Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Compatiybilitycheck.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.05.2015, 12:24   #1
SepZis
 
Compatiybilitycheck.exe - Standard

Compatiybilitycheck.exe



Hallo liebes Trojanerboard- Team,

ich hoffe Ihr könnt mir helfen. Ich habe seit geraumer Zeit Probleme mit der Datei Compatibilitycheck.exe. Sie taucht mehrfach im Task Manager auf und verschlingt meinen Arbeitsspeicher. Zudem scheint mein Internet grob verlangsamt und ich kann keine anderen Programme ausführen, weil neben dem Geschwindigkeitsproblem alles Geöffnete ständig minimiert wird. Ich habe den Thread hier im Forum gefunden und bereits alle Schritte (bis auf das posten der Log Dateien) durchgeführt aber ohne Ergebnis.
Vielleichzt schaffen wir das ja zusammen, ich stehe echt auf dem Schlauch und das obwohl ich nicht wenig Ahnung von der Materie habe.

LG und Danke schonmal
Sep

Alt 28.05.2015, 12:36   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Compatiybilitycheck.exe - Standard

Compatiybilitycheck.exe



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 28.05.2015, 12:52   #3
SepZis
 
Compatiybilitycheck.exe - Standard

Compatiybilitycheck.exe



Wow, das ging fix
So hier die FRST.txt

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Nutzer (administrator) on LUCYNDE on 28-05-2015 13:43:59
Running from C:\Users\Nutzer\Desktop
Loaded Profiles: Nutzer (Available Profiles: Nutzer & Helena)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Hi-Rez Studios) D:\GameDIR\SMITE\HiPatchService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
(Opera Software) C:\Program Files (x86)\Opera\launcher.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Program Files (x86)\Opera\29.0.1795.60\opera_autoupdate.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1593640 2015-05-07] (Sophos Limited)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$0960991a520af2ec4086eba6cdaf280d\n. ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\system: [EnableLUA] 1
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [1 compatibilitycheck.exe] 
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [2 db88.exe] 
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [3 UCV.exe] 
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [4 UCV.tmp] 
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [5 vcredist_x86.exe] 
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\MountPoints2: {0e33761e-a32b-11e1-aac6-0017ad12cbe8} - H:\Startme.exe
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\MountPoints2: {62e96948-c0f8-11e0-84bc-002522a104df} - I:\ZTE_Handset_USB_Driver.exe
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\MountPoints2: {99ae0261-c59c-11e0-8ef6-0016383a2a6e} - F:\SETUP.EXE
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\MountPoints2: {bdf4d765-a930-11e2-9b99-0017ad12cbe8} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Winlogon: [Shell] explorer.exe, "C:\Users\Nutzer\AppData\Roaming\Microsoft\Windows\msshell.exe" <==== ATTENTION 
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217672 2015-05-07] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2015-05-07] (Sophos Limited)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 22 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 22 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2014-02-06] (Nexon)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2014-02-06] (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-03-26] (Pando Networks)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2012-02-03] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2011-07-14] (the VideoLAN Team)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3323010747-2788445057-3376602549-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-03-26] (Pando Networks)
FF Plugin HKU\S-1-5-21-3323010747-2788445057-3376602549-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-09-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-09-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-09-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-09-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-09-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-09-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-09-17] (Apple Inc.)
FF Extension: Ghostery - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\firefox@ghostery.com.xpi [2015-01-23]
FF Extension: Video DownloadHelper - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: {c2255ecc-6835-4084-8f2b-08ccd0ac4e73} - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\{c2255ecc-6835-4084-8f2b-08ccd0ac4e73}.xpi [2015-03-10]
FF Extension: skype converter - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\{cc6cc534-0a92-464a-91be-f27f39fe75fa}.xpi [2015-04-29]
FF Extension: Adblock Plus - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-17]
FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-05-26]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-24]
CHR Extension: (YouTube) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-05]
CHR Extension: (Google Search) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-05]
CHR Extension: (Google Wallet) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-08]
CHR Extension: (Gmail) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-05]
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Nutzer\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2015-03-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [237864 2015-03-20] (EasyAntiCheat Ltd)
R2 FoxitCloudUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [243880 2015-02-13] (Foxit Software Inc.)
R2 HiPatchService; D:\GameDIR\SMITE\HiPatchService.exe [9216 2015-02-24] (Hi-Rez Studios) [File not signed]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2010-11-08] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-12-29] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2015-05-07] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2015-05-07] (Sophos Limited)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [340776 2015-05-07] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2015-05-07] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3278632 2015-05-07] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2081064 2015-05-07] (Sophos Limited)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2015-01-17] (Tunngle.net GmbH)
R2 Verifies software is compatible; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [99496 2015-04-20] () [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-12] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-31] (Disc Soft Ltd)
R3 SaiK0CD5; C:\Windows\System32\DRIVERS\SaiK0CD5.sys [183104 2011-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [24680 2012-06-26] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52200 2012-06-26] (Saitek)
R3 SaiU0CD5; C:\Windows\System32\DRIVERS\SaiU0CD5.sys [47168 2011-09-20] (Saitek)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2015-05-07] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2015-05-07] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2015-05-07] (Sophos Limited)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-08-10] (Duplex Secure Ltd.)
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] () [File not signed]
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Apple, Inc.) [File not signed]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 usj; \??\D:\GameDIR\EdenEternal\avital\ussjcs64.sys [X]
U2 wscsvc; No ImagePath
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 13:43 - 2015-05-28 13:47 - 00023839 _____ () C:\Users\Nutzer\Desktop\FRST.txt
2015-05-28 13:43 - 2015-05-28 13:44 - 00000000 ____D () C:\FRST
2015-05-28 13:35 - 2015-05-28 13:35 - 00000654 _____ () C:\Users\Nutzer\Desktop\defogger_disable.log
2015-05-28 13:35 - 2015-05-28 13:35 - 00000188 _____ () C:\Users\Nutzer\defogger_reenable
2015-05-28 13:33 - 2015-05-28 13:33 - 00050477 _____ () C:\Users\Nutzer\Desktop\Defogger.exe
2015-05-28 13:31 - 2015-05-28 13:31 - 02108928 _____ (Farbar) C:\Users\Nutzer\Desktop\FRST64.exe
2015-05-27 20:13 - 2015-05-27 20:13 - 00002104 _____ () C:\Windows\DPINST.LOG
2015-05-27 17:11 - 2015-05-27 17:11 - 00001947 _____ () C:\Users\Nutzer\Desktop\JRT.txt
2015-05-27 17:08 - 2015-05-27 17:08 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LUCYNDE-Windows-7-Home-Premium-(64-bit).dat
2015-05-27 17:08 - 2015-05-27 17:08 - 00000000 ____D () C:\RegBackup
2015-05-27 17:05 - 2015-05-27 17:05 - 02946603 _____ (Thisisu) C:\Users\Nutzer\Downloads\JRT.exe
2015-05-27 17:05 - 2015-03-02 14:21 - 00000000 ____D () C:\Users\Nutzer\Desktop\VA-Future_Trance_Vol.71-3CD-2015-VOiCE
2015-05-27 16:55 - 2015-05-27 16:57 - 00000000 ____D () C:\Users\Nutzer\Desktop\Games
2015-05-27 16:45 - 2015-05-28 13:37 - 00001016 _____ () C:\Windows\PFRO.log
2015-05-27 16:28 - 2015-05-27 16:29 - 02223104 _____ () C:\Users\Nutzer\Downloads\adwcleaner_4.205.exe
2015-05-26 14:13 - 2015-05-26 14:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-24 13:12 - 2015-05-27 16:44 - 00000000 ____D () C:\AdwCleaner
2015-05-18 07:55 - 2015-05-18 07:55 - 00000000 ____D () C:\Windows\SysWOW64\%LOCALAPPDATA%
2015-05-17 12:01 - 2015-05-28 13:37 - 00001680 _____ () C:\Windows\setupact.log
2015-05-17 12:01 - 2015-05-17 12:01 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-16 13:32 - 2015-05-28 13:48 - 00000112 _____ () C:\ProgramData\QUX80go.dat
2015-05-16 13:30 - 2015-05-16 13:30 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-05-16 13:30 - 2015-05-16 13:30 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-05-16 13:27 - 2015-05-28 13:42 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2015-05-16 13:27 - 2015-05-28 13:42 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2015-05-16 13:11 - 2015-05-16 13:11 - 00000000 ____D () C:\DAEMON Tools Lite
2015-05-13 16:46 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 16:46 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 12:24 - 2015-05-05 05:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 12:24 - 2015-05-05 05:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 12:24 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 12:24 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 12:24 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 12:24 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 12:24 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 12:24 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 12:24 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 12:24 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 12:24 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 12:24 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 12:24 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 12:24 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 12:24 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 12:24 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 12:24 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 12:24 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 12:24 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 12:24 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 12:24 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 12:24 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 12:24 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 12:24 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 12:24 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 12:24 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 12:24 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 12:24 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 12:24 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 12:24 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 12:24 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 12:24 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 12:24 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 12:24 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 12:24 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 12:24 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 12:24 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 12:24 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 12:24 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 12:24 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 12:24 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 12:24 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 12:24 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 12:24 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 12:24 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 12:24 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 12:24 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 12:24 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 12:24 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 12:24 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 12:24 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 12:24 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 12:24 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 12:24 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 12:24 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 12:24 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 12:24 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 12:24 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 12:24 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 12:24 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 12:24 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 12:24 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 12:23 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 12:23 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 12:23 - 2015-04-27 21:22 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 12:23 - 2015-04-27 21:22 - 00706496 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-05-13 12:23 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 12:23 - 2015-04-27 21:22 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 12:23 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 12:23 - 2015-04-27 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 12:23 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 12:23 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 12:23 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 12:23 - 2015-04-27 21:20 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 12:23 - 2015-04-27 21:20 - 00631384 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-05-13 12:23 - 2015-04-27 21:18 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 12:23 - 2015-04-27 21:18 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 12:23 - 2015-04-27 21:18 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 12:23 - 2015-04-27 21:17 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 12:23 - 2015-04-27 21:17 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 12:23 - 2015-04-27 21:16 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 12:23 - 2015-04-27 21:16 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-05-13 12:23 - 2015-04-27 21:16 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 12:23 - 2015-04-27 21:16 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 12:23 - 2015-04-27 21:16 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-05-13 12:23 - 2015-04-27 21:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 12:23 - 2015-04-27 21:12 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 12:23 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 12:23 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 12:23 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 12:23 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 12:23 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 12:23 - 2015-04-27 21:01 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 12:23 - 2015-04-27 21:01 - 03939264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 12:23 - 2015-04-27 20:58 - 01311256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00260096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 12:23 - 2015-04-27 20:55 - 00643072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 12:23 - 2015-04-27 20:55 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 12:23 - 2015-04-27 20:55 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 12:23 - 2015-04-27 20:55 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-05-13 12:23 - 2015-04-27 20:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 12:23 - 2015-04-27 20:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 12:23 - 2015-04-27 20:55 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 12:23 - 2015-04-27 20:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 12:23 - 2015-04-27 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 12:23 - 2015-04-27 20:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 12:23 - 2015-04-27 20:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 12:23 - 2015-04-27 20:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 12:23 - 2015-04-27 20:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:14 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-05-13 12:23 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 12:23 - 2015-04-27 19:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 12:23 - 2015-04-27 19:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 12:23 - 2015-04-27 19:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 19:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 19:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 19:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 12:23 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 12:23 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 12:23 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 12:23 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 12:23 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 12:23 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 12:23 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 12:23 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 12:23 - 2015-03-19 01:39 - 00632984 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-05-13 12:23 - 2015-03-19 01:39 - 00546656 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-05-13 12:23 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 12:23 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 12:22 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 12:22 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 12:22 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 12:22 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 12:22 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 12:22 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 12:22 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 12:22 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 12:22 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-07 16:04 - 2015-05-07 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-05-07 16:03 - 2015-05-07 16:00 - 00035624 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe
2015-05-07 16:01 - 2015-05-07 16:01 - 00038144 _____ (Sophos Limited) C:\Windows\system32\Drivers\sdcfilter.sys
2015-05-07 16:01 - 2015-05-07 16:01 - 00027904 _____ (Sophos Limited) C:\Windows\system32\Drivers\SophosBootDriver.sys
2015-05-07 16:00 - 2015-05-07 16:00 - 00176120 _____ (Sophos Limited) C:\Windows\system32\sdccoinstaller.dll
2015-05-07 16:00 - 2015-05-07 16:00 - 00158976 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 13:45 - 2009-07-14 06:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-28 13:45 - 2009-07-14 06:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-28 13:41 - 2011-08-04 07:34 - 01528498 _____ () C:\Windows\WindowsUpdate.log
2015-05-28 13:40 - 2014-07-02 20:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-28 13:37 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-28 13:35 - 2011-08-04 07:44 - 00000000 ____D () C:\Users\Nutzer
2015-05-28 13:31 - 2012-03-30 10:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-28 13:30 - 2014-07-02 20:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-27 20:14 - 2012-06-29 00:35 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-27 20:12 - 2014-12-17 19:34 - 00000000 ____D () C:\Users\Nutzer\Desktop\Coarce
2015-05-27 16:45 - 2012-05-26 23:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-27 16:30 - 2011-08-17 11:26 - 00000000 ____D () C:\Users\Nutzer\dwhelper
2015-05-27 14:50 - 2015-04-24 11:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-05-27 14:42 - 2011-08-09 23:39 - 00000000 ____D () C:\Users\Nutzer\AppData\Local\CrashDumps
2015-05-26 12:45 - 2013-04-15 15:00 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-24 13:14 - 2012-05-26 23:29 - 00001072 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-24 13:14 - 2011-08-04 07:45 - 00001004 _____ () C:\Users\Nutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-20 15:31 - 2015-04-07 19:49 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 15:31 - 2015-04-07 19:49 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-20 12:27 - 2014-06-09 14:14 - 00003850 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1379773154
2015-05-20 12:27 - 2013-09-21 16:19 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-05-18 07:25 - 2014-07-02 20:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 07:25 - 2014-07-02 20:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 11:50 - 2014-11-21 17:45 - 00000000 ____D () C:\Users\Nutzer\AppData\Roaming\BitTorrent
2015-05-17 11:46 - 2014-08-17 23:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-05-17 10:50 - 2010-11-21 08:50 - 00710518 _____ () C:\Windows\system32\perfh007.dat
2015-05-17 10:50 - 2010-11-21 08:50 - 00154848 _____ () C:\Windows\system32\perfc007.dat
2015-05-17 10:50 - 2009-07-14 07:13 - 01651822 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-16 13:28 - 2013-12-16 00:13 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-14 20:43 - 2011-08-12 20:57 - 00000000 ____D () C:\Users\Nutzer\Documents\My Games
2015-05-14 19:55 - 2014-08-11 17:37 - 00000000 ____D () C:\Users\Nutzer\AppData\Local\Battle.net
2015-05-14 18:51 - 2013-01-17 15:56 - 00412528 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 18:47 - 2010-11-21 09:00 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 18:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 17:04 - 2011-09-04 15:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 17:00 - 2013-07-16 17:37 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 16:52 - 2011-08-06 13:21 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 16:46 - 2013-12-14 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 16:45 - 2013-12-14 16:50 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 16:45 - 2013-12-14 16:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-12 14:24 - 2014-08-11 17:37 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-05-11 14:39 - 2015-03-29 15:34 - 00000000 ____D () C:\Users\Nutzer\AppData\Local\Songr
2015-05-08 12:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-07 16:05 - 2012-10-04 13:11 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-05-07 16:04 - 2012-10-04 13:11 - 00000000 ____D () C:\ProgramData\Sophos
2015-04-29 17:56 - 2014-11-23 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy VII
2015-04-29 17:56 - 2012-05-14 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2015-04-29 11:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat

==================== Files in the root of some directories =======

2012-02-08 00:28 - 2012-02-29 00:33 - 0000065 _____ () C:\Users\Nutzer\AppData\Roaming\AcroIEHelpe.txt
2012-02-08 00:27 - 2012-02-29 00:33 - 0000080 _____ () C:\Users\Nutzer\AppData\Roaming\blckdom.res
2011-10-11 16:35 - 2011-10-11 16:35 - 0000000 _____ () C:\Users\Nutzer\AppData\Roaming\chrtmp
2013-12-09 18:45 - 2013-12-16 00:15 - 0016384 _____ (Sikandar's Lab) C:\Users\Nutzer\AppData\Roaming\ctfmon.exe
2011-08-07 15:09 - 2015-02-14 04:30 - 0015360 _____ () C:\Users\Nutzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-14 18:03 - 2012-11-14 18:03 - 0000094 _____ () C:\Users\Nutzer\AppData\Local\fusioncache.dat
2011-08-07 15:30 - 2011-08-07 15:30 - 0000017 _____ () C:\Users\Nutzer\AppData\Local\resmon.resmoncfg
2013-09-20 12:03 - 2013-09-20 12:03 - 0005082 _____ () C:\ProgramData\iqrjmdeq.fak
2015-05-16 13:32 - 2015-05-28 13:49 - 0000112 _____ () C:\ProgramData\QUX80go.dat

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$0960991a520af2ec4086eba6cdaf280d

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3323010747-2788445057-3376602549-1000\$0960991a520af2ec4086eba6cdaf280d

Files to move or delete:
====================
C:\ProgramData\QUX80go.dat
C:\Users\Nutzer\ecm.exe
C:\Users\Nutzer\F.bat
C:\Users\Nutzer\unecm.exe


Some files in TEMP:
====================
C:\Users\Helena\AppData\Local\Temp\AskSLib.dll
C:\Users\Helena\AppData\Local\Temp\Foxit Reader Updater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-08 12:19

