 21:06 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-25 19:55 - 2015-05-25 20:06 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-25 19:55 - 2015-05-25 20:01 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-25 19:55 - 2015-05-25 20:01 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-25 19:55 - 2015-05-25 19:55 - 00880208 _____ (Google Inc.) C:\Users\SA\Downloads\ChromeSetup.exe
2015-05-25 19:48 - 2015-05-25 19:48 - 00001268 _____ () C:\Users\SA\Desktop\Revo Uninstaller.lnk
2015-05-25 19:48 - 2015-05-25 19:48 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-25 19:47 - 2015-05-25 19:48 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\SA\Downloads\revosetup95.exe
2015-05-24 19:42 - 2015-05-24 19:42 - 00000727 _____ () C:\Users\SA\Desktop\JRT.txt
2015-05-24 19:39 - 2015-05-24 19:39 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SA-PC-Windows-7-Professional-(64-bit).dat
2015-05-24 19:39 - 2015-05-24 19:39 - 00000000 ____D () C:\RegBackup
2015-05-24 19:38 - 2015-05-24 19:38 - 02945770 _____ (Thisisu) C:\Users\SA\Downloads\JRT.exe
2015-05-24 11:04 - 2015-05-24 11:04 - 00019067 _____ () C:\Users\SA\Downloads\Game.of.Thrones.S05E06.HDTV.x264-ASAP.de-SC&TV4U.rar
2015-05-23 18:36 - 2015-05-23 18:36 - 00029716 _____ () C:\ComboFix.txt
2015-05-23 18:28 - 2015-05-23 18:36 - 00000000 ____D () C:\Qoobox
2015-05-23 18:28 - 2015-05-23 18:34 - 00000000 ____D () C:\Windows\erdnt
2015-05-23 18:28 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-23 18:28 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-23 18:28 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-23 18:28 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-23 18:28 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-23 18:28 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-23 18:28 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-23 18:28 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-23 18:27 - 2015-05-23 18:27 - 05627500 ____R (Swearware) C:\Users\SA\Desktop\ComboFix.exe
2015-05-23 18:27 - 2015-05-23 18:27 - 05627500 _____ (Swearware) C:\Users\SA\Downloads\ComboFix.exe
2015-05-22 18:35 - 2015-05-22 18:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-22 18:34 - 2015-05-22 18:49 - 00000000 ____D () C:\Users\SA\Desktop\mbar
2015-05-22 18:29 - 2015-05-22 18:29 - 00109231 _____ () C:\Users\SA\Desktop\Tdss.txt
2015-05-22 18:26 - 2015-05-22 18:25 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\SA\Desktop\tdsskiller.exe
2015-05-22 18:25 - 2015-05-22 18:25 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\SA\Downloads\tdsskiller.exe
2015-05-22 18:21 - 2015-05-22 18:21 - 00000000 ___HD () C:\OneDriveTemp
2015-05-22 18:05 - 2015-05-22 13:48 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\SA\Desktop\mbam-setup-2.1.6.1022.exe
2015-05-22 18:01 - 2015-05-22 18:01 - 16502728 _____ (Malwarebytes Corp.) C:\Users\SA\Downloads\mbar-1.09.1.1004.exe
2015-05-22 16:31 - 2015-05-24 19:28 - 00000000 ____D () C:\Users\SA\Desktop\Kaschki Wirtschaftspädagogik
2015-05-22 15:39 - 2015-05-24 19:35 - 00002072 _____ () C:\Windows\PFRO.log
2015-05-22 15:39 - 2015-05-24 19:35 - 00000168 _____ () C:\Windows\setupact.log
2015-05-22 15:39 - 2015-05-22 15:39 - 492509039 _____ () C:\Windows\MEMORY.DMP
2015-05-22 15:39 - 2015-05-22 15:39 - 00718752 _____ () C:\Windows\Minidump\052215-9734-01.dmp
2015-05-22 15:39 - 2015-05-22 15:39 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-22 14:08 - 2015-05-22 14:08 - 00007378 _____ () C:\Users\SA\Desktop\gmer.log
2015-05-22 14:01 - 2015-05-22 14:01 - 00000238 _____ () C:\Users\SA\Downloads\defogger_enable.log
2015-05-22 13:58 - 2015-05-22 14:00 - 00000466 _____ () C:\Users\SA\Downloads\defogger_disable.log
2015-05-22 13:58 - 2015-05-22 13:58 - 00050477 _____ () C:\Users\SA\Downloads\Defogger.exe
2015-05-22 13:49 - 2015-05-24 19:14 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-22 13:49 - 2015-05-22 18:34 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-22 13:49 - 2015-05-22 18:06 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-22 13:49 - 2015-05-22 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-22 13:49 - 2015-05-22 18:06 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-22 13:49 - 2015-05-22 13:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-22 13:49 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-22 13:49 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-22 13:47 - 2015-05-22 13:48 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\SA\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-22 13:34 - 2015-05-25 21:27 - 00025846 _____ () C:\Users\SA\Downloads\FRST.txt
2015-05-22 13:34 - 2015-05-22 13:35 - 00052999 _____ () C:\Users\SA\Downloads\Addition.txt
2015-05-22 13:33 - 2015-05-25 21:27 - 02108928 _____ (Farbar) C:\Users\SA\Downloads\FRST64.exe
2015-05-22 13:33 - 2015-05-25 21:27 - 00000000 ____D () C:\FRST
2015-05-22 13:32 - 2015-05-22 13:32 - 00380416 _____ () C:\Users\SA\Downloads\9hqdq6nw.exe
2015-05-22 12:57 - 2015-05-22 12:57 - 00018842 _____ () C:\Users\SA\Downloads\Scene_23_Hobbs_Yard_Back_Room_Savegame.zip
2015-05-22 03:55 - 2015-05-22 03:55 - 00000000 ____D () C:\Users\SA\AppData\Local\Deployment
2015-05-22 03:55 - 2015-05-22 03:55 - 00000000 ____D () C:\Users\SA\AppData\Local\Apps\2.0
2015-05-22 02:31 - 2015-05-22 02:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-22 00:45 - 2015-05-22 00:45 - 00000000 ____D () C:\Users\SA\Documents\Broken Sword 5
2015-05-22 00:34 - 2014-05-10 20:36 - 00000000 ____D () C:\Users\SA\Desktop\BS5_v1.11-win32
2015-05-21 21:13 - 2015-05-22 00:26 - 2886515926 _____ () C:\Users\SA\Downloads\BS5_v1.11-win32.zip
2015-05-21 16:10 - 2015-05-21 16:10 - 00001076 _____ () C:\Users\SA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wunderlist.lnk
2015-05-21 16:10 - 2015-05-21 16:10 - 00000000 ____D () C:\Users\SA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wunderlist
2015-05-21 16:06 - 2015-05-21 16:06 - 00000000 ____D () C:\Users\SA\AppData\Local\Wunderlist-Bridge
2015-05-21 16:02 - 2015-05-21 16:02 - 02209792 _____ () C:\Users\SA\Downloads\adwcleaner_4.205 (1).exe
2015-05-21 16:00 - 2015-05-22 15:38 - 00000000 ____D () C:\Users\SA\AppData\Roaming\NetSpeedMonitor
2015-05-21 15:59 - 2015-05-21 15:59 - 02209792 _____ () C:\Users\SA\Downloads\adwcleaner_4.205.exe
2015-05-21 15:53 - 2015-05-21 15:53 - 03652608 _____ () C:\Users\SA\Downloads\netspeedmonitor_2_5_4_0_x64_setup.msi
2015-05-21 14:39 - 2015-05-21 16:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-05-20 10:09 - 2015-05-20 10:09 - 00013993 ____H () C:\Users\SA\Desktop\~WRL0198.tmp
2015-05-19 10:37 - 2015-05-19 10:37 - 00000000 ____D () C:\Program Files\Intugame
2015-05-19 02:37 - 2015-05-19 02:37 - 00004169 _____ () C:\Users\SA\Downloads\listaGreece.m3u
2015-05-19 02:36 - 2015-05-19 02:36 - 00000056 _____ () C:\Users\SA\Downloads\greecelist.txt
2015-05-19 01:27 - 2015-05-19 01:29 - 00000000 ____D () C:\Users\SA\adbfw125
2015-05-19 01:26 - 2015-05-19 01:27 - 54338034 _____ () C:\Users\SA\Downloads\adbfw125.zip
2015-05-19 01:19 - 2015-05-19 01:20 - 62638253 _____ () C:\Users\SA\Downloads\kodi-14.2-Helix-armeabi-v7a.apk
2015-05-18 14:17 - 2015-05-18 14:17 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1304990952-4288149683-1654658012-1000Core1d09164ac01cc15.job
2015-05-16 14:37 - 2015-05-12 20:26 - 00000000 ____D () C:\Users\SA\Desktop\Die Zeit 2015 20
2015-05-15 21:24 - 2015-05-15 21:24 - 00000000 ____D () C:\Users\SA\Desktop\Anträge Examen
2015-05-15 15:54 - 2015-05-15 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safe In Cloud
2015-05-15 15:54 - 2015-05-15 15:54 - 00000000 ____D () C:\Program Files (x86)\Safe In Cloud
2015-05-15 01:38 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 01:38 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 00:40 - 2015-05-15 14:40 - 00000000 ____D () C:\Program Files (x86)\Kingo ROOT
2015-05-14 00:40 - 2015-05-14 00:40 - 00000000 ____D () C:\Users\SA\AppData\Local\Kingosoft
2015-05-13 12:41 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 12:41 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 12:41 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 12:41 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 12:41 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 12:41 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 12:41 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 12:41 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 12:41 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 12:41 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 12:41 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 12:41 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 12:41 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 12:41 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 12:41 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 12:41 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 12:41 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 12:41 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 12:41 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 12:41 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 12:41 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 12:41 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 12:41 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 12:41 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 12:41 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 12:41 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 12:41 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 12:41 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 12:41 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 12:41 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 12:41 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 12:41 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 12:41 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 12:41 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 12:41 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 12:41 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 12:41 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 12:41 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 12:41 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 12:41 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 12:41 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 12:41 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 12:41 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 12:41 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 12:41 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 12:41 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 12:41 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 12:41 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 12:41 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 12:41 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 12:41 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 12:41 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 12:41 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 12:41 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 12:41 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 12:41 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 12:41 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 12:41 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 12:41 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 12:41 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 12:41 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 12:41 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 12:41 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 12:41 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 12:40 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 12:40 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 12:40 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 