==================== End of log ============================
         
Und die Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by Nutzer at 2015-05-28 13:50:12
Running from C:\Users\Nutzer\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3323010747-2788445057-3376602549-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3323010747-2788445057-3376602549-1020 - Limited - Enabled)
Gast (S-1-5-21-3323010747-2788445057-3376602549-501 - Limited - Enabled)
Helena (S-1-5-21-3323010747-2788445057-3376602549-1004 - Limited - Enabled) => C:\Users\Helena
HomeGroupUser$ (S-1-5-21-3323010747-2788445057-3376602549-1003 - Limited - Enabled)
Nutzer (S-1-5-21-3323010747-2788445057-3376602549-1000 - Administrator - Enabled) => C:\Users\Nutzer
SophosSAULUCYNDE0 (S-1-5-21-3323010747-2788445057-3376602549-1017 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Der Herr der Ringe Online™“ v03.08.00.8025 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 03.08.00.8025 - Turbine, Inc.)
µTorrent (HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Akamai NetSession Interface (HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
ANSTOSS 3 (HKLM-x32\...\ANSTOSS 3_is1) (Version:  - )
Apple Application Support (HKLM-x32\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.00 - Ubisoft)
Assassin's Creed (R) III (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.01 - Ubisoft)
Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.03 - Ubisoft)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Assassin's Creed Revelations 1.03 (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.03 - Ubisoft)
Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Auslogics BoostSpeed (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 5.2 - Auslogics Software Pty Ltd)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 1942 (HKLM-x32\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version:  - )
BitTorrent (HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\BitTorrent) (Version: 7.9.3.40299 - BitTorrent Inc.)
Borderlands 2 (HKLM-x32\...\Borderlands 2_is1) (Version: 1.8.0 - 2K Games)
Brother MFL-Pro Suite DCP-7065DN (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
CDRWIN 9 (HKLM-x32\...\{23D4A973-14FF-474E-0001-6529DDC11226}) (Version: 9.0.11.304 - Engelmann Media GmbH)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dawn of War - Soulstorm (HKLM-x32\...\{20533183-D42D-4261-A125-956736FBEA8C}) (Version: 1.00.0000 - THQ)
Dawn of War - Soulstorm (x32 Version: 1.00.0000 - THQ) Hidden
DawnOfWar (HKLM-x32\...\InstallShield_{362D5167-9716-44BE-89FD-BF9EB6EF814B}) (Version: 1.00.00000 - THQ)
DawnOfWar (x32 Version: 1.00.00000 - THQ) Hidden
Diablo II (HKLM-x32\...\Diablo II) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DiRT 3 (x32 Version: 1.0.0001.130 - Codemasters) Hidden
DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
Dragon's Prophet (EU) (HKLM-x32\...\Steam App 259020) (Version:  - )
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
F.E.A.R. Online (HKLM-x32\...\Steam App 223650) (Version:  - InPlay Interactive)
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
FIFA 13 (HKLM-x32\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.1.0.0 - Electronic Arts)
Final Fantasy VII (HKLM-x32\...\Final Fantasy VII) (Version:  - )
FINAL FANTASY XIII (HKLM-x32\...\Steam App 292120) (Version:  - SQUARE ENIX)
FINAL FANTASY XIII-2 (HKLM-x32\...\Steam App 292140) (Version:  - SQUARE ENIX)
Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version:  - Fistful of Frags Team)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
Flixster (HKLM-x32\...\com.wb.DC2) (Version: 2.2.0 - Warner Bros. Entertainment, Inc.)
Flixster (x32 Version: 2.2.0 - Warner Bros. Entertainment, Inc.) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.8.49.213 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hero Editor V0.96 (HKLM-x32\...\ST6UNST #1) (Version:  - )
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hydra VSTi/DXi v1.2 (HKLM-x32\...\SynapseHydra_is1) (Version: 1.2 - Synapse Audio Software)
IBM SPSS Statistics 19 (HKLM\...\{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}) (Version: 19.0.0 - SPSS Inc., an IBM Company)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.260 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.0713 - Kyocera Mita Corporation)
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
LameXP v4.07 (HKLM-x32\...\{FBD7A67D-D700-4043-B54F-DD106D00F308}) (Version: 4.07 Final-1 [Build #1286] - LoRd_MuldeR <mulder2@gmx.de>)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Media Go (HKLM-x32\...\{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}) (Version: 2.1.392 - Sony)
Menu Templates - Starter Kit (x32 Version: 9.0.4.0 - Nero AG) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
mini-KMS Activator 1.0.5.2 (HKLM-x32\...\mini-KMS Activator 1.0.5.2) (Version:  - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 4.5.0.34 - Symantec Corporation)
NPC-Reconstruction Models Mod (HKLM-x32\...\{8F2FE985-BCA2-44B1-9D05-9853DF8DFE52}) (Version: 0.6 - United ODC Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA WDM Drivers (HKLM-x32\...\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}) (Version:  - )
Ohm Force - Ohmicide VST (HKLM-x32\...\Ohmicide VST) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenVPN 2.1.4 (HKLM-x32\...\OpenVPN) (Version: 2.1.4 - )
Opera Stable 29.0.1795.60 (HKLM-x32\...\Opera 29.0.1795.60) (Version: 29.0.1795.60 - Opera Software ASA)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PDF24 Creator 5.6.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Ragnarok Online 2 (HKLM-x32\...\{717BD14A-BE61-40A4-9865-17AACF611FE0}) (Version: 1.0.0 - Gravity Interactive, Inc.)
reFX Nexus 1.0.0 (HKLM-x32\...\{84D04D4F-2201-4AED-BE9A-FFA62069CA19}_is1) (Version: 1.0.0 - reFX)
reFX Nexus 1.0.9 (HKLM-x32\...\reFX Nexus 1.0.9_is1) (Version:  - )
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
ROCCAT Isku FX Keyboard Driver (HKLM-x32\...\{DC69933C-E7B0-455D-8E54-FAC1EEF046FF}) (Version:  - Roccat GmbH)
Roccat Talk (HKLM-x32\...\{605D671E-1D1E-4840-84D9-BFACE17F160D}) (Version: 1.00.0002 - Roccat GmbH)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.1.2598.3 - Hi-Rez Studios)
Smokin' Guns version 1.1 (HKLM-x32\...\{C0F2B168-5C5C-4B55-B76E-035813CC559E}_is1) (Version: 1.1 - Smokin' Guns Productions)
Songr (HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Songr) (Version: 2.0.2343 - Xamasoft)
Sonic Charge µTonic VSTi v2.0.1 (HKLM-x32\...\Sonic Charge µTonic VSTi v2.0.1) (Version:  - )
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.6.201305161305 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.155 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.155 - Sony)
SopCast 3.5.0 (HKLM-x32\...\SopCast) (Version: 3.5.0 - www.sopcast.com)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.13 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{7CD26A0C-9B59-4E84-B5EE-B386B2F7AA16}) (Version: 4.1.0.273 - Sophos Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.9.2 - TeamSpeak Systems GmbH)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore)
Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
Toxic Biohazard (HKLM-x32\...\Toxic Biohazard) (Version:  - Image-Line bvba)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Virtual DJ - Atomix Productions (HKLM-x32\...\Virtual DJ - Atomix Productions) (Version:  - )
Virtual DJ Pro Full - Atomix Productions (HKLM-x32\...\Virtual DJ Pro Full - Atomix Productions) (Version:  - )
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
VueScan (HKLM\...\VueScan) (Version:  - )
Waves Diamond Bundle v5.2 (HKLM-x32\...\Waves Diamond Bundle v5.2) (Version:  - )
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 3.0.2.1739 - 1&1 Mail & Media GmbH)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - Advanced Micro Devices, Inc System  (03/16/2011 5.12.0.0015) (HKLM\...\A3A37EC031F134EDD1E9DB40819B1EAD0DB7C844) (Version: 03/16/2011 5.12.0.0015 - Advanced Micro Devices, Inc)
Windows-Treiberpaket - Advanced Micro Devices, Inc. (amdkmdap) Display  (04/27/2013 13.100.0.0000) (HKLM\...\F8F0B13FDB7725B9538C9C18B3562F3F189A87D0) (Version: 04/27/2013 13.100.0.0000 - Advanced Micro Devices, Inc.)
Windows-Treiberpaket - VIA Technologies, Inc. (VIAHdAudAddService) MEDIA  (05/10/2013 6.0.10.1900) (HKLM\...\185DAE5F7B07C55192F4D2FBD9690DDE3C0A181E) (Version: 05/10/2013 6.0.10.1900 - VIA Technologies, Inc.)
Windows-Treiberpaket - VIA Technologies, Inc. (VIAHdAudAddService) MEDIA  (05/10/2013 6.0.10.1900) (HKLM\...\594FF2EA687138898144DD89BA5BAE020851C470) (Version: 05/10/2013 6.0.10.1900 - VIA Technologies, Inc.)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
You Don't Know Jack 4 1.00 (HKLM-x32\...\You Don't Know Jack 4) (Version: 1.00 - Take 2 Interactive)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{55839D91-467F-4be1-9DC1-8ADBBCC794F6}\InprocServer32 -> C:\Windows\SYSTEM32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{97D17A04-4438-4C8E-BAC7-BC21B8B9E999}\InprocServer32 -> C:\Windows\SYSTEM32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2013-12-11 20:06 - 00001038 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 serial.alcohol-soft.com
127.0.0.1 www.alcohol-soft.com
127.0.0.1 images.alcohol-soft.com
127.0.0.1 trial.alcohol-soft.com
127.0.0.1 alcohol-soft.com
127.0.0.1 www.driver-soft.com
127.0.0.1 www.driver-soft.com


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07E3524A-5796-47B3-AB1B-4DCCAF0B2559} - System32\Tasks\{040617CC-357D-430D-9D0F-AB21426C3A9F} => pcalua.exe -a C:\Users\Nutzer\Downloads\Saitek_Cyborg_Pad_For_XBox_SD6_64_Vista_Drivers(1).exe -d C:\Users\Nutzer\Downloads
Task: {15AD936A-63E0-4409-BEC3-ED0D6D7EC89D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {200925A9-0DBA-4434-B108-DA6A2AA155D5} - System32\Tasks\{8050F89F-78D9-4359-9D9B-77F9A4DD3FB2} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe" -c REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
Task: {24C54EDE-0AAF-4ABB-A73B-91209146E3BD} - System32\Tasks\{66BAA13C-637C-44ED-874C-9AF4449C00F4} => pcalua.exe -a F:\1Setup.exe -d F:\
Task: {3D51AE01-3307-400A-B1E3-A501F6242CBA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {4A8C1BC7-EA41-4DFB-8F47-9FB905C1135A} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5013B958-27EC-4E54-B017-A9B7F04D420C} - System32\Tasks\{C0D28A93-F1CC-4474-ADFC-2E63CC26360F} => pcalua.exe -a "D:\GameDIR\TQIT\TQIT 1.17 UNinstaller.exe" -d D:\GameDIR\TQIT
Task: {72A12628-67C1-4371-8A0D-50DB9F497D91} - System32\Tasks\{581AA96B-715F-404F-A45D-E4A880956113} => pcalua.exe -a C:\Users\Nutzer\Downloads\fantomcd1.2.1.1960_enu.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {7DC170EE-E1E6-4272-8369-C5453ECC373F} - System32\Tasks\{8E777ECF-C4DA-4745-B114-A627C4712E75} => pcalua.exe -a C:\Users\Nutzer\Downloads\ASIO4ALL_2_10_Deutsch(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {7DD84BA6-B9F7-4713-BCA2-AD98E0C79F88} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {9EF4C86C-C34E-4300-9491-96FAEAF67AF0} - System32\Tasks\{ADC77504-F806-46B5-B5B8-B179EC21A303} => pcalua.exe -a D:\GameDIR\Savage\Uninstall.exe -d D:\GameDIR\Savage
Task: {A1385A0D-D6D3-4F2C-8781-973A8D40C3A8} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {A4D23114-E8ED-4BE4-AF78-D9404AE64843} - System32\Tasks\Opera scheduled Autoupdate 1379773154 => C:\Program Files (x86)\Opera\launcher.exe [2015-05-18] (Opera Software)
Task: {B3A6090D-8AD8-477C-9C24-43B260AEAC89} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {BDC1894E-4373-4774-9DDD-3E0EABCE2EB8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {D0595654-1C6B-4701-9C58-D0835E3DB391} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {D1F693A8-FE88-47C0-8AB7-D72DAEC7914D} - System32\Tasks\{C0CD93BC-4BDB-48DF-BE69-C21BCFB68138} => pcalua.exe -a "D:\GameDIR\TQIT\TQIT 1.17a installer.exe" -d D:\GameDIR\TQIT
Task: {D346DA35-8D2B-477E-9BE7-164917D2ACCC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.)
Task: {E2E7F2C9-C573-4EB1-A7E7-6ADB5A3F0661} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.)
Task: {E7821201-C950-4B88-9F62-1EA08B6420D7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-12-09 18:34 - 2013-12-29 20:36 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-05-16 13:27 - 2015-04-20 20:52 - 00099496 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-08-06 16:57 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2015-05-16 13:27 - 2015-04-20 20:48 - 51332776 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
2015-05-20 12:27 - 2015-05-20 12:27 - 01958008 _____ () C:\Program Files (x86)\Opera\29.0.1795.60\opera_autoupdate.exe
2014-08-17 23:41 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-17 23:41 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-17 23:41 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-17 23:41 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-17 23:41 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-05-16 13:27 - 2015-04-20 20:48 - 01360552 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libglesv2.dll
2015-05-16 13:27 - 2015-04-20 20:48 - 00214184 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libegl.dll
2015-05-16 13:27 - 2015-04-20 20:48 - 00985768 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
AlternateDataStreams: C:\ProgramData\TEMP:B2AA1B61
AlternateDataStreams: C:\Users\Nutzer\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Nutzer\AppData\Roaming:NT

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Roccat Talk.lnk => C:\Windows\pss\Roccat Talk.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Nutzer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk => C:\Windows\pss\ctfmon.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Nutzer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^yr0.09649393655489957.exe.lnk => C:\Windows\pss\yr0.09649393655489957.exe.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Nutzer\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CloneCDTray => "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Facebook Update => "C:\Users\Nutzer\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Nutzer\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: ltfhqdrlteqqeiv => C:\ProgramData\ltfhqdrl.exe
MSCONFIG\startupreg: Makro => "C:\Users\Nutzer\AppData\Local\Temp\Rar$EX59.184\Makro.exe" /D:3000
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NokiaMServer => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: NokiaOviSuite2 => C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
MSCONFIG\startupreg: olipra => rundll32.exe "C:\Users\Nutzer\AppData\Roaming\olipra.dll",CreateContext
MSCONFIG\startupreg: ProfilerU => C:\Program Files\SmartTechnology\Software\ProfilerU.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RMActivate_ssp => C:\Users\Nutzer\AppData\Local\Microsoft\Windows\1997\RMActivate_ssp.exe
MSCONFIG\startupreg: RoccatIskuFX => "C:\Program Files (x86)\ROCCAT\Isku FX Keyboard\IskuFXMonitor.exe"
MSCONFIG\startupreg: S60 PC Suite Tray => "C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: SaiMfd => C:\Program Files\SmartTechnology\Software\SaiMfd.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "D:\ProgDir\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: vasja => C:\Users\Nutzer\AppData\Local\Temp\mor.exe
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
MSCONFIG\startupreg: {4D075306-E134-2F4F-D6C9-84A2DE9D71EA} => C:\Users\Nutzer\AppData\Roaming\Kuocti\ywywcy.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Microsoft-ISATAP-Adapter
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft-ISATAP-Adapter #2
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft-ISATAP-Adapter #3
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2015 01:38:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2015 11:44:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/27/2015 06:03:59 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80040154, Klasse nicht registriert
.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/27/2015 06:03:59 PM) (Source: VSS) (EventID: 22) (User: )
Description: Fehler im Volumenschattenkopie-Dienst: Eine vom Volumenschattenkopie-Dienst benötigte kritische Komponente ist nicht registriert.
Dies kann geschehen, wenn bei der Windows-Installation oder bei der Installation eines Schattenkopieanbieters ein Fehler aufgetreten ist.
Der von CoCreateInstance für die Klasse mit CLSID "{e579ab5f-1cc4-44b4-bed9-de0991ff0623}" und dem Namen "IVssCoordinatorEx2" zurückgegebene Fehler ist [0x80040154, Klasse nicht registriert
].


Vorgang:
   VSS-Server wird instanziiert

Error: (05/27/2015 04:51:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0006d2bc
ID des fehlerhaften Prozesses: 0xbec
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (05/27/2015 04:47:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/27/2015 02:42:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0006d2bc
ID des fehlerhaften Prozesses: 0x7c4
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (05/27/2015 02:37:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0006d2bc
ID des fehlerhaften Prozesses: 0x868
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (05/27/2015 02:32:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0006d2bc
ID des fehlerhaften Prozesses: 0x1098
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (05/27/2015 02:27:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0006d2bc
ID des fehlerhaften Prozesses: 0x1198
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3


System errors:
=============
Error: (05/28/2015 01:40:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2147024891

Error: (05/28/2015 01:40:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147024891

Error: (05/28/2015 01:39:33 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422

Error: (05/28/2015 01:39:33 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422

Error: (05/28/2015 01:39:33 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422

Error: (05/28/2015 01:39:33 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422

Error: (05/28/2015 01:37:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/28/2015 01:37:28 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (05/28/2015 01:37:28 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" ist von folgendem Dienst abhängig: wscsvc. Dieser Dienst ist eventuell nicht installiert.

Error: (05/28/2015 01:37:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: 
%%1060


Microsoft Office:
=========================
Error: (05/28/2015 01:38:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2015 11:44:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/27/2015 06:03:59 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80040154, Klasse nicht registriert


Vorgang:
   VSS-Server wird instanziiert

Error: (05/27/2015 06:03:59 PM) (Source: VSS) (EventID: 22) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80040154, Klasse nicht registriert


Vorgang:
   VSS-Server wird instanziiert

Error: (05/27/2015 04:51:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.055359d95compatibilitycheck.exe0.0.0.055359d95c00000050006d2bcbec01d0988c8695ee22C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.execc4742ae-047f-11e5-9249-0017ad12cbe8

Error: (05/27/2015 04:47:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/27/2015 02:42:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.055359d95compatibilitycheck.exe0.0.0.055359d95c00000050006d2bc7c401d0987aa1778af2C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exee65546ca-046d-11e5-8a41-0017ad12cbe8

Error: (05/27/2015 02:37:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.055359d95compatibilitycheck.exe0.0.0.055359d95c00000050006d2bc86801d09879ed52fb68C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe322eed7d-046d-11e5-8a41-0017ad12cbe8

Error: (05/27/2015 02:32:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.055359d95compatibilitycheck.exe0.0.0.055359d95c00000050006d2bc109801d09879392e1f93C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe7e0b68fa-046c-11e5-8a41-0017ad12cbe8

Error: (05/27/2015 02:27:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.055359d95compatibilitycheck.exe0.0.0.055359d95c00000050006d2bc119801d09878850b0d81C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exec9e6d970-046b-11e5-8a41-0017ad12cbe8


CodeIntegrity Errors:
===================================
  Date: 2013-11-27 17:18:33.909
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Nutzer\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-27 17:18:33.779
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Nutzer\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-27 17:18:31.394
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-27 17:18:31.259
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X6 1055T Processor
Percentage of memory in use: 51%
Total physical RAM: 4095.24 MB
Available physical RAM: 2006.12 MB
Total Pagefile: 8188.67 MB
Available Pagefile: 5288.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:97.56 GB) (Free:28.46 GB) NTFS
Drive d: (Daten) (Fixed) (Total:833.86 GB) (Free:417.45 GB) NTFS
Drive f: (PHILIPS UFD) (Removable) (Total:3.76 GB) (Free:2.32 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7BC0D4B0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=833.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 2C6B7369)
No partition Table on disk 1.

==================== End of log ============================
         
__________________

Alt 29.05.2015, 06:35   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Compatiybilitycheck.exe - Standard

Compatiybilitycheck.exe



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.05.2015, 11:11   #5
SepZis
 
Compatiybilitycheck.exe - Standard

Compatiybilitycheck.exe



Oh Mann, mein Rechner scheint ja noch mehr Probleme zu haben als nur das im Thread erwähnte

Hier das Malwarebytes Log nach Durchlauf 1:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.05.29.01
  rootkit: v2015.05.24.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17801
Nutzer :: LUCYNDE [administrator]

29.05.2015 11:47:13
mbar-log-2015-05-29 (11-47-13).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 434392
Time elapsed: 16 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{975670D0-7EFB-4fa8-90FA-3AE575B9FB77} (Trojan.Banker) -> Delete on reboot. [bda81b7e474389adca60d0a52fd436ca]
HKU\S-1-5-21-3323010747-2788445057-3376602549-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{975670D0-7EFB-4FA8-90FA-3AE575B9FB77} (Trojan.Banker) -> Delete on reboot. [bda81b7e474389adca60d0a52fd436ca]
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\linkrdr.AIEbho (Trojan.Banker) -> Delete on reboot. [bda81b7e474389adca60d0a52fd436ca]
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\linkrdr.AIEbho.1 (Trojan.Banker) -> Delete on reboot. [bda81b7e474389adca60d0a52fd436ca]
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot. [b9acfb9e33574fe733f1e31ef20e12ee]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} (Hijack.Trojan.Siredef.C) -> Delete on reboot. [b9acfb9e33574fe733f1e31ef20e12ee]

Registry Values Detected: 4
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell (Hijack.ShellA.Gen) -> Data: explorer.exe, "C:\Users\Nutzer\AppData\Roaming\Microsoft\Windows\msshell.exe" -> Delete on reboot. [4a1b8217becc88ae6531559909faba46]
HKU\S-1-5-21-3323010747-2788445057-3376602549-1004\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell (Hijack.ShellA.Gen) -> Data: explorer.exe, "C:\Users\Nutzer\AppData\Roaming\Microsoft\Windows\msshell.exe" -> Delete on reboot. [96cf2a6fc4c667cfe9ad2dc1dc2725db]
HKU\S-1-5-21-3323010747-2788445057-3376602549-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Microsoft Corporation Search Indexer (Trojan.Agent) -> Data: "C:\Users\Nutzer\AppData\Roaming\lsass.exe" -> Delete on reboot. [f1748d0ce9a1f442649dc591fa0acf31]
HKU\S-1-5-21-3323010747-2788445057-3376602549-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MicroUpdate (Backdoor.Agent.DCEGen) -> Data: C:\Users\Helena\Documents\MSDCSC\msdcsc.exe -> Delete on reboot. [0f56f3a69bef75c1d46c52df7c8822de]

Registry Data Items Detected: 2
HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$0960991a520af2ec4086eba6cdaf280d\n.) Good: (fastprox.dll) -> Replace on reboot. [79ec039696f41521c5ed9c905aac1ee2]
HKU\S-1-5-21-3323010747-2788445057-3376602549-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL (Hijack.StartPage) -> Bad: (hxxp://start.qone8.com/?type=hp&ts=1396999526&from=vtt&uid=ST31000524AS_9VPCQ4FYXXXX9VPCQ4FY) Good: (www.google.com) -> Replace on reboot. [dd882871b6d40531b72045df9472df21]

Folders Detected: 7
C:\Users\Nutzer\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Delete on reboot. [3431e1b8f69473c3146e36de957054ac]
C:\$Recycle.Bin\S-1-5-18\$0960991a520af2ec4086eba6cdaf280d\U (Trojan.Siredef.C) -> Delete on reboot. [aeb7edace3a748ee021505fcec14738d]
C:\$Recycle.Bin\S-1-5-21-3323010747-2788445057-3376602549-1000\$0960991a520af2ec4086eba6cdaf280d\U (Trojan.Siredef.C) -> Delete on reboot. [095cb7e26921290dac6b31d027d9eb15]
C:\$Recycle.Bin\S-1-5-18\$0960991a520af2ec4086eba6cdaf280d\L (Trojan.Siredef.C) -> Delete on reboot. [afb63e5bc1c9c3730811ea17738d8977]
C:\$Recycle.Bin\S-1-5-21-3323010747-2788445057-3376602549-1000\$0960991a520af2ec4086eba6cdaf280d\L (Trojan.Siredef.C) -> Delete on reboot. [40256336117912246cad50b1a65ab947]
C:\$Recycle.Bin\S-1-5-18\$0960991a520af2ec4086eba6cdaf280d (Trojan.Siredef.C) -> Delete on reboot. [d392fc9df7937eb8ab6f16ebfc04de22]
C:\$Recycle.Bin\S-1-5-21-3323010747-2788445057-3376602549-1000\$0960991a520af2ec4086eba6cdaf280d (Trojan.Siredef.C) -> Delete on reboot. [fa6b8c0d424853e3001a23de0cf4d62a]

Files Detected: 4
C:\Users\Nutzer\AppData\Roaming\ctfmon.exe (Trojan.VB) -> Delete on reboot. [1e47227786047db9de070194fd03b749]
C:\Users\Nutzer\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Delete on reboot. [3431e1b8f69473c3146e36de957054ac]
C:\Users\Nutzer\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Delete on reboot. [3431e1b8f69473c3146e36de957054ac]
C:\Users\Nutzer\AppData\Roaming\Microsoft\Windows\unicode2.nls (Trojan.Backdoor) -> Delete on reboot. [db8ad7c2404a55e15a15809f8f767b85]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Und nach Durchlauf 2:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.05.29.01
  rootkit: v2015.05.24.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17801
Nutzer :: LUCYNDE [administrator]