12:40 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 12:40 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 12:40 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 12:40 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 12:40 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 12:40 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 12:40 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 12:40 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 12:40 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 12:40 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 12:40 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 12:40 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 12:40 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 12:40 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 12:40 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 12:40 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 12:40 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 12:40 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 12:40 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 12:40 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 12:40 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 12:40 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 12:40 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 12:40 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 12:40 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 12:40 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 12:40 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 12:40 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 12:40 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 12:40 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 12:40 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 12:40 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 12:40 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 12:40 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 12:40 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 12:40 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 12:40 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 12:40 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 12:40 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 12:40 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 12:40 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 12:40 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 12:40 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 12:40 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 12:40 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 12:40 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 12:40 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 12:39 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 12:39 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 12:39 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 12:39 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 12:39 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 12:39 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 12:39 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 12:39 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 12:39 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 12:39 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 12:39 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 12:39 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 12:39 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 12:39 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 12:39 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 12:39 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 12:39 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-11 20:01 - 2015-05-11 20:01 - 08180736 _____ () C:\Users\SA\Downloads\chromeremotedesktophost.msi
2015-05-04 18:08 - 2015-05-04 18:34 - 00000000 ____D () C:\Users\SA\AppData\Roaming\Mp3tag
2015-05-04 18:08 - 2015-05-04 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2015-05-04 18:08 - 2015-05-04 18:08 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2015-05-04 10:03 - 2015-05-04 10:06 - 00000000 ____D () C:\Users\SA\Desktop\Medien Examen
2015-05-03 21:28 - 2015-05-03 21:28 - 00003538 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - 2a5e9c29682a43af85b6fe518840a18b504807a879b6454aa1dd64f0dcf2f296
2015-05-03 20:09 - 2015-05-03 20:09 - 00000000 ____D () C:\Program Files\DivX
2015-05-01 11:43 - 2015-05-05 22:13 - 00000000 ____D () C:\Users\SA\Desktop\Mp3 Songs einzelne Sänger
2015-04-30 16:19 - 2015-04-30 16:22 - 170428968 _____ () C:\Users\SA\Downloads\OJ4630_198.exe
2015-04-30 16:08 - 2015-04-30 16:08 - 00000000 ____D () C:\ProgramData\Visan
2015-04-30 16:08 - 2015-04-30 16:08 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2015-04-30 16:08 - 2015-04-30 16:08 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2015-04-30 16:08 - 2015-04-30 16:08 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-04-30 16:07 - 2015-05-14 17:22 - 00000000 ____D () C:\Users\SA\AppData\Roaming\HpUpdate
2015-04-30 16:07 - 2015-05-03 17:21 - 00000000 ____D () C:\Program Files (x86)\HP
2015-04-30 16:07 - 2015-04-30 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-04-30 16:07 - 2015-04-30 16:07 - 00000000 ____D () C:\Program Files\HP
2015-04-30 16:07 - 2014-07-21 16:31 - 00763912 ____N (Hewlett-Packard Development Company, LP) C:\Windows\system32\HPDiscoPMC611.dll
2015-04-30 16:06 - 2015-04-30 16:06 - 00000057 _____ () C:\ProgramData\Ament.ini
2015-04-30 16:05 - 2015-04-30 17:08 - 00000000 ____D () C:\Users\SA\AppData\Local\HP
2015-04-30 15:34 - 2015-04-30 16:07 - 00000000 ____D () C:\ProgramData\HP
2015-04-25 23:29 - 2015-04-25 23:29 - 06786320 _____ (SD Association ) C:\Users\SA\Downloads\setup.exe
2015-04-25 17:22 - 2015-04-25 17:22 - 00000000 ____D () C:\Users\SA\AppData\Local\CrystalDiskMark