29.05.2015 12:09:59
mbar-log-2015-05-29 (12-09-59).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 434292
Time elapsed: 15 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Und zu guter Letzt das TDSSKiller Log:

Code:
ATTFilter
12:26:51.0357 0x0e94  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
12:26:54.0739 0x0e94  ============================================================
12:26:54.0739 0x0e94  Current date / time: 2015/05/29 12:26:54.0739
12:26:54.0739 0x0e94  SystemInfo:
12:26:54.0739 0x0e94  
12:26:54.0739 0x0e94  OS Version: 6.1.7601 ServicePack: 1.0
12:26:54.0739 0x0e94  Product type: Workstation
12:26:54.0739 0x0e94  ComputerName: LUCYNDE
12:26:54.0739 0x0e94  UserName: Nutzer
12:26:54.0739 0x0e94  Windows directory: C:\Windows
12:26:54.0739 0x0e94  System windows directory: C:\Windows
12:26:54.0739 0x0e94  Running under WOW64
12:26:54.0739 0x0e94  Processor architecture: Intel x64
12:26:54.0740 0x0e94  Number of processors: 6
12:26:54.0740 0x0e94  Page size: 0x1000
12:26:54.0740 0x0e94  Boot type: Normal boot
12:26:54.0740 0x0e94  ============================================================
12:26:58.0169 0x0e94  KLMD registered as C:\Windows\system32\drivers\32082727.sys
12:26:58.0341 0x0e94  System UUID: {497E11AF-45AE-CA3A-A1F0-3D5C760FA4D2}
12:26:58.0683 0x0e94  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:26:58.0692 0x0e94  Drive \Device\Harddisk1\DR1 - Size: 0xF1000000 ( 3.77 Gb ), SectorSize: 0x200, Cylinders: 0x1EB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:26:58.0698 0x0e94  ============================================================
12:26:58.0698 0x0e94  \Device\Harddisk0\DR0:
12:26:58.0698 0x0e94  MBR partitions:
12:26:58.0698 0x0e94  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:26:58.0698 0x0e94  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31D800
12:26:58.0698 0x0e94  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC350000, BlocksNum 0x683B6000
12:26:58.0698 0x0e94  \Device\Harddisk1\DR1:
12:26:58.0699 0x0e94  MBR partitions:
12:26:58.0699 0x0e94  ============================================================
12:26:58.0716 0x0e94  C: <-> \Device\Harddisk0\DR0\Partition2
12:26:58.0746 0x0e94  D: <-> \Device\Harddisk0\DR0\Partition3
12:26:58.0762 0x0e94  ============================================================
12:26:58.0762 0x0e94  Initialize success
12:26:58.0762 0x0e94  ============================================================
12:27:32.0293 0x12d0  ============================================================
12:27:32.0293 0x12d0  Scan started
12:27:32.0293 0x12d0  Mode: Manual; SigCheck; TDLFS; 
12:27:32.0293 0x12d0  ============================================================
12:27:32.0293 0x12d0  KSN ping started
12:27:35.0037 0x12d0  KSN ping finished: true
12:27:36.0006 0x12d0  ================ Scan system memory ========================
12:27:36.0006 0x12d0  System memory - ok
12:27:36.0007 0x12d0  ================ Scan services =============================
12:27:36.0119 0x12d0  [ 0A4D16837E492F22DD15DA46E648BCD9, 6E52834DC2E7E846B035FABA22EC82F053D5FAB30E7B0E63C8884F99E12C0C47 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:27:36.0235 0x12d0  1394ohci - ok
12:27:36.0264 0x12d0  [ 5133A75EE744C6DF4288FF775575ABCC, ACEE824489A9ECBFA25478DFC51241A1C434912FDF7AB7E87E98C23379233D1C ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:27:36.0281 0x12d0  ACPI - ok
12:27:36.0297 0x12d0  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:27:36.0373 0x12d0  AcpiPmi - ok
12:27:36.0492 0x12d0  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:27:36.0543 0x12d0  AdobeARMservice - ok
12:27:36.0761 0x12d0  [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:27:36.0787 0x12d0  AdobeFlashPlayerUpdateSvc - ok
12:27:36.0824 0x12d0  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:27:36.0845 0x12d0  adp94xx - ok
12:27:36.0873 0x12d0  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:27:36.0889 0x12d0  adpahci - ok
12:27:36.0905 0x12d0  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:27:36.0917 0x12d0  adpu320 - ok
12:27:36.0944 0x12d0  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:27:37.0004 0x12d0  AeLookupSvc - ok
12:27:37.0062 0x12d0  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
12:27:37.0130 0x12d0  AFD - ok
12:27:37.0154 0x12d0  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
12:27:37.0172 0x12d0  agp440 - ok
12:27:37.0193 0x12d0  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
12:27:37.0229 0x12d0  ALG - ok
12:27:37.0249 0x12d0  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:27:37.0257 0x12d0  aliide - ok
12:27:37.0295 0x12d0  [ 191C574F72BE3D51D55A73080F9ADEDB, 53926AA0CF85451EAFB1F813AA99B83ED4AF5FDA0729846B3836B51FA4A20BAA ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:27:37.0392 0x12d0  AMD External Events Utility - ok
12:27:37.0449 0x12d0  AMD FUEL Service - ok
12:27:37.0471 0x12d0  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:27:37.0483 0x12d0  amdide - ok
12:27:37.0503 0x12d0  [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
12:27:37.0529 0x12d0  amdiox64 - ok
12:27:37.0547 0x12d0  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
12:27:37.0580 0x12d0  AmdK8 - ok
12:27:37.0972 0x12d0  [ 482A7B44056A8403DD3B749C0F66FB01, 00C1F03599DC503447523B6FC31BCEC9CA7955332F261AADF9E207CBD5F04279 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:27:38.0387 0x12d0  amdkmdag - ok
12:27:38.0444 0x12d0  [ D39E8F05205A67E3478116C5EA9945DD, AD1F434095FDA3D2E941C3982C4FE705B33EDA7164F3159101613516A67E9B79 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
12:27:38.0472 0x12d0  amdkmdap - ok
12:27:38.0494 0x12d0  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:27:38.0505 0x12d0  AmdPPM - ok
12:27:38.0540 0x12d0  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:27:38.0551 0x12d0  amdsata - ok
12:27:38.0566 0x12d0  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:27:38.0579 0x12d0  amdsbs - ok
12:27:38.0590 0x12d0  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:27:38.0600 0x12d0  amdxata - ok
12:27:38.0625 0x12d0  [ 5A528A540B1AEE8B1C77ED65094E8CDF, 6E3DE68E630B81425056AB58E64721DD41F56491DD2D281CBB86AA7EF9CAD0E0 ] AODDriver4.01   C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
12:27:38.0633 0x12d0  AODDriver4.01 - ok
12:27:38.0668 0x12d0  [ 5A528A540B1AEE8B1C77ED65094E8CDF, 6E3DE68E630B81425056AB58E64721DD41F56491DD2D281CBB86AA7EF9CAD0E0 ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
12:27:38.0676 0x12d0  AODDriver4.2 - ok
12:27:38.0719 0x12d0  [ 5355B9542D9058CAF2A9918A77776F16, 4055A7520C67BA55210BB4FD5D7172D9FFBA6162557544D6F5AECCE06D58723B ] AppID           C:\Windows\system32\drivers\appid.sys
12:27:38.0774 0x12d0  AppID - ok
12:27:38.0803 0x12d0  [ F626A07F8ED8C8C24CB7B3205A2D2563, B4CD3F564DEE985AB330BAF9C8523FF994B84E157E1D177113953B5516FFC5C5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:27:38.0844 0x12d0  AppIDSvc - ok
12:27:38.0883 0x12d0  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
12:27:38.0927 0x12d0  Appinfo - ok
12:27:38.0944 0x12d0  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
12:27:38.0963 0x12d0  arc - ok
12:27:38.0979 0x12d0  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:27:38.0991 0x12d0  arcsas - ok
12:27:39.0089 0x12d0  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:27:39.0135 0x12d0  aspnet_state - ok
12:27:39.0149 0x12d0  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:27:39.0281 0x12d0  AsyncMac - ok
12:27:39.0298 0x12d0  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:27:39.0307 0x12d0  atapi - ok
12:27:39.0341 0x12d0  [ 437F55435623D4D54D36197F5AD8B435, CE004F1E3299E39AFD70C8618253901614C0F3DBD594B6F0E1BA294C7B47FAD6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
12:27:39.0398 0x12d0  AtiHDAudioService - ok
12:27:39.0437 0x12d0  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:27:39.0486 0x12d0  AudioEndpointBuilder - ok
12:27:39.0508 0x12d0  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:27:39.0534 0x12d0  AudioSrv - ok
12:27:39.0562 0x12d0  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:27:39.0618 0x12d0  AxInstSV - ok
12:27:39.0660 0x12d0  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
12:27:39.0718 0x12d0  b06bdrv - ok
12:27:39.0745 0x12d0  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:27:39.0782 0x12d0  b57nd60a - ok
12:27:39.0812 0x12d0  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:27:39.0839 0x12d0  BDESVC - ok
12:27:39.0851 0x12d0  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:27:39.0895 0x12d0  Beep - ok
12:27:39.0987 0x12d0  [ F513F0CE75F873A0050A34379A8E76B5, CB1329CCAE7B8EBB711772F4A4C5ABBC47347C948BBBDEE011A8A25872B0C17D ] BFE             C:\Windows\System32\bfe.dll
12:27:40.0029 0x12d0  BFE - ok
12:27:40.0065 0x12d0  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
12:27:40.0236 0x12d0  BITS - ok
12:27:40.0256 0x12d0  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:27:40.0269 0x12d0  blbdrive - ok
12:27:40.0299 0x12d0  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:27:40.0322 0x12d0  bowser - ok
12:27:40.0336 0x12d0  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
12:27:40.0348 0x12d0  BrFiltLo - ok
12:27:40.0359 0x12d0  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
12:27:40.0372 0x12d0  BrFiltUp - ok
12:27:40.0395 0x12d0  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
12:27:40.0430 0x12d0  Browser - ok
12:27:40.0450 0x12d0  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:27:40.0475 0x12d0  Brserid - ok
12:27:40.0489 0x12d0  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:27:40.0501 0x12d0  BrSerWdm - ok
12:27:40.0515 0x12d0  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:27:40.0528 0x12d0  BrUsbMdm - ok
12:27:40.0546 0x12d0  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:27:40.0564 0x12d0  BrUsbSer - ok
12:27:40.0620 0x12d0  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
12:27:40.0681 0x12d0  BthEnum - ok
12:27:40.0702 0x12d0  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:27:40.0751 0x12d0  BTHMODEM - ok
12:27:40.0783 0x12d0  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
12:27:40.0808 0x12d0  BthPan - ok
12:27:40.0871 0x12d0  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
12:27:40.0915 0x12d0  BTHPORT - ok
12:27:40.0939 0x12d0  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
12:27:40.0968 0x12d0  bthserv - ok
12:27:40.0996 0x12d0  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
12:27:41.0019 0x12d0  BTHUSB - ok
12:27:41.0057 0x12d0  [ 3AFF6DC496B8A8D12C867E3FC7C86FAC, 72541F7F9AF6278B8F19F2DBCCADC4FF47171866E04FB5A1010D9AFDF69F7D11 ] BTWAMPFL        C:\Windows\system32\DRIVERS\btwampfl.sys
12:27:41.0080 0x12d0  BTWAMPFL - ok
12:27:41.0110 0x12d0  [ 336BBA0909B3636AB7D06A71D7B1C0DC, 3BC7593272101C340681A9909F9215580F8942DA54E9B251E3AC35B8D39D9B89 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
12:27:41.0122 0x12d0  btwaudio - ok
12:27:41.0156 0x12d0  [ 9FF58F76024D25784755B01F926B00BE, 7A2504E326E63B7225FA25EA6D6ED3E7267278F5D2343A375D7F3B3F74EC9F38 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
12:27:41.0168 0x12d0  btwavdt - ok
12:27:41.0256 0x12d0  [ 26A80D7ACA49E03A403806418B5FED46, 52539FC9F5796002FD66393C759393717E3E242392B2E9039AD12B6D973B78BD ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
12:27:41.0284 0x12d0  btwdins - ok
12:27:41.0300 0x12d0  [ B1ACFD00CDD13B48D86F46BFEC153BF9, CD7BE27D93364735511CC714B85CB7D97E21E84E3C2361EC405BADAAEA550925 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
12:27:41.0309 0x12d0  btwl2cap - ok
12:27:41.0315 0x12d0  [ EDD953D635F3AA89EF902E3F82D60D22, 22A60B225A1AD0F25B9715338C805FED9D5F4BCAC296BBC0D045C6935BDA55E7 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
12:27:41.0324 0x12d0  btwrchid - ok
12:27:41.0349 0x12d0  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:27:41.0387 0x12d0  cdfs - ok
12:27:41.0421 0x12d0  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:27:41.0433 0x12d0  cdrom - ok
12:27:41.0451 0x12d0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:27:41.0488 0x12d0  CertPropSvc - ok
12:27:41.0511 0x12d0  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
12:27:41.0535 0x12d0  circlass - ok
12:27:41.0573 0x12d0  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
12:27:41.0597 0x12d0  CLFS - ok
12:27:41.0670 0x12d0  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:27:41.0689 0x12d0  clr_optimization_v2.0.50727_32 - ok
12:27:41.0729 0x12d0  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:27:41.0744 0x12d0  clr_optimization_v2.0.50727_64 - ok
12:27:41.0816 0x12d0  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:27:41.0841 0x12d0  clr_optimization_v4.0.30319_32 - ok
12:27:41.0855 0x12d0  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:27:41.0955 0x12d0  clr_optimization_v4.0.30319_64 - ok
12:27:41.0981 0x12d0  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
12:27:42.0000 0x12d0  CmBatt - ok
12:27:42.0023 0x12d0  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:27:42.0034 0x12d0  cmdide - ok
12:27:42.0067 0x12d0  [ 4566E7FEA8C966648DFC34FE9953653E, CEFF85D84529F8EFE119ECC8E521B854A4A30F30F4212B30AE8B577F41682576 ] CNG             C:\Windows\system32\Drivers\cng.sys
12:27:42.0098 0x12d0  CNG - ok
12:27:42.0113 0x12d0  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
12:27:42.0123 0x12d0  Compbatt - ok
12:27:42.0137 0x12d0  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
12:27:42.0160 0x12d0  CompositeBus - ok
12:27:42.0164 0x12d0  COMSysApp - ok
12:27:42.0176 0x12d0  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:27:42.0188 0x12d0  crcdisk - ok
12:27:42.0236 0x12d0  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:27:42.0279 0x12d0  CryptSvc - ok
12:27:42.0322 0x12d0  [ 225EFEE8960E554F3AB9A4A91790C039, A203583BECB4FE11300AF6B069D36632306AD0E7024618E5703392631C0A42A9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:27:42.0388 0x12d0  DcomLaunch - ok
12:27:42.0424 0x12d0  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
12:27:42.0466 0x12d0  defragsvc - ok
12:27:42.0485 0x12d0  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:27:42.0520 0x12d0  DfsC - ok
12:27:42.0578 0x12d0  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
12:27:42.0612 0x12d0  dg_ssudbus - ok
12:27:42.0659 0x12d0  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:27:42.0711 0x12d0  Dhcp - ok
12:27:42.0834 0x12d0  [ EA8A3E8C674B03CB4AFA1D344DBD7BC1, 564D9370AE4D12973647997684B9637B2A5A7480F66B87018F789CE4E43C8191 ] DiagTrack       C:\Windows\system32\diagtrack.dll
12:27:42.0900 0x12d0  DiagTrack - ok
12:27:42.0937 0x12d0  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
12:27:42.0995 0x12d0  discache - ok
12:27:43.0014 0x12d0  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
12:27:43.0028 0x12d0  Disk - ok
12:27:43.0047 0x12d0  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:27:43.0094 0x12d0  Dnscache - ok
12:27:43.0122 0x12d0  [ DD5038774EDF647E0D9F4220B1ADE6FC, 7256B9D27236F750C440B8BA9482E4FA77832241540C9D957486BEC0B9AC0D2A ] dot3svc         C:\Windows\System32\dot3svc.dll
12:27:43.0141 0x12d0  dot3svc - ok
12:27:43.0158 0x12d0  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
12:27:43.0197 0x12d0  DPS - ok
12:27:43.0232 0x12d0  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:27:43.0259 0x12d0  drmkaud - ok
12:27:43.0319 0x12d0  [ 33F90B202E9DD9B7D489EB59310FDC34, 6ECF6669433E090E9CF6B1875AF18D2C06F8CDB3901D58BF89C3E2202574ABBD ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:27:43.0351 0x12d0  dtsoftbus01 - ok
12:27:43.0411 0x12d0  [ F59E2FE2687A5C30598F9099F318EB73, 80A0B1CC758BD3C4AEAB8E5804120D8A145F918B527F41DEF02A0E4EBE170F37 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:27:43.0445 0x12d0  DXGKrnl - ok
12:27:43.0474 0x12d0  EagleX64 - ok
12:27:43.0484 0x12d0  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
12:27:43.0516 0x12d0  EapHost - ok
12:27:43.0536 0x12d0  EasyAntiCheat - ok
12:27:43.0649 0x12d0  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
12:27:43.0799 0x12d0  ebdrv - ok
12:27:43.0836 0x12d0  [ D52C700254E7FBD9BF6D817BA7BA5309, A62A34391AF50B69DE46FE0DF7E79C0E45391B9AD8D99EB83F725E187A7CADAC ] EFS             C:\Windows\System32\lsass.exe
12:27:43.0871 0x12d0  EFS - ok
12:27:43.0933 0x12d0  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:27:43.0986 0x12d0  ehRecvr - ok
12:27:44.0005 0x12d0  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
12:27:44.0018 0x12d0  ehSched - ok
12:27:44.0042 0x12d0  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:27:44.0064 0x12d0  elxstor - ok
12:27:44.0080 0x12d0  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:27:44.0122 0x12d0  ErrDev - ok
12:27:44.0181 0x12d0  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
12:27:44.0232 0x12d0  EventSystem - ok
12:27:44.0256 0x12d0  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
12:27:44.0294 0x12d0  exfat - ok
12:27:44.0310 0x12d0  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:27:44.0340 0x12d0  fastfat - ok
12:27:44.0379 0x12d0  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
12:27:44.0423 0x12d0  Fax - ok
12:27:44.0440 0x12d0  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
12:27:44.0451 0x12d0  fdc - ok
12:27:44.0475 0x12d0  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
12:27:44.0513 0x12d0  fdPHost - ok
12:27:44.0528 0x12d0  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:27:44.0570 0x12d0  FDResPub - ok
12:27:44.0589 0x12d0  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:27:44.0600 0x12d0  FileInfo - ok
12:27:44.0608 0x12d0  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:27:44.0650 0x12d0  Filetrace - ok
12:27:44.0661 0x12d0  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
12:27:44.0686 0x12d0  flpydisk - ok
12:27:44.0697 0x12d0  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:27:44.0712 0x12d0  FltMgr - ok
12:27:44.0815 0x12d0  [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache       C:\Windows\system32\FntCache.dll
12:27:44.0905 0x12d0  FontCache - ok
12:27:44.0946 0x12d0  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:27:44.0955 0x12d0  FontCache3.0.0.0 - ok
12:27:45.0070 0x12d0  [ DB557F4BB4E08E340D1C8B764602C4ED, 9D352D215C0131FB5E87DB6B00EBA4CAE5831D8444B01F11468F2D37B412D146 ] FoxitCloudUpdateService C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe
12:27:45.0087 0x12d0  FoxitCloudUpdateService - ok
12:27:45.0097 0x12d0  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:27:45.0107 0x12d0  FsDepends - ok
12:27:45.0136 0x12d0  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:27:45.0149 0x12d0  Fs_Rec - ok
12:27:45.0203 0x12d0  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:27:45.0219 0x12d0  fvevol - ok
12:27:45.0229 0x12d0  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:27:45.0240 0x12d0  gagp30kx - ok
12:27:45.0275 0x12d0  [ E403AACF8C7BB11375122D2464560311, 0427B8FFD999D256EA1A5135F218692959A7577CB32354D3087CF0FB4F0577DF ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:27:45.0283 0x12d0  GEARAspiWDM - ok
12:27:45.0316 0x12d0  [ 16C2A6BCDDA8952C2035DEC861492A19, 9023CD3A2C1009786A48EF7FBCC97ED1724C836279424A4D465CCE1AFA2DBDDA ] ggflt           C:\Windows\system32\DRIVERS\ggflt.sys
12:27:45.0324 0x12d0  ggflt - ok
12:27:45.0339 0x12d0  [ 6B503DF845EABF3457E49FBBDA26C10E, A1553E3822EDEA26D8E67FCC7F9EA40DFBED49EC92FD5674AAF938F2D58CF964 ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
12:27:45.0348 0x12d0  ggsemc - ok
12:27:45.0381 0x12d0  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:27:45.0446 0x12d0  gpsvc - ok
12:27:45.0488 0x12d0  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:27:45.0520 0x12d0  gupdate - ok
12:27:45.0526 0x12d0  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:27:45.0538 0x12d0  gupdatem - ok
12:27:45.0586 0x12d0  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
12:27:45.0598 0x12d0  hamachi - ok
12:27:45.0617 0x12d0  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:27:45.0661 0x12d0  hcw85cir - ok
12:27:45.0694 0x12d0  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:27:45.0733 0x12d0  HdAudAddService - ok
12:27:45.0755 0x12d0  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:27:45.0789 0x12d0  HDAudBus - ok
12:27:45.0805 0x12d0  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
12:27:45.0817 0x12d0  HidBatt - ok
12:27:45.0847 0x12d0  [ D6CD30C653887C5BE6DA0B914998C0B5, E608B39A55750B5648501EE83BB067A0DDE0F3BA6A2471D589F5E5271A8D7B1E ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:27:45.0869 0x12d0  HidBth - ok
12:27:45.0905 0x12d0  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:27:45.0920 0x12d0  HidIr - ok
12:27:45.0925 0x12d0  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
12:27:45.0968 0x12d0  hidserv - ok
12:27:45.0991 0x12d0  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:27:46.0011 0x12d0  HidUsb - ok
12:27:46.0102 0x12d0  [ 85A8488737454E4A3EC4772FD09B8E1A, 58E4A7030603B9803FE2998DAC7C0624453641E8D7F481C41006710EA8BE02CD ] HiPatchService  D:\GameDIR\SMITE\HiPatchService.exe
12:27:46.0121 0x12d0  HiPatchService - detected UnsignedFile.Multi.Generic ( 1 )
12:27:48.0926 0x12d0  HiPatchService ( UnsignedFile.Multi.Generic ) - warning
12:27:51.0616 0x12d0  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:27:51.0653 0x12d0  hkmsvc - ok
12:27:51.0677 0x12d0  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:27:51.0716 0x12d0  HomeGroupListener - ok
12:27:51.0733 0x12d0  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:27:51.0758 0x12d0  HomeGroupProvider - ok
12:27:51.0783 0x12d0  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:27:51.0793 0x12d0  HpSAMD - ok
12:27:51.0885 0x12d0  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:27:51.0960 0x12d0  HTTP - ok
12:27:51.0977 0x12d0  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:27:51.0987 0x12d0  hwpolicy - ok
12:27:52.0003 0x12d0  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:27:52.0015 0x12d0  i8042prt - ok
12:27:52.0197 0x12d0  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:27:52.0263 0x12d0  iaStorV - ok
12:27:52.0357 0x12d0  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:27:52.0389 0x12d0  idsvc - ok
12:27:52.0422 0x12d0  IEEtwCollectorService - ok
12:27:52.0432 0x12d0  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:27:52.0442 0x12d0  iirsp - ok
12:27:52.0492 0x12d0  [ 1E2A51DB8B28CD431D2B5C76A71AAEE3, A356E381C155DF7D3E905696D63A652D1C01D524B6B866C2288ECC5F3B3D4AB9 ] IKEEXT          C:\Windows\System32\ikeext.dll
12:27:52.0533 0x12d0  IKEEXT - ok
12:27:52.0567 0x12d0  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:27:52.0576 0x12d0  intelide - ok
12:27:52.0598 0x12d0  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
12:27:52.0623 0x12d0  intelppm - ok
12:27:52.0646 0x12d0  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:27:52.0687 0x12d0  IPBusEnum - ok
12:27:52.0704 0x12d0  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:27:52.0744 0x12d0  IpFilterDriver - ok
12:27:52.0841 0x12d0  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:27:52.0891 0x12d0  iphlpsvc - ok
12:27:52.0911 0x12d0  [ E277572E61604D174CFBCFCCEAFA9591, A4B1DA0D62424A043A1490C65D61A091919D9D6B03702F0E3FCA73D3D0B882FA ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:27:52.0942 0x12d0  IPMIDRV - ok
12:27:52.0954 0x12d0  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:27:52.0984 0x12d0  IPNAT - ok
12:27:53.0000 0x12d0  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:27:53.0025 0x12d0  IRENUM - ok
12:27:53.0040 0x12d0  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:27:53.0050 0x12d0  isapnp - ok
12:27:53.0071 0x12d0  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:27:53.0085 0x12d0  iScsiPrt - ok
12:27:53.0095 0x12d0  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:27:53.0106 0x12d0  kbdclass - ok
12:27:53.0115 0x12d0  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:27:53.0136 0x12d0  kbdhid - ok
12:27:53.0151 0x12d0  [ D52C700254E7FBD9BF6D817BA7BA5309, A62A34391AF50B69DE46FE0DF7E79C0E45391B9AD8D99EB83F725E187A7CADAC ] KeyIso          C:\Windows\system32\lsass.exe
12:27:53.0161 0x12d0  KeyIso - ok
12:27:53.0172 0x12d0  KMService - ok
12:27:53.0203 0x12d0  [ BBF27F6B5E7F5676A085B3065FB5C512, CFA9FD7BEBDDF4AA5D5381A02EC93FC726D85A8C2376A612DC119A48C6C780E6 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:27:53.0214 0x12d0  KSecDD - ok
12:27:53.0234 0x12d0  [ 939B29DD43E813E75DBC21B409C26142, 29A90EB54B001688963E01D9F971CABBC4A6C2411A3D18B4626DA77B92B7DAEE ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:27:53.0247 0x12d0  KSecPkg - ok
12:27:53.0261 0x12d0  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:27:53.0289 0x12d0  ksthunk - ok
12:27:53.0311 0x12d0  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:27:53.0347 0x12d0  KtmRm - ok
12:27:53.0371 0x12d0  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:27:53.0403 0x12d0  LanmanServer - ok
12:27:53.0429 0x12d0  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:27:53.0471 0x12d0  LanmanWorkstation - ok
12:27:53.0490 0x12d0  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:27:53.0531 0x12d0  lltdio - ok
12:27:53.0553 0x12d0  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:27:53.0594 0x12d0  lltdsvc - ok
12:27:53.0610 0x12d0  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:27:53.0658 0x12d0  lmhosts - ok
12:27:53.0689 0x12d0  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:27:53.0701 0x12d0  LSI_FC - ok
12:27:53.0716 0x12d0  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:27:53.0728 0x12d0  LSI_SAS - ok
12:27:53.0736 0x12d0  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:27:53.0746 0x12d0  LSI_SAS2 - ok
12:27:53.0760 0x12d0  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:27:53.0772 0x12d0  LSI_SCSI - ok
12:27:53.0799 0x12d0  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:27:53.0844 0x12d0  luafv - ok
12:27:53.0893 0x12d0  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:27:53.0905 0x12d0  Mcx2Svc - ok
12:27:53.0920 0x12d0  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:27:53.0930 0x12d0  megasas - ok
12:27:53.0946 0x12d0  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
12:27:53.0961 0x12d0  MegaSR - ok
12:27:54.0141 0x12d0  Microsoft SharePoint Workspace Audit Service - ok
12:27:54.0194 0x12d0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
12:27:54.0257 0x12d0  MMCSS - ok
12:27:54.0286 0x12d0  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
12:27:54.0312 0x12d0  Modem - ok
12:27:54.0331 0x12d0  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:27:54.0342 0x12d0  monitor - ok
12:27:54.0369 0x12d0  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:27:54.0381 0x12d0  mouclass - ok
12:27:54.0399 0x12d0  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:27:54.0419 0x12d0  mouhid - ok
12:27:54.0503 0x12d0  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:27:54.0522 0x12d0  mountmgr - ok
12:27:54.0626 0x12d0  [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:27:54.0650 0x12d0  MozillaMaintenance - ok
12:27:54.0689 0x12d0  [ D034667EE98E06ECE149E3C36A4998E1, 1C29FDB149A3537C40F80C856EF4FFFBE43957459C13AE4C7C166B7354C2B425 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:27:54.0712 0x12d0  mpio - ok
12:27:54.0728 0x12d0  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:27:54.0775 0x12d0  mpsdrv - ok
12:27:54.0830 0x12d0  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:27:54.0884 0x12d0  MpsSvc - ok
12:27:54.0916 0x12d0  [ 0AE0AB07EB9166EA6030153830148C02, 03525A7BD53657EEEBD3CE1EA9360A93B4954DE5FA0363697BEDAF6EEFADDA9D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:27:54.0931 0x12d0  MRxDAV - ok
12:27:54.0947 0x12d0  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:27:54.0970 0x12d0  mrxsmb - ok
12:27:55.0009 0x12d0  [ 7C95D3C4E3DA5289CE94E408DDC42E0D, DC72F8C9E2BE0478FB528E6FE123863D88BF79F14097F5CD3EA985746464BA9A ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:27:55.0041 0x12d0  mrxsmb10 - ok
12:27:55.0048 0x12d0  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:27:55.0064 0x12d0  mrxsmb20 - ok
12:27:55.0087 0x12d0  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:27:55.0095 0x12d0  msahci - ok
12:27:55.0111 0x12d0  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:27:55.0119 0x12d0  msdsm - ok
12:27:55.0142 0x12d0  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
12:27:55.0166 0x12d0  MSDTC - ok
12:27:55.0173 0x12d0  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:27:55.0197 0x12d0  Msfs - ok
12:27:55.0212 0x12d0  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:27:55.0244 0x12d0  mshidkmdf - ok
12:27:55.0251 0x12d0  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:27:55.0259 0x12d0  msisadrv - ok
12:27:55.0291 0x12d0  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:27:55.0337 0x12d0  MSiSCSI - ok
12:27:55.0337 0x12d0  msiserver - ok
12:27:55.0369 0x12d0  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:27:55.0408 0x12d0  MSKSSRV - ok
12:27:55.0423 0x12d0  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:27:55.0462 0x12d0  MSPCLOCK - ok
12:27:55.0478 0x12d0  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:27:55.0501 0x12d0  MSPQM - ok
12:27:55.0525 0x12d0  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:27:55.0541 0x12d0  MsRPC - ok
12:27:55.0548 0x12d0  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:27:55.0556 0x12d0  mssmbios - ok
12:27:55.0564 0x12d0  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:27:55.0603 0x12d0  MSTEE - ok
12:27:55.0642 0x12d0  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
12:27:55.0650 0x12d0  MTConfig - ok
12:27:55.0666 0x12d0  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
12:27:55.0673 0x12d0  Mup - ok
12:27:55.0697 0x12d0  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
12:27:55.0728 0x12d0  napagent - ok
12:27:55.0759 0x12d0  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:27:55.0791 0x12d0  NativeWifiP - ok
12:27:55.0845 0x12d0  [ 5E74508FCB5820B29EEAFE24E6035BCF, 8AE934AFF488A9D91072ECF040A475549A808CCC4AE347FB64F4251D43FE1276 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:27:55.0876 0x12d0  NDIS - ok
12:27:55.0892 0x12d0  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:27:55.0931 0x12d0  NdisCap - ok
12:27:55.0955 0x12d0  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:27:55.0978 0x12d0  NdisTapi - ok
12:27:55.0994 0x12d0  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:27:56.0033 0x12d0  Ndisuio - ok
12:27:56.0048 0x12d0  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:27:56.0087 0x12d0  NdisWan - ok
12:27:56.0103 0x12d0  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:27:56.0134 0x12d0  NDProxy - ok
12:27:56.0228 0x12d0  [ C7F5C284B6F46FCAF6910EA4E644700B, 754B11B71C06BC597EC5685E20772B604326C421BBD234BCD90678FD57C07768 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
12:27:56.0259 0x12d0  Nero BackItUp Scheduler 4.0 - ok
12:27:56.0259 0x12d0  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:27:56.0291 0x12d0  NetBIOS - ok
12:27:56.0306 0x12d0  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:27:56.0345 0x12d0  NetBT - ok
12:27:56.0361 0x12d0  [ D52C700254E7FBD9BF6D817BA7BA5309, A62A34391AF50B69DE46FE0DF7E79C0E45391B9AD8D99EB83F725E187A7CADAC ] Netlogon        C:\Windows\system32\lsass.exe
12:27:56.0376 0x12d0  Netlogon - ok
12:27:56.0408 0x12d0  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
12:27:56.0439 0x12d0  Netman - ok
12:27:56.0478 0x12d0  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:27:56.0501 0x12d0  NetMsmqActivator - ok
12:27:56.0525 0x12d0  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:27:56.0533 0x12d0  NetPipeActivator - ok
12:27:56.0564 0x12d0  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
12:27:56.0595 0x12d0  netprofm - ok
12:27:56.0603 0x12d0  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:27:56.0619 0x12d0  NetTcpActivator - ok
12:27:56.0619 0x12d0  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:27:56.0634 0x12d0  NetTcpPortSharing - ok
12:27:56.0650 0x12d0  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:27:56.0658 0x12d0  nfrd960 - ok
12:27:56.0697 0x12d0  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:27:56.0736 0x12d0  NlaSvc - ok
12:27:56.0767 0x12d0  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:27:56.0798 0x12d0  Npfs - ok
12:27:56.0806 0x12d0  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
12:27:56.0845 0x12d0  nsi - ok
12:27:56.0861 0x12d0  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:27:56.0884 0x12d0  nsiproxy - ok
12:27:56.0962 0x12d0  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:27:57.0025 0x12d0  Ntfs - ok
12:27:57.0041 0x12d0  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
12:27:57.0072 0x12d0  Null - ok
12:27:57.0103 0x12d0  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:27:57.0119 0x12d0  nvraid - ok
12:27:57.0126 0x12d0  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:27:57.0142 0x12d0  nvstor - ok
12:27:57.0181 0x12d0  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:27:57.0189 0x12d0  nv_agp - ok
12:27:57.0205 0x12d0  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:27:57.0236 0x12d0  ohci1394 - ok
12:27:57.0298 0x12d0  [ 447D71FFCEFAD01D6787422A6286A182, A0C78B16387EAF91AE0FDCCE7FEFB7FE1E5D6A99B652CFE52A73E0750038BD38 ] OpenVPNService  C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
12:27:57.0384 0x12d0  OpenVPNService - detected UnsignedFile.Multi.Generic ( 1 )
12:28:00.0119 0x12d0  Detect skipped due to KSN trusted
12:28:00.0119 0x12d0  OpenVPNService - ok
12:28:00.0166 0x12d0  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:28:00.0181 0x12d0  ose - ok
12:28:00.0361 0x12d0  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:28:00.0509 0x12d0  osppsvc - ok
12:28:00.0548 0x12d0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:28:00.0580 0x12d0  p2pimsvc - ok
12:28:00.0611 0x12d0  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
12:28:00.0650 0x12d0  p2psvc - ok
12:28:00.0681 0x12d0  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:28:00.0689 0x12d0  Parport - ok
12:28:00.0720 0x12d0  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:28:00.0728 0x12d0  partmgr - ok
12:28:00.0759 0x12d0  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:28:00.0798 0x12d0  PcaSvc - ok
12:28:00.0806 0x12d0  pccsmcfd - ok
12:28:00.0830 0x12d0  [ B26E102E0F54773119B162F56C9DD994, B28724DF87E838CFF7AC0E70E66C5F8FFA21B66BAEF8AE9CA148A7B51EF316CF ] pci             C:\Windows\system32\drivers\pci.sys
12:28:00.0837 0x12d0  pci - ok
12:28:00.0861 0x12d0  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:28:00.0869 0x12d0  pciide - ok
12:28:00.0884 0x12d0  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:28:00.0900 0x12d0  pcmcia - ok
12:28:00.0916 0x12d0  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:28:00.0923 0x12d0  pcw - ok
12:28:00.0955 0x12d0  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:28:01.0001 0x12d0  PEAUTH - ok
12:28:01.0056 0x12d0  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:28:01.0072 0x12d0  PerfHost - ok
12:28:01.0134 0x12d0  [ 601E47C30CEA734CEE883D9A6FAA8032, 48FD78C1C68AD2AF4F1332E76CABF0589317173B16EEB350BEC0DBC6054F9576 ] pla             C:\Windows\system32\pla.dll
12:28:01.0205 0x12d0  pla - ok
12:28:01.0251 0x12d0  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:28:01.0283 0x12d0  PlugPlay - ok
12:28:01.0384 0x12d0  PnkBstrA - ok
12:28:01.0400 0x12d0  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:28:01.0416 0x12d0  PNRPAutoReg - ok
12:28:01.0431 0x12d0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:28:01.0447 0x12d0  PNRPsvc - ok
12:28:01.0478 0x12d0  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:28:01.0509 0x12d0  PolicyAgent - ok
12:28:01.0533 0x12d0  [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power           C:\Windows\system32\umpo.dll
12:28:01.0572 0x12d0  Power - ok
12:28:01.0595 0x12d0  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:28:01.0619 0x12d0  PptpMiniport - ok
12:28:01.0642 0x12d0  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
12:28:01.0658 0x12d0  Processor - ok
12:28:01.0697 0x12d0  [ D0891D2F5D63DAB719F005919762912C, F187C38764D01AE3FD7CF711DF8B5FE8EB455186F104D5A76FB9DD7443066352 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:28:01.0736 0x12d0  ProfSvc - ok
12:28:01.0751 0x12d0  [ D52C700254E7FBD9BF6D817BA7BA5309, A62A34391AF50B69DE46FE0DF7E79C0E45391B9AD8D99EB83F725E187A7CADAC ] ProtectedStorage C:\Windows\system32\lsass.exe
12:28:01.0759 0x12d0  ProtectedStorage - ok
12:28:01.0783 0x12d0  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:28:01.0806 0x12d0  Psched - ok
12:28:01.0861 0x12d0  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:28:01.0916 0x12d0  ql2300 - ok
12:28:01.0931 0x12d0  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:28:01.0947 0x12d0  ql40xx - ok
12:28:01.0970 0x12d0  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
12:28:01.0994 0x12d0  QWAVE - ok
12:28:02.0001 0x12d0  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:28:02.0017 0x12d0  QWAVEdrv - ok
12:28:02.0025 0x12d0  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:28:02.0064 0x12d0  RasAcd - ok
12:28:02.0087 0x12d0  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:28:02.0119 0x12d0  RasAgileVpn - ok
12:28:02.0126 0x12d0  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
12:28:02.0166 0x12d0  RasAuto - ok
12:28:02.0173 0x12d0  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:28:02.0205 0x12d0  Rasl2tp - ok
12:28:02.0228 0x12d0  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
12:28:02.0275 0x12d0  RasMan - ok
12:28:02.0298 0x12d0  [ 77682DE44B334E6AAFCD0ED61FB7404F, C95DF9113D8B777BC9CFE319A710C9293210377F531F0C38FA38C588B8A3F5B4 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:28:02.0322 0x12d0  RasPppoe - ok
12:28:02.0337 0x12d0  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:28:02.0384 0x12d0  RasSstp - ok
12:28:02.0408 0x12d0  [ C7C154DF801D9887AB3DD56B397006EF, 9E62247F66B1E01A2B0B4F2EBBC54E1CE9EEC5FB35B0CB4563B87B2F26392D3B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:28:02.0423 0x12d0  rdbss - ok
12:28:02.0439 0x12d0  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
12:28:02.0447 0x12d0  rdpbus - ok
12:28:02.0462 0x12d0  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:28:02.0501 0x12d0  RDPCDD - ok
12:28:02.0556 0x12d0  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:28:02.0619 0x12d0  RDPENCDD - ok
12:28:02.0642 0x12d0  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:28:02.0705 0x12d0  RDPREFMP - ok
12:28:02.0744 0x12d0  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:28:02.0767 0x12d0  RDPWD - ok
12:28:02.0783 0x12d0  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:28:02.0798 0x12d0  rdyboost - ok
12:28:02.0845 0x12d0  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:28:02.0884 0x12d0  RemoteAccess - ok
12:28:02.0923 0x12d0  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:28:02.0962 0x12d0  RemoteRegistry - ok
12:28:03.0009 0x12d0  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
12:28:03.0025 0x12d0  RFCOMM - ok
12:28:03.0064 0x12d0  [ CAF88D6573D21CD2AA27001DDBFDC74D, 8256B93E586953F1B594BFFA1F005DB08325CAF1729A93820B09F60DAA998C97 ] RMCAST          C:\Windows\system32\DRIVERS\RMCAST.sys
12:28:03.0087 0x12d0  RMCAST - ok
12:28:03.0095 0x12d0  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:28:03.0126 0x12d0  RpcEptMapper - ok
12:28:03.0134 0x12d0  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
12:28:03.0158 0x12d0  RpcLocator - ok
12:28:03.0197 0x12d0  [ 225EFEE8960E554F3AB9A4A91790C039, A203583BECB4FE11300AF6B069D36632306AD0E7024618E5703392631C0A42A9 ] RpcSs           C:\Windows\system32\rpcss.dll
12:28:03.0212 0x12d0  RpcSs - ok
12:28:03.0220 0x12d0  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:28:03.0259 0x12d0  rspndr - ok
12:28:03.0291 0x12d0  [ A73ED14670220307874AD6BC2F279349, 0AAAB96BD5CCE5AE6334D0D43BE9AEB1EB2C8EFA6996289595FB7D394E11B444 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
12:28:03.0306 0x12d0  RTL8167 - ok
12:28:03.0353 0x12d0  [ 858C15A70AF2900C03DAA4419B973903, 9BF8E054DBED4931856E0921FE46898972D8678D7DD42F82C71FCD01B81AACB4 ] SaiK0CD5        C:\Windows\system32\DRIVERS\SaiK0CD5.sys
12:28:03.0369 0x12d0  SaiK0CD5 - ok
12:28:03.0392 0x12d0  [ 85C9ACF89D132237EA00211B8727DA4A, 6E750289A2AC72C9BD3D60C90886043A464C02576F4BFAD1430CDCA17C5B1016 ] SaiMini         C:\Windows\system32\DRIVERS\SaiMini.sys
12:28:03.0400 0x12d0  SaiMini - ok
12:28:03.0416 0x12d0  [ 4BA85056D51E4F63FB408E2BE6AA1066, 934D1A529D72447FD61AF483BC6F8AD8C1CBFCAE17CB28EEF19AF921EC032C0E ] SaiNtBus        C:\Windows\system32\drivers\SaiBus.sys
12:28:03.0423 0x12d0  SaiNtBus - ok
12:28:03.0431 0x12d0  [ 866EFD804302483DE27E3947B25D0FAB, 71AD1228A6ACFAD67ECE3F5F1A323FE1882D3F8712CEAE69BF8DB25A1A7776ED ] SaiU0CD5        C:\Windows\system32\DRIVERS\SaiU0CD5.sys
12:28:03.0439 0x12d0  SaiU0CD5 - ok
12:28:03.0447 0x12d0  [ D52C700254E7FBD9BF6D817BA7BA5309, A62A34391AF50B69DE46FE0DF7E79C0E45391B9AD8D99EB83F725E187A7CADAC ] SamSs           C:\Windows\system32\lsass.exe
12:28:03.0455 0x12d0  SamSs - ok
12:28:03.0533 0x12d0  [ 791EE9F4A82FC4E13133F107C1C4C286, F7B9E57D08EF68B17ADF70C2D1F7623EAE13CAADE5ACFF4CD54FB89DFDEAD9C6 ] SAVAdminService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
12:28:03.0548 0x12d0  SAVAdminService - ok
12:28:03.0580 0x12d0  [ 54C1EDAE9DF790450A73F5CF42CBEEEC, FF2BB46F1EBCAF567B313A210A599B1794A5FAF1C766EC96F33A694B0EABF3E6 ] SAVOnAccess     C:\Windows\system32\DRIVERS\savonaccess.sys
12:28:03.0595 0x12d0  SAVOnAccess - ok
12:28:03.0611 0x12d0  [ D99F39D77432D1E979C1D918597C8A3E, 738740DB028B9A9838466714914A844AF72A669BAE1243123780F2C2FCD132CC ] SAVService      C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
12:28:03.0626 0x12d0  SAVService - ok
12:28:03.0642 0x12d0  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:28:03.0650 0x12d0  sbp2port - ok
12:28:03.0666 0x12d0  [ 38224FF66A734F973D10E1465AD4CB07, 07E4A77F08987BBF2ACE4DB18060F7A3201D72EC6EBAB6E8630C66F2119791CB ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:28:03.0681 0x12d0  SCardSvr - ok
12:28:03.0689 0x12d0  [ CDF622EFC748F82EA9571138406871EA, 80B4A3C00739D9FA2CBA06210873D919C1A65DC3D8F9849AE8AB4653A1217AC8 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:28:03.0712 0x12d0  scfilter - ok
12:28:03.0759 0x12d0  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
12:28:03.0837 0x12d0  Schedule - ok
12:28:03.0853 0x12d0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:28:03.0861 0x12d0  SCPolicySvc - ok
12:28:03.0876 0x12d0  [ 75B98959013B22F8F40C08095B8AB73C, EF608EFBF72AF48EFC9352FCEDF0523BDBA6055612FFD22654E3B241AA9C8033 ] sdcfilter       C:\Windows\system32\DRIVERS\sdcfilter.sys
12:28:03.0884 0x12d0  sdcfilter - ok
12:28:03.0900 0x12d0  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:28:03.0923 0x12d0  SDRSVC - ok
12:28:04.0017 0x12d0  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
12:28:04.0064 0x12d0  SDScannerService - ok
12:28:04.0119 0x12d0  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
12:28:04.0166 0x12d0  SDUpdateService - ok
12:28:04.0189 0x12d0  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
12:28:04.0197 0x12d0  SDWSCService - ok
12:28:04.0220 0x12d0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:28:04.0251 0x12d0  secdrv - ok
12:28:04.0267 0x12d0  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
12:28:04.0291 0x12d0  seclogon - ok
12:28:04.0298 0x12d0  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
12:28:04.0330 0x12d0  SENS - ok
12:28:04.0337 0x12d0  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:28:04.0376 0x12d0  SensrSvc - ok
12:28:04.0384 0x12d0  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:28:04.0400 0x12d0  Serenum - ok
12:28:04.0416 0x12d0  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:28:04.0423 0x12d0  Serial - ok
12:28:04.0431 0x12d0  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:28:04.0447 0x12d0  sermouse - ok