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 21:04 - 2014-01-12 16:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-25 19:59 - 2014-08-15 20:33 - 01722366 _____ () C:\Windows\WindowsUpdate.log
2015-05-25 19:57 - 2014-02-13 19:44 - 00000000 ____D () C:\Users\SA\AppData\Local\Google
2015-05-25 19:57 - 2014-02-13 19:44 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-25 19:45 - 2014-01-12 06:02 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-05-24 19:46 - 2009-07-14 06:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-24 19:46 - 2009-07-14 06:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-24 19:42 - 2011-04-12 09:43 - 00702852 _____ () C:\Windows\system32\perfh007.dat
2015-05-24 19:42 - 2011-04-12 09:43 - 00150460 _____ () C:\Windows\system32\perfc007.dat
2015-05-24 19:42 - 2009-07-14 07:13 - 01627948 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-24 19:39 - 2015-03-04 18:58 - 00000000 ___RD () C:\Users\SA\OneDrive
2015-05-24 19:36 - 2014-01-12 06:58 - 00000000 ___RD () C:\Users\SA\Dropbox
2015-05-24 19:35 - 2014-01-13 16:23 - 00000000 ____D () C:\AdwCleaner
2015-05-24 19:35 - 2014-01-12 06:57 - 00000000 ____D () C:\Users\SA\AppData\Roaming\Dropbox
2015-05-24 19:35 - 2014-01-12 06:02 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-05-24 19:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-24 19:28 - 2014-12-11 15:13 - 00034304 ___SH () C:\Users\SA\Thumbs.db
2015-05-24 12:25 - 2014-01-24 16:00 - 00000000 ____D () C:\Users\SA\AppData\Roaming\vlc
2015-05-24 11:02 - 2014-01-14 19:58 - 00000000 ____D () C:\Users\SA\dwhelper
2015-05-23 18:36 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-23 18:34 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-22 16:30 - 2014-04-30 23:57 - 03541504 ___SH () C:\Users\SA\Desktop\Thumbs.db
2015-05-22 15:39 - 2014-01-31 12:31 - 00000000 ____D () C:\Windows\Minidump
2015-05-22 15:39 - 2014-01-12 05:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-22 14:01 - 2014-01-12 05:36 - 00000000 ____D () C:\Users\SA
2015-05-22 13:24 - 2014-01-12 05:36 - 00000000 ____D () C:\Users\SA\AppData\Local\VirtualStore
2015-05-22 10:35 - 2015-04-04 17:06 - 00002168 _____ () C:\Users\SA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-05-21 21:08 - 2015-01-17 12:50 - 00000000 ____D () C:\Users\SA\AppData\Local\SafeInCloud
2015-05-21 17:12 - 2014-11-21 14:27 - 00000000 ____D () C:\Users\SA\AppData\Local\Wunderlist
2015-05-21 03:00 - 2015-04-05 21:47 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-21 03:00 - 2015-04-05 21:47 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-20 22:39 - 2014-08-31 00:01 - 00000000 ____D () C:\Users\SA\Documents\Calibre-Bibliothek
2015-05-19 01:22 - 2014-11-04 15:57 - 00000000 ____D () C:\Users\SA\AppData\Local\Amazon_FireTV_Utility_App
2015-05-18 23:10 - 2014-10-23 10:30 - 00000000 ____D () C:\Users\SA\AppData\Local\Adobe
2015-05-18 23:09 - 2014-01-12 16:34 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-18 23:09 - 2014-01-12 16:34 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-18 23:09 - 2014-01-12 16:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-18 14:17 - 2015-02-04 18:57 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1304990952-4288149683-1654658012-1000Core1d0409bb9bb568a.job
2015-05-15 16:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-15 15:53 - 2014-05-14 21:23 - 00000000 ____D () C:\Users\SA\AppData\Local\Downloaded Installations
2015-05-15 15:13 - 2014-01-12 16:25 - 00000000 ____D () C:\Users\SA\AppData\Roaming\Nitro PDF
2015-05-15 11:03 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-15 11:03 - 2009-07-14 06:45 - 00569072 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-15 11:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-15 01:50 - 2014-01-12 06:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-15 01:49 - 2014-01-12 17:06 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-15 01:49 - 2014-01-12 17:06 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-15 01:48 - 2014-01-12 17:06 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-15 01:48 - 2014-01-12 17:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-15 01:47 - 2014-01-14 04:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-15 01:42 - 2014-01-14 04:12 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-15 01:38 - 2014-01-31 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-15 01:37 - 2014-01-31 23:22 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-15 01:37 - 2014-01-31 23:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 00:41 - 2014-01-17 20:01 - 00000000 ____D () C:\Users\SA\.android
2015-05-12 21:26 - 2014-12-22 22:51 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-12 17:57 - 2014-01-12 06:58 - 00000000 ____D () C:\Users\SA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-04 10:03 - 2015-03-03 14:33 - 00000000 ____D () C:\Users\SA\Desktop\ESL mündlich Examen Diezemann
2015-05-03 20:10 - 2014-10-31 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-05-03 20:10 - 2014-10-31 17:00 - 00000000 ____D () C:\ProgramData\DivX
2015-05-03 20:10 - 2014-10-31 17:00 - 00000000 ____D () C:\Program Files (x86)\DivX
2015-05-03 17:20 - 2014-03-16 02:41 - 00000000 ____D () C:\Users\SA\AppData\Roaming\Notepad++
2015-05-03 17:20 - 2014-03-16 02:41 - 00000000 ____D () C:\Program Files (x86)\Notepad++