12:28:04.0462 0x12d0  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
12:28:04.0494 0x12d0  SessionEnv - ok
12:28:04.0501 0x12d0  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:28:04.0509 0x12d0  sffdisk - ok
12:28:04.0517 0x12d0  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:28:04.0548 0x12d0  sffp_mmc - ok
12:28:04.0548 0x12d0  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:28:04.0564 0x12d0  sffp_sd - ok
12:28:04.0580 0x12d0  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:28:04.0595 0x12d0  sfloppy - ok
12:28:04.0634 0x12d0  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:28:04.0666 0x12d0  SharedAccess - ok
12:28:04.0697 0x12d0  [ EA9092F3DB26EDC7199AB64C9EF0D2D7, 2FD5AFD91CF50FEEE0E5C59590C471BE61470E1C0BF4DC3745B75739BB0769F3 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:28:04.0728 0x12d0  ShellHWDetection - ok
12:28:04.0736 0x12d0  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:28:04.0744 0x12d0  SiSRaid2 - ok
12:28:04.0759 0x12d0  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:28:04.0775 0x12d0  SiSRaid4 - ok
12:28:04.0791 0x12d0  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:28:04.0814 0x12d0  Smb - ok
12:28:04.0830 0x12d0  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:28:04.0845 0x12d0  SNMPTRAP - ok
12:28:04.0916 0x12d0  [ 3A4F2C0BB87A0895ABEBA341AA1E341B, 4DADEEF3C5D181502D6F4A00FBBF3B001FA626E49569FB330D7AE2955CC7DE08 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
12:28:04.0923 0x12d0  Sony PC Companion - ok
12:28:04.0986 0x12d0  [ BEBFF064A8DC3C2FF634B7CFDCF6778B, DB49FDBB625112EFABC9E893DB61DD2E92F1BD06191450C33BF95FCEF0F415AA ] Sophos AutoUpdate Service C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
12:28:05.0001 0x12d0  Sophos AutoUpdate Service - ok
12:28:05.0048 0x12d0  [ E26625A4A22E5BADF495B8FB613F27AD, C040328B0838A1DD2F5E12863611B3755681697D1ADA2F0C014694762B4F8F72 ] Sophos Web Control Service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
12:28:05.0064 0x12d0  Sophos Web Control Service - ok
12:28:05.0087 0x12d0  [ FFD056D55C46946ACA218F0A61DA2743, A9E3910EBEFC8674704F42C6D43A12A521C212B911D46FCD669D8AAFA8381C55 ] SophosBootDriver C:\Windows\system32\DRIVERS\SophosBootDriver.sys
12:28:05.0095 0x12d0  SophosBootDriver - ok
12:28:05.0111 0x12d0  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:28:05.0119 0x12d0  spldr - ok
12:28:05.0158 0x12d0  [ B9D7A4858CF32A6A15D2763F1DE47E0E, 428B1B19A4FCD6F6A160202BC1616AECCA98F80853BBF45A47F838E101A91D58 ] Spooler         C:\Windows\System32\spoolsv.exe
12:28:05.0181 0x12d0  Spooler - ok
12:28:05.0283 0x12d0  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
12:28:05.0408 0x12d0  sppsvc - ok
12:28:05.0431 0x12d0  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:28:05.0462 0x12d0  sppuinotify - ok
12:28:05.0478 0x12d0  sptd - ok
12:28:05.0509 0x12d0  [ 10586F14752ACE786AB120FF8BB6BDA4, 843BC68BE685A9B04BBF4BBD94ECDF58F9EF668859E4C68F23D9B7B69D2A1E00 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:28:05.0533 0x12d0  srv - ok
12:28:05.0548 0x12d0  [ E10010AC9A4E8D7676EC89700BB6A24C, 1B76DC3C5C9E3651D60A8E5AF12AF779C575FA10E6E8232F7BBEBAA736EFAC02 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:28:05.0564 0x12d0  srv2 - ok
12:28:05.0572 0x12d0  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:28:05.0595 0x12d0  srvnet - ok
12:28:05.0611 0x12d0  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:28:05.0642 0x12d0  SSDPSRV - ok
12:28:05.0658 0x12d0  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:28:05.0681 0x12d0  SstpSvc - ok
12:28:05.0720 0x12d0  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
12:28:05.0736 0x12d0  ssudmdm - ok
12:28:05.0822 0x12d0  [ 25C16F7D749F1BA7D573756338658727, 4A4056F34C0D34D793E0A24D37842F8122A5C072F9A2ED9192763FB0CC8FDADC ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
12:28:05.0845 0x12d0  Steam Client Service - ok
12:28:05.0869 0x12d0  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:28:05.0876 0x12d0  stexstor - ok
12:28:05.0908 0x12d0  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
12:28:05.0939 0x12d0  stisvc - ok
12:28:05.0955 0x12d0  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:28:05.0962 0x12d0  swenum - ok
12:28:06.0080 0x12d0  [ 5399E281726EAF0307EBF804A693ED40, 0AE45B2ECE26A87BF0E535AFDC7376EED2A7645C8CC810BE9D6D1330199BE28E ] swi_service     C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
12:28:06.0150 0x12d0  swi_service - ok
12:28:06.0267 0x12d0  [ A298C4D7C94C79D40739E89F9D8CE65E, 6C716C3E95637048613CEBFEDB38EB4AFFBE9287A53A3C6979EE4B8F5BCBEC78 ] swi_update_64   C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe
12:28:06.0330 0x12d0  swi_update_64 - ok
12:28:06.0369 0x12d0  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
12:28:06.0408 0x12d0  swprv - ok
12:28:06.0462 0x12d0  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
12:28:06.0548 0x12d0  SysMain - ok
12:28:06.0572 0x12d0  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:28:06.0587 0x12d0  TabletInputService - ok
12:28:06.0603 0x12d0  tandpl - ok
12:28:06.0642 0x12d0  [ 3B73C849B41FB20D77B0E553214061A5, 359F2DFEFF5B294B087F7F7DF0F6496CA06901135BB7D6DC52E41F393DA90059 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
12:28:06.0658 0x12d0  tap0901 - ok
12:28:06.0689 0x12d0  [ B08740047145B9BCE15BF75CA0F9718A, 3E2A8A5A2A4DC4D0F05E22EA2C0EBD85AA5C7C6854E873D53538D1F54B8F7C63 ] tap0901t        C:\Windows\system32\DRIVERS\tap0901t.sys
12:28:06.0728 0x12d0  tap0901t - ok
12:28:06.0744 0x12d0  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:28:06.0775 0x12d0  TapiSrv - ok
12:28:06.0783 0x12d0  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
12:28:06.0822 0x12d0  TBS - ok
12:28:06.0908 0x12d0  [ 4F80944B03112F486212DC20BE166079, B4C1AF42E450A280C8018EF123555F4E3FD943BDC14E4ECD0AB72BB40C22AF94 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:28:06.0978 0x12d0  Tcpip - ok
12:28:07.0033 0x12d0  [ 4F80944B03112F486212DC20BE166079, B4C1AF42E450A280C8018EF123555F4E3FD943BDC14E4ECD0AB72BB40C22AF94 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:28:07.0080 0x12d0  TCPIP6 - ok
12:28:07.0111 0x12d0  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:28:07.0142 0x12d0  tcpipreg - ok
12:28:07.0173 0x12d0  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:28:07.0189 0x12d0  TDPIPE - ok
12:28:07.0212 0x12d0  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:28:07.0220 0x12d0  TDTCP - ok
12:28:07.0251 0x12d0  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:28:07.0267 0x12d0  tdx - ok
12:28:07.0283 0x12d0  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:28:07.0291 0x12d0  TermDD - ok
12:28:07.0330 0x12d0  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
12:28:07.0361 0x12d0  TermService - ok
12:28:07.0376 0x12d0  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
12:28:07.0400 0x12d0  Themes - ok
12:28:07.0416 0x12d0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
12:28:07.0447 0x12d0  THREADORDER - ok
12:28:07.0455 0x12d0  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
12:28:07.0494 0x12d0  TrkWks - ok
12:28:07.0525 0x12d0  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:28:07.0572 0x12d0  TrustedInstaller - ok
12:28:07.0595 0x12d0  [ 2CE1083C5A2D9BA5FFAD087F997EE25C, 1293A1B4D98A800A16BCD3ED52EA8AB429259FC16F9B6D3A0CAAEE7C7BE57DF7 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:28:07.0603 0x12d0  tssecsrv - ok
12:28:07.0619 0x12d0  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:28:07.0634 0x12d0  TsUsbFlt - ok
12:28:07.0642 0x12d0  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
12:28:07.0658 0x12d0  TsUsbGD - ok
12:28:07.0681 0x12d0  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:28:07.0728 0x12d0  tunnel - ok
12:28:07.0806 0x12d0  [ 4181F82E9DC45D424739E444CA597C6C, 16CF2E5389432D246F5C021BF628FCB8A0641C9A08D6E91B49F32066D37EB473 ] TunngleService  C:\Program Files (x86)\Tunngle\TnglCtrl.exe
12:28:07.0830 0x12d0  TunngleService - ok
12:28:07.0837 0x12d0  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:28:07.0853 0x12d0  uagp35 - ok
12:28:07.0869 0x12d0  [ 689EDE95BBAAC3F3209190EBCB4B2D22, 4B5948951A9C9434FE0D7B18DDB54780F916570A2D06C2D28FF80F42D5902414 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:28:07.0892 0x12d0  udfs - ok
12:28:07.0908 0x12d0  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:28:07.0931 0x12d0  UI0Detect - ok
12:28:07.0947 0x12d0  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:28:07.0955 0x12d0  uliagpkx - ok
12:28:07.0978 0x12d0  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:28:07.0986 0x12d0  umbus - ok
12:28:07.0994 0x12d0  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
12:28:08.0001 0x12d0  UmPass - ok
12:28:08.0025 0x12d0  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
12:28:08.0056 0x12d0  upnphost - ok
12:28:08.0087 0x12d0  [ AA33FC47ED58C34E6E9261E4F850B7EB, C6388127CAA695434ABFB6C59A53C8544E67E414012DE5F21B36D035BB1BACC8 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
12:28:08.0103 0x12d0  USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )
12:28:11.0072 0x12d0  Detect skipped due to KSN trusted
12:28:11.0072 0x12d0  USBAAPL64 - ok
12:28:11.0103 0x12d0  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
12:28:11.0126 0x12d0  usbaudio - ok
12:28:11.0158 0x12d0  [ 91D3C92A44FC682DD791147604E79152, AA0B6799BF9C26C2C1793C91295288A4989AA43EC5E070B650DA7F0A142817CE ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:28:11.0197 0x12d0  usbccgp - ok
12:28:11.0220 0x12d0  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:28:11.0244 0x12d0  usbcir - ok
12:28:11.0267 0x12d0  [ F7FFDF2A1D19A76A87759126B244C816, C91F09D77E22D976952A46F7B93F611B719EDAF694D538242FA8FAF1BA9BB2F0 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:28:11.0291 0x12d0  usbehci - ok
12:28:11.0322 0x12d0  [ 245FE7FC634D6A993E682E0A9EBA4ABB, F7A536D215EE3A63358EC8B5946D7BB3B56357BF91347B07013E00DAC98775B6 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:28:11.0337 0x12d0  usbhub - ok
12:28:11.0369 0x12d0  [ C1A8966E0D09BFB501045105B30D86F2, 5BB95FBA441B898E258A3BFE174FC1042A04C19E25C59DE1FD90594290B11DA9 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
12:28:11.0392 0x12d0  usbohci - ok
12:28:11.0408 0x12d0  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:28:11.0431 0x12d0  usbprint - ok
12:28:11.0462 0x12d0  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
12:28:11.0478 0x12d0  usbscan - ok
12:28:11.0509 0x12d0  [ 4ACEE387FA8FD39F83564FCD2FC234F2, 3D62DE27027B8C032D15EB74F97A14B4EC24E67052C1163862740D6312B2569B ] usbser          C:\Windows\system32\drivers\usbser.sys
12:28:11.0517 0x12d0  usbser - ok
12:28:11.0541 0x12d0  [ 36106AC439EDFBB7B8BDBF99079C7590, C4BD9EA1FFB4D2521FB06318E2C57E1A72FBF4C848482B04D3A89CECE3864B01 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:28:11.0564 0x12d0  USBSTOR - ok
12:28:11.0572 0x12d0  [ 2E682DCE4319A90E02A327F8A427544A, 3528C5A4669BAD53041085C3E72C64388D308E42AD9D1FAC85B6F2FFD81610FB ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:28:11.0580 0x12d0  usbuhci - ok
12:28:11.0595 0x12d0  usj - ok
12:28:11.0603 0x12d0  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
12:28:11.0634 0x12d0  UxSms - ok
12:28:11.0650 0x12d0  [ D52C700254E7FBD9BF6D817BA7BA5309, A62A34391AF50B69DE46FE0DF7E79C0E45391B9AD8D99EB83F725E187A7CADAC ] VaultSvc        C:\Windows\system32\lsass.exe
12:28:11.0658 0x12d0  VaultSvc - ok
12:28:11.0681 0x12d0  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:28:11.0689 0x12d0  vdrvroot - ok
12:28:11.0705 0x12d0  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
12:28:11.0744 0x12d0  vds - ok
12:28:11.0845 0x12d0  [ 13F3E4ECED43B5BFE003CB83CBF09796, 1927FB04D332FAF9BC7BC8CA558BB7C0B9576146C3C1DED6E49C77708E1C465F ] Verifies software is compatible C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
12:28:11.0869 0x12d0  Verifies software is compatible - detected UnsignedFile.Multi.Generic ( 1 )
12:28:15.0900 0x12d0  Verifies software is compatible ( UnsignedFile.Multi.Generic ) - warning
12:28:18.0619 0x12d0  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:28:18.0642 0x12d0  vga - ok
12:28:18.0658 0x12d0  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:28:18.0705 0x12d0  VgaSave - ok
12:28:18.0720 0x12d0  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:28:18.0736 0x12d0  vhdmp - ok
12:28:18.0814 0x12d0  [ D117DF27AA58550BEF9E28120ED78A47, 6972195E2CC84995D15D351601618396F3A5D84049BC6218817C3A1CDDF43FC4 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
12:28:18.0892 0x12d0  VIAHdAudAddService - ok
12:28:18.0916 0x12d0  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:28:18.0923 0x12d0  viaide - ok
12:28:18.0947 0x12d0  [ 6B34F3220E4AE5D77BD42CEA94EB3892, 6BBED3FBD52935B0ECEA3A9B5B0A4B44214636840AE1EBB65AE1089B3F0C0500 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
12:28:18.0955 0x12d0  VIAKaraokeService - ok
12:28:18.0970 0x12d0  [ 071E1B172D49154EE1D23A2ACC472EFB, 2E75ECE68F911F1FB0E8BEEFD8C7B8F794164335E1A1F2CE5D14126C9445BB7C ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:28:18.0986 0x12d0  volmgr - ok
12:28:18.0994 0x12d0  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:28:19.0009 0x12d0  volmgrx - ok
12:28:19.0025 0x12d0  [ 879CE6AEA3FE874AD4C500B6B6198EB0, 1512BF4AA5ECCEC7EF209B5D64801D24EF7E788DAE206CC1B5BCE47BAA2473C2 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:28:19.0041 0x12d0  volsnap - ok
12:28:19.0041 0x12d0  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:28:19.0056 0x12d0  vsmraid - ok
12:28:19.0166 0x12d0  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
12:28:19.0236 0x12d0  VSS - ok
12:28:19.0259 0x12d0  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:28:19.0298 0x12d0  vwifibus - ok
12:28:19.0345 0x12d0  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
12:28:19.0423 0x12d0  W32Time - ok
12:28:19.0431 0x12d0  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:28:19.0455 0x12d0  WacomPen - ok
12:28:19.0478 0x12d0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:28:19.0556 0x12d0  WANARP - ok
12:28:19.0572 0x12d0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:28:19.0603 0x12d0  Wanarpv6 - ok
12:28:19.0642 0x12d0  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
12:28:19.0705 0x12d0  wbengine - ok
12:28:19.0728 0x12d0  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:28:19.0744 0x12d0  WbioSrvc - ok
12:28:19.0759 0x12d0  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:28:19.0791 0x12d0  wcncsvc - ok
12:28:19.0814 0x12d0  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:28:19.0845 0x12d0  WcsPlugInService - ok
12:28:19.0853 0x12d0  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
12:28:19.0861 0x12d0  Wd - ok
12:28:19.0908 0x12d0  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:28:19.0931 0x12d0  Wdf01000 - ok
12:28:19.0955 0x12d0  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:28:19.0970 0x12d0  WdiServiceHost - ok
12:28:19.0978 0x12d0  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:28:19.0986 0x12d0  WdiSystemHost - ok
12:28:20.0017 0x12d0  [ C1EAE0C20DFC3E193BC1B2701CA6B333, C6BEC998FE4A11F0600C613E6ECEAD9604510B73F3FB4EAF27B5974A6F1D9FA6 ] WebClient       C:\Windows\System32\webclnt.dll
12:28:20.0041 0x12d0  WebClient - ok
12:28:20.0056 0x12d0  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:28:20.0087 0x12d0  Wecsvc - ok
12:28:20.0095 0x12d0  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:28:20.0126 0x12d0  wercplsupport - ok
12:28:20.0150 0x12d0  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:28:20.0189 0x12d0  WerSvc - ok
12:28:20.0205 0x12d0  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:28:20.0228 0x12d0  WfpLwf - ok
12:28:20.0251 0x12d0  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:28:20.0259 0x12d0  WIMMount - ok
12:28:20.0314 0x12d0  WinDefend - ok
12:28:20.0322 0x12d0  WinHttpAutoProxySvc - ok
12:28:20.0384 0x12d0  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:28:20.0439 0x12d0  Winmgmt - ok
12:28:20.0611 0x12d0  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
12:28:20.0689 0x12d0  WinRM - ok
12:28:20.0751 0x12d0  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
12:28:20.0783 0x12d0  WinUsb - ok
12:28:20.0830 0x12d0  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:28:20.0869 0x12d0  Wlansvc - ok
12:28:21.0048 0x12d0  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:28:21.0095 0x12d0  wlidsvc - ok
12:28:21.0119 0x12d0  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:28:21.0142 0x12d0  WmiAcpi - ok
12:28:21.0166 0x12d0  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:28:21.0181 0x12d0  wmiApSrv - ok
12:28:21.0189 0x12d0  WMPNetworkSvc - ok
12:28:21.0205 0x12d0  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:28:21.0220 0x12d0  WPCSvc - ok
12:28:21.0228 0x12d0  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:28:21.0259 0x12d0  WPDBusEnum - ok
12:28:21.0275 0x12d0  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:28:21.0298 0x12d0  ws2ifsl - ok
12:28:21.0337 0x12d0  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
12:28:21.0345 0x12d0  wscsvc - ok
12:28:21.0353 0x12d0  WSearch - ok
12:28:21.0478 0x12d0  [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:28:21.0572 0x12d0  wuauserv - ok
12:28:21.0603 0x12d0  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:28:21.0642 0x12d0  WudfPf - ok
12:28:21.0689 0x12d0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\drivers\WUDFRd.sys
12:28:21.0712 0x12d0  WUDFRd - ok
12:28:21.0744 0x12d0  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:28:21.0759 0x12d0  wudfsvc - ok
12:28:21.0806 0x12d0  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:28:21.0853 0x12d0  WwanSvc - ok
12:28:21.0876 0x12d0  xhunter1 - ok
12:28:21.0955 0x12d0  [ 4A5CE13408945E525503B5F73D29B9C5, D58BB31AF17752508EA67931BF170CE46877DC204FC5DA7EED5A078AEB0CA0FD ] xnacc           C:\Windows\system32\DRIVERS\xnacc.sys
12:28:22.0001 0x12d0  xnacc - ok
12:28:22.0025 0x12d0  [ 38F55D07B1D3391065C40EC065F984E2, 056F5E3034C4C11403D74F44A364964A3A5945608DAE2A03EF025A22F5C31B26 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
12:28:22.0048 0x12d0  xusb21 - ok
12:28:22.0056 0x12d0  ================ Scan global ===============================
12:28:22.0064 0x12d0  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
12:28:22.0119 0x12d0  [ 4A7726EC105064BB6614A402F25D3913, 6F02584088794CCAAABE858F0F84B1FA85C550088AABEE8CDD0EAD921048A2E0 ] C:\Windows\system32\winsrv.dll
12:28:22.0150 0x12d0  [ 4A7726EC105064BB6614A402F25D3913, 6F02584088794CCAAABE858F0F84B1FA85C550088AABEE8CDD0EAD921048A2E0 ] C:\Windows\system32\winsrv.dll
12:28:22.0181 0x12d0  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
12:28:22.0228 0x12d0  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
12:28:22.0236 0x12d0  [ Global ] - ok
12:28:22.0236 0x12d0  ================ Scan MBR ==================================
12:28:22.0251 0x12d0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:28:22.0478 0x12d0  \Device\Harddisk0\DR0 - ok
12:28:22.0478 0x12d0  [ A0A1FCC79FB02A8A97592445656EF85B ] \Device\Harddisk1\DR1
12:28:25.0580 0x12d0  \Device\Harddisk1\DR1 - ok
12:28:25.0580 0x12d0  ================ Scan VBR ==================================
12:28:25.0587 0x12d0  [ BA967657017F590E1A02F0DDF7A0AA59 ] \Device\Harddisk0\DR0\Partition1
12:28:25.0650 0x12d0  \Device\Harddisk0\DR0\Partition1 - ok
12:28:25.0650 0x12d0  [ CD4A41D8C8654946230FB2AF765A7CE1 ] \Device\Harddisk0\DR0\Partition2
12:28:25.0705 0x12d0  \Device\Harddisk0\DR0\Partition2 - ok
12:28:25.0712 0x12d0  [ DE377145F2DCE859D16689A2FB6B13B5 ] \Device\Harddisk0\DR0\Partition3
12:28:25.0767 0x12d0  \Device\Harddisk0\DR0\Partition3 - ok
12:28:25.0775 0x12d0  ================ Scan generic autorun ======================
12:28:25.0876 0x12d0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:28:25.0947 0x12d0  Sidebar - ok
12:28:25.0970 0x12d0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:28:25.0986 0x12d0  mctadmin - ok
12:28:26.0033 0x12d0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:28:26.0064 0x12d0  Sidebar - ok
12:28:26.0064 0x12d0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:28:26.0080 0x12d0  mctadmin - ok
12:28:26.0142 0x12d0  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
12:28:26.0212 0x12d0  Sidebar - ok
12:28:26.0244 0x12d0  [ 73430E79D6DF4DE9055E2A7742B881D3, AB067341A3B647FD7273FB1146BB9355AE53ACBD259FC061DF82399A5C185775 ] C:\Program Files (x86)\QuickTime\QTTask.exe
12:28:26.0267 0x12d0  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
12:28:29.0009 0x12d0  Detect skipped due to KSN trusted
12:28:29.0009 0x12d0  QuickTime Task - ok
12:28:29.0166 0x12d0  [ F73154E180105822A5F9B755BA933737, 1CD775B6CE3736A70EC5FC7A6B77A2FEDA70D59B49A66046CC20B341005501D9 ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
12:28:29.0314 0x12d0  DAEMON Tools Lite - ok
12:28:29.0322 0x12d0  Waiting for KSN requests completion. In queue: 6
12:28:30.0322 0x12d0  Waiting for KSN requests completion. In queue: 6
12:28:31.0322 0x12d0  Waiting for KSN requests completion. In queue: 6
12:28:32.0353 0x12d0  AV detected via SS2: Sophos Anti-Virus, C:\Program Files (x86)\Sophos\Sophos Anti-Virus\WSCClient.exe ( 10.3.6.0 ), 0x50000 ( disabled : updated )
12:28:32.0361 0x12d0  Win FW state via NFP2: enabled
12:28:35.0048 0x12d0  ============================================================
12:28:35.0048 0x12d0  Scan finished
12:28:35.0048 0x12d0  ============================================================
12:28:35.0064 0x1230  Detected object count: 2
12:28:35.0064 0x1230  Actual detected object count: 2
12:28:51.0056 0x1230  HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
12:28:51.0056 0x1230  HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:28:51.0056 0x1230  Verifies software is compatible ( UnsignedFile.Multi.Generic ) - skipped by user
12:28:51.0056 0x1230  Verifies software is compatible ( UnsignedFile.Multi.Generic ) - User select action: Skip
         


Geändert von SepZis (29.05.2015 um 11:29 Uhr)

Alt 30.05.2015, 08:54   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Compatiybilitycheck.exe - Standard

Compatiybilitycheck.exe



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Compatiybilitycheck.exe

Alt 30.05.2015, 13:01   #7
SepZis
 
Compatiybilitycheck.exe - Standard

Compatiybilitycheck.exe



So, bitte sehr. Er hat sich über ein angeblich laufende Spybot beschwert, aber eigentlich waren alle relevanten Tasks beendet.

Combofix Log

Code:
ATTFilter
ComboFix 15-05-28.01 - Nutzer 30.05.2015  13:48:26.1.6 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2145 [GMT 2:00]
ausgeführt von:: c:\users\Nutzer\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
SP: Sophos Anti-Virus *Disabled/Updated* {D0CA1913-188C-B293-ABD7-B72CB1814094}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nutzer\AppData\Roaming\AcroIEHelpe.txt
c:\users\Nutzer\AppData\Roaming\chrtmp
c:\users\Nutzer\AppData\Roaming\Microsoft\Windows\.data
c:\users\Nutzer\AppData\Roaming\poclbm
c:\users\Nutzer\AppData\Roaming\poclbm\poclbm.ini
c:\users\Nutzer\ecm.exe
c:\users\Nutzer\unecm.exe
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\SysWow64\SET911D.tmp
c:\windows\SysWow64\SETD6F.tmp
c:\windows\SysWow64\tmpA086.tmp
c:\windows\SysWow64\tmpABE1.tmp
c:\windows\SysWow64\tmpCB1E.tmp
c:\windows\SysWow64\tmpCB1F.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-04-28 bis 2015-05-30  ))))))))))))))))))))))))))))))
.
.
2015-05-30 11:54 . 2015-05-30 11:54	--------	d-----w-	c:\users\Helena\AppData\Local\temp
2015-05-30 11:54 . 2015-05-30 11:54	--------	d-----w-	c:\users\hedev\AppData\Local\temp
2015-05-30 11:54 . 2015-05-30 11:54	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-05-30 11:52 . 2015-05-30 11:52	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B59AED3-3147-433C-A305-BE5791179C08}\offreg.4024.dll
2015-05-30 11:21 . 2015-05-18 02:57	12214312	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B59AED3-3147-433C-A305-BE5791179C08}\mpengine.dll
2015-05-29 13:12 . 2010-08-21 00:53	86016	----a-w-	c:\windows\SysWow64\mtSplitter.ocx
2015-05-29 13:12 . 2010-06-01 17:45	1005088	----a-w-	c:\windows\SysWow64\TList8.ocx
2015-05-29 13:12 . 2010-03-25 13:33	171752	----a-w-	c:\windows\SysWow64\mtRTF2.ocx
2015-05-29 13:12 . 2009-10-13 03:02	44736	----a-w-	c:\windows\SysWow64\mtSubclass.dll
2015-05-29 13:12 . 2015-05-29 13:13	--------	d-----w-	c:\users\Nutzer\AppData\Roaming\GetFoldersize
2015-05-29 13:12 . 2015-05-29 13:12	--------	d-----w-	c:\program files (x86)\GetFoldersize
2015-05-29 13:12 . 2010-10-13 09:42	2369456	----a-w-	c:\windows\SysWow64\Codejock.CommandBars.v13.4.2.ocx
2015-05-29 09:47 . 2015-05-29 09:47	--------	d-----w-	c:\programdata\Malwarebytes
2015-05-29 09:46 . 2015-05-30 10:19	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-05-29 09:46 . 2015-05-29 10:09	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-29 09:45 . 2015-05-29 10:09	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-05-28 11:43 . 2015-05-28 11:51	--------	d-----w-	C:\FRST
2015-05-27 15:08 . 2015-05-27 15:08	--------	d-----w-	C:\RegBackup
2015-05-24 11:12 . 2015-05-27 14:44	--------	d-----w-	C:\AdwCleaner
2015-05-18 05:55 . 2015-05-18 05:55	--------	d-----w-	c:\windows\SysWow64\%LOCALAPPDATA%
2015-05-16 11:27 . 2015-05-30 10:24	--------	d-----w-	c:\users\Default\AppData\Roaming\Compatibility Verifier
2015-05-16 11:27 . 2015-05-16 11:27	--------	d-----w-	c:\users\Default\AppData\Local\Programs
2015-05-16 11:11 . 2015-05-16 11:11	--------	d-----w-	C:\DAEMON Tools Lite
2015-05-13 14:46 . 2015-05-01 13:17	124112	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 14:46 . 2015-05-01 13:16	102608	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 10:23 . 2015-04-13 03:28	328704	----a-w-	c:\windows\system32\services.exe
2015-05-13 10:22 . 2015-02-18 07:06	123904	----a-w-	c:\windows\SysWow64\poqexec.exe
2015-05-13 10:22 . 2015-02-18 07:04	142336	----a-w-	c:\windows\system32\poqexec.exe
2015-05-13 10:22 . 2015-03-04 04:41	72192	----a-w-	c:\windows\system32\aelupsvc.dll
2015-05-13 10:22 . 2015-03-04 04:41	342016	----a-w-	c:\windows\system32\apphelp.dll
2015-05-13 10:22 . 2015-03-04 04:10	295936	----a-w-	c:\windows\SysWow64\apphelp.dll
2015-05-13 10:22 . 2015-03-04 04:41	6656	----a-w-	c:\windows\system32\shimeng.dll
2015-05-13 10:22 . 2015-03-04 04:41	23552	----a-w-	c:\windows\system32\sdbinst.exe
2015-05-13 10:22 . 2015-03-04 04:11	5120	----a-w-	c:\windows\SysWow64\shimeng.dll
2015-05-13 10:22 . 2015-03-04 04:10	20992	----a-w-	c:\windows\SysWow64\sdbinst.exe
2015-05-07 14:03 . 2015-05-07 14:00	35624	----a-w-	c:\windows\system32\SophosBootTasks.exe
2015-05-07 14:03 . 2015-05-07 14:03	--------	d-----w-	c:\program files (x86)\Common Files\Cisco Systems
2015-05-07 14:01 . 2015-05-07 14:01	38144	----a-w-	c:\windows\system32\drivers\sdcfilter.sys
2015-05-07 14:01 . 2015-05-07 14:01	27904	----a-w-	c:\windows\system32\drivers\SophosBootDriver.sys
2015-05-07 14:00 . 2015-05-07 14:00	176120	----a-w-	c:\windows\system32\sdccoinstaller.dll
2015-05-07 14:00 . 2015-05-07 14:00	158976	----a-w-	c:\windows\system32\drivers\savonaccess.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-13 14:52 . 2011-08-06 11:21	140425016	----a-w-	c:\windows\system32\MRT.exe
2015-04-27 18:55 . 2015-05-13 10:23	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-04-15 11:31 . 2012-03-30 08:48	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-15 11:31 . 2011-08-06 12:22	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-15 11:31 . 2015-04-15 10:31	18178736	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-04-14 01:38 . 2015-04-14 01:38	1217192	----a-w-	c:\windows\SysWow64\FM20.DLL
2015-03-25 03:24 . 2015-04-15 08:58	98304	----a-w-	c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 08:58	37376	----a-w-	c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 08:58	35328	----a-w-	c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 08:58	3298816	----a-w-	c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 08:58	2553856	----a-w-	c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 08:58	191488	----a-w-	c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 08:58	696320	----a-w-	c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 08:58	60416	----a-w-	c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 08:58	12288	----a-w-	c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 08:58	36864	----a-w-	c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 08:58	135168	----a-w-	c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 08:58	92672	----a-w-	c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 08:58	566784	----a-w-	c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 08:58	29696	----a-w-	c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 08:58	173056	----a-w-	c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 08:58	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-15 08:58	726528	----a-w-	c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 08:58	769536	----a-w-	c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 08:58	419840	----a-w-	c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 08:58	957952	----a-w-	c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 08:58	30720	----a-w-	c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 08:58	227328	----a-w-	c:\windows\system32\aepdu.dll
2015-03-23 03:24 . 2015-04-15 08:58	192000	----a-w-	c:\windows\system32\aepic.dll
2015-03-23 03:17 . 2015-04-15 08:58	1111552	----a-w-	c:\windows\system32\aeinv.dll
2015-03-20 19:41 . 2015-03-20 19:42	237864	----a-w-	c:\windows\SysWow64\EasyAntiCheat.exe
2015-03-10 03:25 . 2015-04-15 08:58	1882624	----a-w-	c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-15 08:58	2048	----a-w-	c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-15 08:58	1237504	----a-w-	c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-15 08:58	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
2015-03-05 05:12 . 2015-04-15 08:58	404480	----a-w-	c:\windows\system32\gdi32.dll
2015-03-05 04:05 . 2015-04-15 08:58	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2015-03-04 04:55 . 2015-04-15 08:56	367552	----a-w-	c:\windows\system32\clfs.sys
2015-03-04 04:41 . 2015-04-15 08:56	79360	----a-w-	c:\windows\system32\clfsw32.dll
2015-03-04 04:41 . 2015-05-13 10:22	309248	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41 . 2015-05-13 10:22	103424	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10 . 2015-04-15 08:56	58880	----a-w-	c:\windows\SysWow64\clfsw32.dll
2015-03-04 04:10 . 2015-05-13 10:22	470528	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-13 10:22	2178560	----a-w-	c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-13 10:22	2560	----a-w-	c:\windows\apppatch\AcRes.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-11-06 16:09	223432	----a-w-	c:\users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-11-06 16:09	223432	----a-w-	c:\users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-11-06 16:09	223432	----a-w-	c:\users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2015-05-07 1593640]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="1"
"UpdatesDisableNotify"="1"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [x]
R2 Verifies software is compatible;Compatibility Check;c:\users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe;c:\users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys;c:\windows\SYSNATIVE\DRIVERS\sdcfilter.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usj;usj;d:\gamedir\EdenEternal\avital\ussjcs64.sys;d:\gamedir\EdenEternal\avital\ussjcs64.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys;c:\windows\SYSNATIVE\DRIVERS\SophosBootDriver.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys;c:\windows\SYSNATIVE\DRIVERS\savonaccess.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\gamedir\SMITE\HiPatchService.exe;d:\gamedir\SMITE\HiPatchService.exe [x]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [x]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SaiK0CD5;SaiK0CD5;c:\windows\system32\DRIVERS\SaiK0CD5.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0CD5.sys [x]
S3 SaiU0CD5;SaiU0CD5;c:\windows\system32\DRIVERS\SaiU0CD5.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU0CD5.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-26 10:31	986440	----a-w-	c:\program files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 11:31]
.
2015-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02 18:51]
.
2015-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02 18:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-11-06 16:09	262344	----a-w-	c:\users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-11-06 16:09	262344	----a-w-	c:\users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-11-06 16:09	262344	----a-w-	c:\users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = 
mStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: ????3??
IE: ????3??????
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: ????3?? - c:\users\Nutzer\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\users\Nutzer\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: {{c0e8ae32-0758-4c8d-ab71-23b361fe8964} - c:\users\Nutzer\AppData\Local\Temp\ie_script.htm
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - ExtSQL: !HIDDEN! 2012-03-07 17:27; {184AA5E6-741D-464a-820E-94B3ABC2F3B4}; c:\users\Nutzer\AppData\Roaming\10008
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Final Fantasy VII - c:\windows\IsUn0407.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}]
@="c:\\Users\\Nutzer\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}hQèþ”¥c]
@="c:\\Users\\Nutzer\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:65,77,d9,b2,4e,ca,1d,0c,f4,bc,19,a5,66,d4,26,3b,f4,5c,57,99,65,15,32,
   20,08,d1,a9,67,49,d0,c5,a3,26,c1,7f,9d,64,7b,09,cf,4a,11,33,bf,35,48,a9,c8,\
"??"=hex:53,64,42,a7,ea,7b,ae,8d,fa,49,87,7b,0a,cd,1e,88
.
[HKEY_USERS\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\SecuROM\License information*]
"datasecu"=hex:3f,73,17,da,45,a8,ab,a7,f2,44,80,69,10,e2,db,76,61,01,df,12,4d,
   8d,4c,a0,27,ca,30,9d,de,88,51,a8,41,30,a4,81,9d,9d,06,71,75,b2,3f,2b,3b,55,\
"rkeysecu"=hex:f3,d2,e3,92,10,64,af,ea,13,7f,35,17,91,30,db,33
.
[HKEY_USERS\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):22,55,92,21,ad,91,04,4b,3a,71,11,21,27,60,b3,59,54,71,8a,b9,fb,
   95,e3,cc,2b,a8,66,f3,65,b2,99,ca,ce,37,11,a3,4d,01,33,6c,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\Wow6432Node\CLSID\{b73d9303-2762-4cfa-a627-e14944f9dcff}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000ae
"Therad"=dword:0000001f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,d0,5e,8c,47,43,d6,d3,fc,41,de,aa,54,ca,98,79,69,12,c6,3e,e2,15,06,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-05-30  13:58:26
ComboFix-quarantined-files.txt  2015-05-30 11:58
.
Vor Suchlauf: 23 Verzeichnis(se), 37.700.272.128 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 37.348.835.328 Bytes frei
.
- - End Of File - - 0B9D84DD4741CF85DB2DD42936A68768
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 31.05.2015, 05:41   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Compatiybilitycheck.exe - Standard

Compatiybilitycheck.exe



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 31.05.2015, 15:36   #9
SepZis
 
Compatiybilitycheck.exe - Standard

Compatiybilitycheck.exe



Malwarebytes hat leider kein verwertbares Log ausgespuckt,
nur ein LOG in dem meine Updates festgehalten sind.