==================== Files in the root of some directories =======

2014-07-25 21:40 - 2014-07-25 21:40 - 0000275 _____ () C:\Users\SA\AppData\Local\HamsterAudioConverterSettings.cfg
2014-08-05 14:04 - 2014-08-05 14:04 - 0003814 _____ () C:\Users\SA\AppData\Local\recently-used.xbel
2014-01-12 06:15 - 2014-01-12 06:15 - 0002193 _____ () C:\Users\SA\AppData\Local\WiDiSetupLog.20140112.051533.txt
2015-04-30 16:06 - 2015-04-30 16:06 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\SA\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcnittf.dll
C:\Users\SA\AppData\Local\Temp\Quarantine.exe
C:\Users\SA\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 14:26

==================== End of log ============================

Anscheinend lande ich nicht mehr bei den .com Seiten nicht mehr in den Nutzungsbedingungen, YouTube scheint auch normal zu funktionieren, ohne eine Meldung.

Merci beaucoup

schrauber · 26.05.2015, 17:47

Java updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Users\SA\adbfw125\tr.apk

C:\Users\SA\Downloads\adbfw125.zip

C:\Users\SA\Fire TV App Sideload\apps\tr.apk
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

senderos · 29.05.2015, 09:38

So, war die letzten 2 Tage im heftigen Lernstress, nun geht's weiter

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by SA at 2015-05-29 10:35:01 Run:1
Running from C:\Users\SA\Downloads
Loaded Profiles: SA (Available Profiles: SA)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Users\SA\adbfw125\tr.apk

C:\Users\SA\Downloads\adbfw125.zip

C:\Users\SA\Fire TV App Sideload\apps\tr.apk
Emptytemp:
         
*****************

C:\Users\SA\adbfw125\tr.apk => Moved successfully.
C:\Users\SA\Downloads\adbfw125.zip => Moved successfully.
C:\Users\SA\Fire TV App Sideload\apps\tr.apk => Moved successfully.
EmptyTemp: => Removed 172.3 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 10:35:05 ====

schrauber · 30.05.2015, 08:32

fertig

30.05.2015, 08:32	#14
schrauber /// the machine /// TB-Ausbilder	Chrome Probleme - lande immer in den Nutzungsbedingungen von .com Seiten fertig __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Chrome Probleme - lande immer in den Nutzungsbedingungen von .com Seiten

Plagegeister aller Art und deren Bekämpfung: Chrome Probleme - lande immer in den Nutzungsbedingungen von .com Seiten