Aber hier das AdwCleaner LOG

Code:
ATTFilter
# AdwCleaner v4.205 - Bericht erstellt 31/05/2015 um 16:32:47
# Aktualisiert 21/05/2015 von Xplode
# Datenbank : 2015-05-25.3 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Nutzer - LUCYNDE
# Gestarted von : C:\Users\Nutzer\Desktop\adwcleaner_4.205.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\Nutzer\AppData\Roaming\Opera Software\Opera Stable\databases\chrome-extension_lmnbobhffedhdhfpcjkjphcfpeeiocdn_0
Datei Gelöscht : C:\Users\Nutzer\AppData\Roaming\Opera Software\Opera Stable\Local Extension Settings\lmnbobhffedhdhfpcjkjphcfpeeiocdn

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\DriverTuner_Init
Schlüssel Gelöscht : HKCU\Software\DriverTuner
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.1 (x86 de)

[aipr1e7v.default-1347110546619\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");

-\\ Google Chrome v43.0.2357.81


-\\ Chromium v


-\\ Opera v29.0.1795.60


*************************

AdwCleaner[R0].txt - [17850 Bytes] - [24/05/2015 13:12:28]
AdwCleaner[R1].txt - [2212 Bytes] - [27/05/2015 16:34:22]
AdwCleaner[R2].txt - [1866 Bytes] - [31/05/2015 16:28:55]
AdwCleaner[S0].txt - [16416 Bytes] - [24/05/2015 13:13:41]
AdwCleaner[S1].txt - [2298 Bytes] - [27/05/2015 16:44:34]
AdwCleaner[S2].txt - [1682 Bytes] - [31/05/2015 16:32:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1741  Bytes] ##########
         
Das JRT LOG:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.5 (05.30.2015:1)
OS: Windows 7 Home Premium x64
Ran by Nutzer on 31.05.2015 at 16:36:42,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome


[C:\Users\Nutzer\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Nutzer\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Nutzer\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Nutzer\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.05.2015 at 16:39:55,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
und das frische FRST LOG

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Nutzer (administrator) on LUCYNDE on 31-05-2015 16:42:24
Running from C:\Users\Nutzer\Desktop
Loaded Profiles: Nutzer (Available Profiles: Nutzer & Helena)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1593640 2015-05-07] (Sophos Limited)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\system: [EnableLUA] 1
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [1 compatibilitycheck.exe] 
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [2 db88.exe] 
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [3 UCV.exe] 
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [4 UCV.tmp] 
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [5 vcredist_x86.exe] 
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 22 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 22 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2014-02-06] (Nexon)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2014-02-06] (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-03-26] (Pando Networks)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2012-02-03] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2011-07-14] (the VideoLAN Team)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3323010747-2788445057-3376602549-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-03-26] (Pando Networks)
FF Plugin HKU\S-1-5-21-3323010747-2788445057-3376602549-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-09-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-09-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-09-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-09-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-09-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-09-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-09-17] (Apple Inc.)
FF Extension: Ghostery - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\firefox@ghostery.com.xpi [2015-01-23]
FF Extension: Video DownloadHelper - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: {c2255ecc-6835-4084-8f2b-08ccd0ac4e73} - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\{c2255ecc-6835-4084-8f2b-08ccd0ac4e73}.xpi [2015-03-10]
FF Extension: skype converter - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\{cc6cc534-0a92-464a-91be-f27f39fe75fa}.xpi [2015-04-29]
FF Extension: Adblock Plus - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-17]
FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-05-26]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-24]
CHR Extension: (YouTube) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-05]
CHR Extension: (Google Search) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-05]
CHR Extension: (Google Wallet) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-08]
CHR Extension: (Gmail) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-05]
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Nutzer\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2015-03-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [237864 2015-03-20] (EasyAntiCheat Ltd)
S2 FoxitCloudUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [243880 2015-02-13] (Foxit Software Inc.)
S2 HiPatchService; D:\GameDIR\SMITE\HiPatchService.exe [9216 2015-02-24] (Hi-Rez Studios) [File not signed]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2010-11-08] () [File not signed]
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-12-29] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2015-05-07] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2015-05-07] (Sophos Limited)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [340776 2015-05-07] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2015-05-07] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3278632 2015-05-07] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2081064 2015-05-07] (Sophos Limited)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2015-01-17] (Tunngle.net GmbH)
S2 Verifies software is compatible; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [99496 2015-04-20] () [File not signed]
S2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-12] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-31] (Microsoft Corporation)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-31] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 SaiK0CD5; C:\Windows\System32\DRIVERS\SaiK0CD5.sys [183104 2011-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [24680 2012-06-26] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52200 2012-06-26] (Saitek)
R3 SaiU0CD5; C:\Windows\System32\DRIVERS\SaiU0CD5.sys [47168 2011-09-20] (Saitek)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2015-05-07] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2015-05-07] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2015-05-07] (Sophos Limited)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-08-10] (Duplex Secure Ltd.)
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] () [File not signed]
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 usj; \??\D:\GameDIR\EdenEternal\avital\ussjcs64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 16:42 - 2015-05-31 16:42 - 00021131 _____ () C:\Users\Nutzer\Desktop\FRST.txt
2015-05-31 16:39 - 2015-05-31 16:39 - 00001063 _____ () C:\Users\Nutzer\Desktop\JRT.txt
2015-05-31 16:36 - 2015-05-30 17:05 - 02947635 _____ (Thisisu) C:\Users\Nutzer\Desktop\JRT_NEW.exe
2015-05-31 16:11 - 2015-05-31 16:11 - 00000362 _____ () C:\Users\Nutzer\Desktop\mbam.txt
2015-05-31 15:21 - 2015-05-31 15:21 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-31 15:21 - 2015-05-31 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-31 15:21 - 2015-05-31 15:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-31 15:21 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-31 15:21 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-31 15:20 - 2015-05-31 15:20 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Nutzer\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-30 13:58 - 2015-05-30 13:58 - 00031498 _____ () C:\ComboFix.txt
2015-05-30 13:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-30 13:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-30 13:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-30 13:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-30 13:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-30 13:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-30 13:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-30 13:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-30 13:39 - 2015-05-30 13:58 - 00000000 ____D () C:\Qoobox
2015-05-30 13:34 - 2015-05-30 13:57 - 00000000 ____D () C:\Windows\erdnt
2015-05-30 13:32 - 2015-05-30 13:32 - 05628678 ____R (Swearware) C:\Users\Nutzer\Desktop\ComboFix.exe
2015-05-29 15:12 - 2015-05-29 15:13 - 00000000 ____D () C:\Users\Nutzer\AppData\Roaming\GetFoldersize
2015-05-29 15:12 - 2015-05-29 15:12 - 00001078 _____ () C:\Users\Public\Desktop\GetFoldersize.lnk
2015-05-29 15:12 - 2015-05-29 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GetFoldersize
2015-05-29 15:12 - 2015-05-29 15:12 - 00000000 ____D () C:\Program Files (x86)\GetFoldersize
2015-05-29 15:12 - 2010-10-13 11:42 - 02369456 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.CommandBars.v13.4.2.ocx
2015-05-29 15:12 - 2010-08-21 02:53 - 00086016 _____ (Michael Thummerer Software Design) C:\Windows\SysWOW64\mtSplitter.ocx
2015-05-29 15:12 - 2010-06-01 19:45 - 01005088 _____ (Bennet-Tec Information Systems, Inc) C:\Windows\SysWOW64\TList8.ocx
2015-05-29 15:12 - 2010-03-25 15:33 - 00171752 _____ (Michael Thummerer Software Design) C:\Windows\SysWOW64\mtRTF2.ocx
2015-05-29 15:12 - 2009-10-13 05:02 - 00044736 _____ (Michael Thummerer Software Design) C:\Windows\SysWOW64\mtSubclass.dll
2015-05-29 11:50 - 2015-05-29 11:50 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Nutzer\Desktop\tdsskiller.exe
2015-05-29 11:47 - 2015-05-31 15:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-29 11:46 - 2015-05-31 16:24 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-29 11:46 - 2015-05-30 12:19 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-29 11:45 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-29 11:43 - 2015-05-29 12:25 - 00000000 ____D () C:\Users\Nutzer\Desktop\mbar
2015-05-29 11:41 - 2015-05-29 11:41 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Nutzer\Desktop\mbar-1.09.1.1004.exe
2015-05-28 13:43 - 2015-05-31 16:42 - 00000000 ____D () C:\FRST
2015-05-28 13:35 - 2015-05-28 13:35 - 00000188 _____ () C:\Users\Nutzer\defogger_reenable
2015-05-28 13:33 - 2015-05-28 13:33 - 00050477 _____ () C:\Users\Nutzer\Desktop\Defogger.exe
2015-05-28 13:31 - 2015-05-28 13:31 - 02108928 _____ (Farbar) C:\Users\Nutzer\Desktop\FRST64.exe
2015-05-27 20:13 - 2015-05-27 20:13 - 00002104 _____ () C:\Windows\DPINST.LOG
2015-05-27 17:08 - 2015-05-27 17:08 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LUCYNDE-Windows-7-Home-Premium-(64-bit).dat
2015-05-27 17:08 - 2015-05-27 17:08 - 00000000 ____D () C:\RegBackup
2015-05-27 17:05 - 2015-05-27 17:05 - 02946603 _____ (Thisisu) C:\Users\Nutzer\Desktop\JRT.exe
2015-05-27 16:55 - 2015-05-27 16:57 - 00000000 ____D () C:\Users\Nutzer\Desktop\Games
2015-05-27 16:45 - 2015-05-31 16:21 - 00005342 _____ () C:\Windows\PFRO.log
2015-05-27 16:28 - 2015-05-27 16:29 - 02223104 _____ () C:\Users\Nutzer\Desktop\adwcleaner_4.205.exe
2015-05-26 14:13 - 2015-05-26 14:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-24 13:12 - 2015-05-31 16:32 - 00000000 ____D () C:\AdwCleaner
2015-05-18 07:55 - 2015-05-18 07:55 - 00000000 ____D () C:\Windows\SysWOW64\%LOCALAPPDATA%
2015-05-17 12:01 - 2015-05-31 16:33 - 00002016 _____ () C:\Windows\setupact.log
2015-05-17 12:01 - 2015-05-17 12:01 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-16 13:32 - 2015-05-31 16:31 - 00000112 _____ () C:\ProgramData\QUX80go.dat
2015-05-16 13:30 - 2015-05-16 13:30 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-05-16 13:30 - 2015-05-16 13:30 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-05-16 13:27 - 2015-05-31 16:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2015-05-16 13:27 - 2015-05-31 16:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2015-05-16 13:11 - 2015-05-16 13:11 - 00000000 ____D () C:\DAEMON Tools Lite
2015-05-13 16:46 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 16:46 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 12:24 - 2015-05-05 05:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 12:24 - 2015-05-05 05:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 12:24 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 12:24 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 12:24 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 12:24 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 12:24 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 12:24 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 12:24 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 12:24 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 12:24 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 12:24 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 12:24 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 12:24 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 12:24 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 12:24 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 12:24 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 12:24 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 12:24 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 12:24 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 12:24 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 12:24 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 12:24 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 12:24 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 12:24 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 12:24 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 12:24 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 12:24 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 12:24 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 12:24 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 12:24 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 12:24 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 12:24 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 12:24 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 12:24 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 12:24 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 12:24 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 12:24 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 12:24 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 12:24 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 12:24 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 12:24 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 12:24 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 12:24 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 12:24 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 12:24 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 12:24 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 12:24 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 12:24 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 12:24 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 12:24 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 12:24 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 12:24 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 12:24 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 12:24 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 12:24 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 12:24 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 12:24 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 12:24 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 12:24 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 12:24 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 12:24 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 12:23 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 12:23 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 12:23 - 2015-04-27 21:22 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 12:23 - 2015-04-27 21:22 - 00706496 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-05-13 12:23 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 12:23 - 2015-04-27 21:22 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 12:23 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 12:23 - 2015-04-27 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 12:23 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 12:23 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 12:23 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 12:23 - 2015-04-27 21:20 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 12:23 - 2015-04-27 21:20 - 00631384 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-05-13 12:23 - 2015-04-27 21:18 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 12:23 - 2015-04-27 21:18 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 12:23 - 2015-04-27 21:18 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 12:23 - 2015-04-27 21:17 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 12:23 - 2015-04-27 21:17 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 12:23 - 2015-04-27 21:16 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 12:23 - 2015-04-27 21:16 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-05-13 12:23 - 2015-04-27 21:16 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 12:23 - 2015-04-27 21:16 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 12:23 - 2015-04-27 21:16 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-05-13 12:23 - 2015-04-27 21:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 12:23 - 2015-04-27 21:12 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 12:23 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 12:23 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 12:23 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 12:23 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 12:23 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 12:23 - 2015-04-27 21:01 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 12:23 - 2015-04-27 21:01 - 03939264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 12:23 - 2015-04-27 20:58 - 01311256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00260096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 12:23 - 2015-04-27 20:55 - 00643072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 12:23 - 2015-04-27 20:55 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 12:23 - 2015-04-27 20:55 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 12:23 - 2015-04-27 20:55 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-05-13 12:23 - 2015-04-27 20:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 12:23 - 2015-04-27 20:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 12:23 - 2015-04-27 20:55 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 12:23 - 2015-04-27 20:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 12:23 - 2015-04-27 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 12:23 - 2015-04-27 20:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 12:23 - 2015-04-27 20:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 12:23 - 2015-04-27 20:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 12:23 - 2015-04-27 20:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:14 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-05-13 12:23 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 12:23 - 2015-04-27 19:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 12:23 - 2015-04-27 19:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 12:23 - 2015-04-27 19:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 19:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 19:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 19:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 12:23 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 12:23 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 12:23 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 12:23 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 12:23 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 12:23 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 12:23 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 12:23 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 12:23 - 2015-03-19 01:39 - 00632984 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-05-13 12:23 - 2015-03-19 01:39 - 00546656 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-05-13 12:23 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 12:23 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 12:22 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 12:22 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 12:22 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 12:22 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 12:22 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 12:22 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 12:22 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 12:22 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 12:22 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-07 16:04 - 2015-05-07 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-05-07 16:03 - 2015-05-07 16:00 - 00035624 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe
2015-05-07 16:01 - 2015-05-07 16:01 - 00038144 _____ (Sophos Limited) C:\Windows\system32\Drivers\sdcfilter.sys
2015-05-07 16:01 - 2015-05-07 16:01 - 00027904 _____ (Sophos Limited) C:\Windows\system32\Drivers\SophosBootDriver.sys
2015-05-07 16:00 - 2015-05-07 16:00 - 00176120 _____ (Sophos Limited) C:\Windows\system32\sdccoinstaller.dll
2015-05-07 16:00 - 2015-05-07 16:00 - 00158976 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 16:37 - 2011-08-04 07:34 - 01677491 _____ () C:\Windows\WindowsUpdate.log
2015-05-31 16:37 - 2009-07-14 06:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-31 16:37 - 2009-07-14 06:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-31 16:33 - 2014-07-02 20:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-31 16:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-31 16:31 - 2012-03-30 10:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-31 16:30 - 2014-07-02 20:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-31 15:20 - 2011-08-17 11:26 - 00000000 ____D () C:\Users\Nutzer\dwhelper
2015-05-30 13:56 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-30 13:54 - 2011-08-04 07:44 - 00000000 ____D () C:\Users\Nutzer
2015-05-30 13:52 - 2012-06-29 00:35 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-30 13:46 - 2011-08-09 23:39 - 00000000 ____D () C:\Users\Nutzer\AppData\Local\CrashDumps
2015-05-29 15:15 - 2013-07-25 12:15 - 00000000 ____D () C:\Users\Nutzer\AppData\Roaming\uTorrent
2015-05-29 12:50 - 2010-11-21 08:50 - 00710518 _____ () C:\Windows\system32\perfh007.dat
2015-05-29 12:50 - 2010-11-21 08:50 - 00154848 _____ () C:\Windows\system32\perfc007.dat
2015-05-29 12:50 - 2009-07-14 07:13 - 01651822 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-28 16:28 - 2011-08-07 15:30 - 00007602 _____ () C:\Users\Nutzer\AppData\Local\resmon.resmoncfg
2015-05-28 15:13 - 2014-08-11 17:37 - 00000000 ____D () C:\Users\Nutzer\AppData\Local\Battle.net
2015-05-27 16:45 - 2012-05-26 23:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-27 14:50 - 2015-04-24 11:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-05-26 12:45 - 2013-04-15 15:00 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-24 13:14 - 2012-05-26 23:29 - 00001072 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-24 13:14 - 2011-08-04 07:45 - 00001004 _____ () C:\Users\Nutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-20 15:31 - 2015-04-07 19:49 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 15:31 - 2015-04-07 19:49 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-20 12:27 - 2014-06-09 14:14 - 00003850 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1379773154
2015-05-20 12:27 - 2013-09-21 16:19 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-05-18 07:25 - 2014-07-02 20:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 07:25 - 2014-07-02 20:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 11:46 - 2014-08-17 23:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-05-16 13:28 - 2013-12-16 00:13 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-14 20:43 - 2011-08-12 20:57 - 00000000 ____D () C:\Users\Nutzer\Documents\My Games
2015-05-14 18:51 - 2013-01-17 15:56 - 00412528 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 18:47 - 2010-11-21 09:00 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 18:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 17:04 - 2011-09-04 15:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 17:00 - 2013-07-16 17:37 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 16:52 - 2011-08-06 13:21 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 16:46 - 2013-12-14 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 16:45 - 2013-12-14 16:50 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 16:45 - 2013-12-14 16:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-12 14:24 - 2014-08-11 17:37 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-05-11 14:39 - 2015-03-29 15:34 - 00000000 ____D () C:\Users\Nutzer\AppData\Local\Songr
2015-05-08 12:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-07 16:05 - 2012-10-04 13:11 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-05-07 16:04 - 2012-10-04 13:11 - 00000000 ____D () C:\ProgramData\Sophos

==================== Files in the root of some directories =======

2012-02-08 00:27 - 2012-02-29 00:33 - 0000080 _____ () C:\Users\Nutzer\AppData\Roaming\blckdom.res
2011-08-07 15:09 - 2015-02-14 04:30 - 0015360 _____ () C:\Users\Nutzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-14 18:03 - 2012-11-14 18:03 - 0000094 _____ () C:\Users\Nutzer\AppData\Local\fusioncache.dat
2011-08-07 15:30 - 2015-05-28 16:28 - 0007602 _____ () C:\Users\Nutzer\AppData\Local\resmon.resmoncfg
2013-09-20 12:03 - 2013-09-20 12:03 - 0005082 _____ () C:\ProgramData\iqrjmdeq.fak
2015-05-16 13:32 - 2015-05-31 16:31 - 0000112 _____ () C:\ProgramData\QUX80go.dat

Files to move or delete:
====================
C:\ProgramData\QUX80go.dat
C:\Users\Nutzer\F.bat


Some files in TEMP:
====================
C:\Users\Nutzer\AppData\Local\Temp\Quarantine.exe
C:\Users\Nutzer\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-08 12:19

==================== End of log ============================
         
wusste nicht genau ob, deswegen hier auch die Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by Nutzer at 2015-05-31 16:43:06
Running from C:\Users\Nutzer\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3323010747-2788445057-3376602549-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3323010747-2788445057-3376602549-1020 - Limited - Enabled)
Gast (S-1-5-21-3323010747-2788445057-3376602549-501 - Limited - Enabled)
Helena (S-1-5-21-3323010747-2788445057-3376602549-1004 - Limited - Enabled) => C:\Users\Helena
HomeGroupUser$ (S-1-5-21-3323010747-2788445057-3376602549-1003 - Limited - Enabled)
Nutzer (S-1-5-21-3323010747-2788445057-3376602549-1000 - Administrator - Enabled) => C:\Users\Nutzer
SophosSAULUCYNDE0 (S-1-5-21-3323010747-2788445057-3376602549-1017 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Sophos Anti-Virus (Disabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Disabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Der Herr der Ringe Online™“ v03.08.00.8025 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 03.08.00.8025 - Turbine, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Akamai NetSession Interface (HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
ANSTOSS 3 (HKLM-x32\...\ANSTOSS 3_is1) (Version:  - )
Apple Application Support (HKLM-x32\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.00 - Ubisoft)
Assassin's Creed (R) III (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.01 - Ubisoft)
Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.03 - Ubisoft)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Assassin's Creed Revelations 1.03 (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.03 - Ubisoft)
Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Auslogics BoostSpeed (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 5.2 - Auslogics Software Pty Ltd)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 1942 (HKLM-x32\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version:  - )
Borderlands 2 (HKLM-x32\...\Borderlands 2_is1) (Version: 1.8.0 - 2K Games)
Brother MFL-Pro Suite DCP-7065DN (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
CDRWIN 9 (HKLM-x32\...\{23D4A973-14FF-474E-0001-6529DDC11226}) (Version: 9.0.11.304 - Engelmann Media GmbH)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dawn of War - Soulstorm (HKLM-x32\...\{20533183-D42D-4261-A125-956736FBEA8C}) (Version: 1.00.0000 - THQ)
Dawn of War - Soulstorm (x32 Version: 1.00.0000 - THQ) Hidden
DawnOfWar (HKLM-x32\...\InstallShield_{362D5167-9716-44BE-89FD-BF9EB6EF814B}) (Version: 1.00.00000 - THQ)
DawnOfWar (x32 Version: 1.00.00000 - THQ) Hidden
Diablo II (HKLM-x32\...\Diablo II) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DiRT 3 (x32 Version: 1.0.0001.130 - Codemasters) Hidden
DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
Dragon's Prophet (EU) (HKLM-x32\...\Steam App 259020) (Version:  - )
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
F.E.A.R. Online (HKLM-x32\...\Steam App 223650) (Version:  - InPlay Interactive)
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
FIFA 13 (HKLM-x32\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.1.0.0 - Electronic Arts)
Final Fantasy VII (HKLM-x32\...\Final Fantasy VII) (Version:  - )
FINAL FANTASY XIII (HKLM-x32\...\Steam App 292120) (Version:  - SQUARE ENIX)
FINAL FANTASY XIII-2 (HKLM-x32\...\Steam App 292140) (Version:  - SQUARE ENIX)
Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version:  - Fistful of Frags Team)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
Flixster (HKLM-x32\...\com.wb.DC2) (Version: 2.2.0 - Warner Bros. Entertainment, Inc.)
Flixster (x32 Version: 2.2.0 - Warner Bros. Entertainment, Inc.) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.8.49.213 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
GetFoldersize 2.6.0 (HKLM-x32\...\GetFoldersize_is1) (Version: 2.6.0 - Michael Thummerer Software Design)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hero Editor V0.96 (HKLM-x32\...\ST6UNST #1) (Version:  - )
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hydra VSTi/DXi v1.2 (HKLM-x32\...\SynapseHydra_is1) (Version: 1.2 - Synapse Audio Software)
IBM SPSS Statistics 19 (HKLM\...\{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}) (Version: 19.0.0 - SPSS Inc., an IBM Company)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.260 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.0713 - Kyocera Mita Corporation)
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
LameXP v4.07 (HKLM-x32\...\{FBD7A67D-D700-4043-B54F-DD106D00F308}) (Version: 4.07 Final-1 [Build #1286] - LoRd_MuldeR <mulder2@gmx.de>)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Media Go (HKLM-x32\...\{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}) (Version: 2.1.392 - Sony)
Menu Templates - Starter Kit (x32 Version: 9.0.4.0 - Nero AG) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
mini-KMS Activator 1.0.5.2 (HKLM-x32\...\mini-KMS Activator 1.0.5.2) (Version:  - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 4.5.0.34 - Symantec Corporation)
NPC-Reconstruction Models Mod (HKLM-x32\...\{8F2FE985-BCA2-44B1-9D05-9853DF8DFE52}) (Version: 0.6 - United ODC Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA WDM Drivers (HKLM-x32\...\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}) (Version:  - )
Ohm Force - Ohmicide VST (HKLM-x32\...\Ohmicide VST) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenVPN 2.1.4 (HKLM-x32\...\OpenVPN) (Version: 2.1.4 - )
Opera Stable 29.0.1795.60 (HKLM-x32\...\Opera 29.0.1795.60) (Version: 29.0.1795.60 - Opera Software ASA)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PDF24 Creator 5.6.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Ragnarok Online 2 (HKLM-x32\...\{717BD14A-BE61-40A4-9865-17AACF611FE0}) (Version: 1.0.0 - Gravity Interactive, Inc.)
reFX Nexus 1.0.0 (HKLM-x32\...\{84D04D4F-2201-4AED-BE9A-FFA62069CA19}_is1) (Version: 1.0.0 - reFX)
reFX Nexus 1.0.9 (HKLM-x32\...\reFX Nexus 1.0.9_is1) (Version:  - )
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
ROCCAT Isku FX Keyboard Driver (HKLM-x32\...\{DC69933C-E7B0-455D-8E54-FAC1EEF046FF}) (Version:  - Roccat GmbH)
Roccat Talk (HKLM-x32\...\{605D671E-1D1E-4840-84D9-BFACE17F160D}) (Version: 1.00.0002 - Roccat GmbH)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.1.2598.3 - Hi-Rez Studios)
Smokin' Guns version 1.1 (HKLM-x32\...\{C0F2B168-5C5C-4B55-B76E-035813CC559E}_is1) (Version: 1.1 - Smokin' Guns Productions)
Songr (HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Songr) (Version: 2.0.2343 - Xamasoft)
Sonic Charge µTonic VSTi v2.0.1 (HKLM-x32\...\Sonic Charge µTonic VSTi v2.0.1) (Version:  - )
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.6.201305161305 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.155 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.155 - Sony)
SopCast 3.5.0 (HKLM-x32\...\SopCast) (Version: 3.5.0 - www.sopcast.com)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.13 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{7CD26A0C-9B59-4E84-B5EE-B386B2F7AA16}) (Version: 4.1.0.273 - Sophos Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.9.2 - TeamSpeak Systems GmbH)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore)
Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
Toxic Biohazard (HKLM-x32\...\Toxic Biohazard) (Version:  - Image-Line bvba)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Virtual DJ - Atomix Productions (HKLM-x32\...\Virtual DJ - Atomix Productions) (Version:  - )
Virtual DJ Pro Full - Atomix Productions (HKLM-x32\...\Virtual DJ Pro Full - Atomix Productions) (Version:  - )
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
VueScan (HKLM\...\VueScan) (Version:  - )
Waves Diamond Bundle v5.2 (HKLM-x32\...\Waves Diamond Bundle v5.2) (Version:  - )
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 3.0.2.1739 - 1&1 Mail & Media GmbH)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - Advanced Micro Devices, Inc System  (03/16/2011 5.12.0.0015) (HKLM\...\A3A37EC031F134EDD1E9DB40819B1EAD0DB7C844) (Version: 03/16/2011 5.12.0.0015 - Advanced Micro Devices, Inc)
Windows-Treiberpaket - Advanced Micro Devices, Inc. (amdkmdap) Display  (04/27/2013 13.100.0.0000) (HKLM\...\F8F0B13FDB7725B9538C9C18B3562F3F189A87D0) (Version: 04/27/2013 13.100.0.0000 - Advanced Micro Devices, Inc.)
Windows-Treiberpaket - VIA Technologies, Inc. (VIAHdAudAddService) MEDIA  (05/10/2013 6.0.10.1900) (HKLM\...\185DAE5F7B07C55192F4D2FBD9690DDE3C0A181E) (Version: 05/10/2013 6.0.10.1900 - VIA Technologies, Inc.)
Windows-Treiberpaket - VIA Technologies, Inc. (VIAHdAudAddService) MEDIA  (05/10/2013 6.0.10.1900) (HKLM\...\594FF2EA687138898144DD89BA5BAE020851C470) (Version: 05/10/2013 6.0.10.1900 - VIA Technologies, Inc.)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
You Don't Know Jack 4 1.00 (HKLM-x32\...\You Don't Know Jack 4) (Version: 1.00 - Take 2 Interactive)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{55839D91-467F-4be1-9DC1-8ADBBCC794F6}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{97D17A04-4438-4C8E-BAC7-BC21B8B9E999}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3323010747-2788445057-3376602549-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Nutzer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

29-05-2015 12:02:58 Malwarebytes Anti-Rootkit Restore Point
30-05-2015 13:18:52 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-05-30 13:56 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07E3524A-5796-47B3-AB1B-4DCCAF0B2559} - System32\Tasks\{040617CC-357D-430D-9D0F-AB21426C3A9F} => pcalua.exe -a C:\Users\Nutzer\Downloads\Saitek_Cyborg_Pad_For_XBox_SD6_64_Vista_Drivers(1).exe -d C:\Users\Nutzer\Downloads
Task: {15AD936A-63E0-4409-BEC3-ED0D6D7EC89D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {200925A9-0DBA-4434-B108-DA6A2AA155D5} - System32\Tasks\{8050F89F-78D9-4359-9D9B-77F9A4DD3FB2} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe" -c REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
Task: {24C54EDE-0AAF-4ABB-A73B-91209146E3BD} - System32\Tasks\{66BAA13C-637C-44ED-874C-9AF4449C00F4} => pcalua.exe -a F:\1Setup.exe -d F:\
Task: {3D51AE01-3307-400A-B1E3-A501F6242CBA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {4A8C1BC7-EA41-4DFB-8F47-9FB905C1135A} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5013B958-27EC-4E54-B017-A9B7F04D420C} - System32\Tasks\{C0D28A93-F1CC-4474-ADFC-2E63CC26360F} => pcalua.exe -a "D:\GameDIR\TQIT\TQIT 1.17 UNinstaller.exe" -d D:\GameDIR\TQIT
Task: {72A12628-67C1-4371-8A0D-50DB9F497D91} - System32\Tasks\{581AA96B-715F-404F-A45D-E4A880956113} => pcalua.exe -a C:\Users\Nutzer\Downloads\fantomcd1.2.1.1960_enu.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {7DC170EE-E1E6-4272-8369-C5453ECC373F} - System32\Tasks\{8E777ECF-C4DA-4745-B114-A627C4712E75} => pcalua.exe -a C:\Users\Nutzer\Downloads\ASIO4ALL_2_10_Deutsch(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {7DD84BA6-B9F7-4713-BCA2-AD98E0C79F88} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {9EF4C86C-C34E-4300-9491-96FAEAF67AF0} - System32\Tasks\{ADC77504-F806-46B5-B5B8-B179EC21A303} => pcalua.exe -a D:\GameDIR\Savage\Uninstall.exe -d D:\GameDIR\Savage
Task: {A1385A0D-D6D3-4F2C-8781-973A8D40C3A8} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {A4D23114-E8ED-4BE4-AF78-D9404AE64843} - System32\Tasks\Opera scheduled Autoupdate 1379773154 => C:\Program Files (x86)\Opera\launcher.exe [2015-05-18] (Opera Software)
Task: {B3A6090D-8AD8-477C-9C24-43B260AEAC89} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {BDC1894E-4373-4774-9DDD-3E0EABCE2EB8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {CBEE7CEE-CF2A-4A83-8FC5-CA0870AB3A8B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {D0595654-1C6B-4701-9C58-D0835E3DB391} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {D1F693A8-FE88-47C0-8AB7-D72DAEC7914D} - System32\Tasks\{C0CD93BC-4BDB-48DF-BE69-C21BCFB68138} => pcalua.exe -a "D:\GameDIR\TQIT\TQIT 1.17a installer.exe" -d D:\GameDIR\TQIT
Task: {D346DA35-8D2B-477E-9BE7-164917D2ACCC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.)
Task: {E2E7F2C9-C573-4EB1-A7E7-6ADB5A3F0661} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.)
Task: {E7821201-C950-4B88-9F62-1EA08B6420D7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-08-06 16:57 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2014-08-17 23:41 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-17 23:41 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-17 23:41 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-17 23:41 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-17 23:41 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
AlternateDataStreams: C:\ProgramData\TEMP:B2AA1B61
AlternateDataStreams: C:\Users\Nutzer\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Nutzer\AppData\Roaming:NT

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Roccat Talk.lnk => C:\Windows\pss\Roccat Talk.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Nutzer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk => C:\Windows\pss\ctfmon.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Nutzer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^yr0.09649393655489957.exe.lnk => C:\Windows\pss\yr0.09649393655489957.exe.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Nutzer\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CloneCDTray => "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Facebook Update => "C:\Users\Nutzer\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Nutzer\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: ltfhqdrlteqqeiv => C:\ProgramData\ltfhqdrl.exe
MSCONFIG\startupreg: Makro => "C:\Users\Nutzer\AppData\Local\Temp\Rar$EX59.184\Makro.exe" /D:3000
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NokiaMServer => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: NokiaOviSuite2 => C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
MSCONFIG\startupreg: olipra => rundll32.exe "C:\Users\Nutzer\AppData\Roaming\olipra.dll",CreateContext
MSCONFIG\startupreg: ProfilerU => C:\Program Files\SmartTechnology\Software\ProfilerU.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RMActivate_ssp => C:\Users\Nutzer\AppData\Local\Microsoft\Windows\1997\RMActivate_ssp.exe
MSCONFIG\startupreg: RoccatIskuFX => "C:\Program Files (x86)\ROCCAT\Isku FX Keyboard\IskuFXMonitor.exe"
MSCONFIG\startupreg: S60 PC Suite Tray => "C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: SaiMfd => C:\Program Files\SmartTechnology\Software\SaiMfd.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "D:\ProgDir\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: vasja => C:\Users\Nutzer\AppData\Local\Temp\mor.exe
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
MSCONFIG\startupreg: {4D075306-E134-2F4F-D6C9-84A2DE9D71EA} => C:\Users\Nutzer\AppData\Roaming\Kuocti\ywywcy.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2015 04:34:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2015 04:21:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2015 03:19:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2015 01:46:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0006d2bc
ID des fehlerhaften Prozesses: 0x1dd4
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (05/30/2015 00:19:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/29/2015 04:22:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0006d2bc
ID des fehlerhaften Prozesses: 0x1354
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (05/29/2015 04:17:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0006d2bc
ID des fehlerhaften Prozesses: 0x152c
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (05/29/2015 04:12:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0006d2bc
ID des fehlerhaften Prozesses: 0x15a4
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (05/29/2015 04:07:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0006d2bc
ID des fehlerhaften Prozesses: 0x1734
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (05/29/2015 04:02:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x55359d95
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0006d2bc
ID des fehlerhaften Prozesses: 0x15d8
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3


System errors:
=============
Error: (05/31/2015 04:37:43 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422

Error: (05/31/2015 04:37:43 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422

Error: (05/31/2015 04:37:43 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422

Error: (05/31/2015 04:37:43 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422

Error: (05/31/2015 04:37:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/31/2015 04:37:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/31/2015 04:37:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/31/2015 04:37:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VIA Karaoke digital mixer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/31/2015 04:37:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Compatibility Check" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/31/2015 04:37:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sophos Web Intelligence Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office:
=========================
Error: (05/31/2015 04:34:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2015 04:21:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2015 03:19:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2015 01:46:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.055359d95compatibilitycheck.exe0.0.0.055359d95c00000050006d2bc1dd401d09ace444168f9C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe893e2364-06c1-11e5-9669-0017ad12cbe8

Error: (05/30/2015 00:19:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/29/2015 04:22:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.055359d95compatibilitycheck.exe0.0.0.055359d95c00000050006d2bc135401d09a1ad6dfd365C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe1bc6800f-060e-11e5-a535-0017ad12cbe8

Error: (05/29/2015 04:17:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.055359d95compatibilitycheck.exe0.0.0.055359d95c00000050006d2bc152c01d09a1a22b22ce4C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe6798d98e-060d-11e5-a535-0017ad12cbe8

Error: (05/29/2015 04:12:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.055359d95compatibilitycheck.exe0.0.0.055359d95c00000050006d2bc15a401d09a196e835536C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeb36c643a-060c-11e5-a535-0017ad12cbe8

Error: (05/29/2015 04:07:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.055359d95compatibilitycheck.exe0.0.0.055359d95c00000050006d2bc173401d09a18ba55888fC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeff39d2df-060b-11e5-a535-0017ad12cbe8

Error: (05/29/2015 04:02:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.055359d95compatibilitycheck.exe0.0.0.055359d95c00000050006d2bc15d801d09a1806257fb4C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe4b0c2c5e-060b-11e5-a535-0017ad12cbe8


CodeIntegrity Errors:
===================================
  Date: 2015-05-30 13:54:23.459
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-30 13:54:23.428
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-27 17:18:33.909
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Nutzer\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-27 17:18:33.779
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Nutzer\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-27 17:18:31.394
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-27 17:18:31.259
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X6 1055T Processor
Percentage of memory in use: 42%
Total physical RAM: 4095.24 MB
Available physical RAM: 2352.46 MB
Total Pagefile: 8188.67 MB
Available Pagefile: 6227.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:97.56 GB) (Free:34.86 GB) NTFS
Drive d: (Daten) (Fixed) (Total:833.86 GB) (Free:417.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7BC0D4B0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=833.9 GB) - (Type=07 NTFS)

==================== End of log ============================
         

Geändert von SepZis (31.05.2015 um 15:43 Uhr)

Alt 01.06.2015, 09:22   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Compatiybilitycheck.exe - Standard

Compatiybilitycheck.exe




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.06.2015, 22:46   #11
SepZis
 
Compatiybilitycheck.exe - Standard

Compatiybilitycheck.exe



Jo die Compatibilitycheck ist leider immer noch da, steht auch so im ESET Log

ESET Log

Code:
ATTFilter
C:\AdwCleaner\Quarantine\C\Program Files\003\nuttkoqiez64.exe.vir	Variante von Win64/Adware.Adpeak.C Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir	Win32/Thinknice.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Torntv V9.0\b78a7d68-d9c3-4ffd-983b-fc8848234a16-11.exe.vir	Variante von Win32/Toolbar.CrossRider.AK evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Torntv V9.0\b78a7d68-d9c3-4ffd-983b-fc8848234a16-2.exe.vir	Variante von Win32/Toolbar.CrossRider.AJ evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Torntv V9.0\b78a7d68-d9c3-4ffd-983b-fc8848234a16-4.exe.vir	Variante von Win32/Toolbar.CrossRider.AK evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Torntv V9.0\Torntv V9.0-bg.exe.vir	Variante von Win32/Toolbar.CrossRider.AL evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Torntv V9.0\Torntv V9.0-bho.dll.vir	Variante von Win32/Toolbar.CrossRider.AF evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Torntv V9.0\Torntv V9.0-buttonutil.dll.vir	Variante von Win32/Toolbar.CrossRider.BD evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Torntv V9.0\Torntv V9.0-codedownloader.exe.vir	Variante von Win32/Toolbar.CrossRider.AJ evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Torntv V9.0\Torntv V9.0-novainstaller.exe.vir	Variante von Win32/Toolbar.CrossRider.AJ evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\ProgramData\IePluginService\PluginService.exe.vir	Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir	Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\ProgramData\WPM\wprotectmanager.exe.vir	Variante von Win32/ELEX.AE evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gt17l0qh.default\Extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\21.js.vir	JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gt17l0qh.default\Extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\28.js.vir	JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gt17l0qh.default\Extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\91.js.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jciibccebcogmkmcbehleciidbhbbgie\1.0_0\manifest.json.vir	JS/Adware.Adpeak.C Anwendung
C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe.vir	Variante von Win32/AdSuproot Trojaner
C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe.vir	Variante von Win32/AdSuproot.C Trojaner
C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll.vir	Variante von Win32/AdSuproot Trojaner
C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll.vir	Variante von Win32/AdSuproot Trojaner
C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Roaming\Compatibility Verifier\libEGL.dll.vir	Variante von Win32/AdSuproot Trojaner
C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Roaming\Compatibility Verifier\libGLESv2.dll.vir	Variante von Win32/AdSuproot Trojaner
C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll.vir	Variante von Win32/AdSuproot Trojaner
C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Roaming\Opera Software\Opera Stable\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.26.84_0\extensionData\plugins\1.js.vir	JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Roaming\Opera Software\Opera Stable\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.26.84_0\extensionData\plugins\21.js.vir	JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Roaming\Opera Software\Opera Stable\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.26.84_0\extensionData\plugins\28.js.vir	JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Roaming\Opera Software\Opera Stable\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.26.84_0\extensionData\plugins\91.js.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Roaming\Opera Software\Opera Stable\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.26.84_0\js\lib\crossriderAPI.js.vir	JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Roaming\qone8\UninstallManager.exe.vir	Variante von Win32/ELEX.CP evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Nutzer\AppData\Roaming\SupTab\SupTab.dll.vir	Win32/Thinknice.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir	Variante von Win64/Systweak.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\netfilter64.sys.vir	Variante von Win64/Riskware.NetFilter.F Anwendung
C:\Program Files\7B2309EA-E015-4F90-83B6-EB71CABA5A4E\sgnahzzzax.dll	Variante von Win32/AdWare.CouponAmazing.B Anwendung
C:\Program Files\7B2309EA-E015-4F90-83B6-EB71CABA5A4E\xkymsyyrfh.dll	Variante von Win32/AdWare.CouponAmazing.B Anwendung
C:\Program Files (x86)\7B2309EA-E015-4F90-83B6-EB71CABA5A4E\eugubobiys64.exe	Variante von Win64/Adware.Adpeak.F Anwendung
C:\Program Files (x86)\7B2309EA-E015-4F90-83B6-EB71CABA5A4E\hmhfslexky64.exe	Variante von Win64/Adware.Adpeak.F Anwendung
C:\Program Files (x86)\7B2309EA-E015-4F90-83B6-EB71CABA5A4E\SupraSavingsService64.exe	Variante von Win64/Adware.Adpeak.F Anwendung
C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe	Variante von Win32/AdSuproot Trojaner
C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe	Variante von Win32/AdSuproot.C Trojaner
C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll	Variante von Win32/AdSuproot Trojaner
C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll	Variante von Win32/AdSuproot Trojaner
C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll	Variante von Win32/AdSuproot Trojaner
C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll	Variante von Win32/AdSuproot Trojaner
C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll	Variante von Win32/AdSuproot Trojaner
C:\Users\Helena\AppData\Local\Mozilla\Firefox\Profiles\gt17l0qh.default\cache2\entries\D93FD00B0D2732C1554AA0E9602FA06F2599C19C	JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung
C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gt17l0qh.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\21.js	JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung
C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gt17l0qh.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\28.js	JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung
C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gt17l0qh.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\91.js	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Preferences.bak	JS/Adware.Adpeak.C Anwendung
C:\Users\Nutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R2F3X6H0\setup[1].exe	Win32/Somoto.G evtl. unerwünschte Anwendung
C:\Users\Nutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZSVCXLQ9\BiTool[1].dll	Variante von Win32/Somoto.K evtl. unerwünschte Anwendung
C:\Users\Nutzer\AppData\Roaming\Auslogics\Rescue\Boost Speed\150527180544590.rsc	Mehrere Bedrohungen
C:\Users\Nutzer\AppData\Roaming\Opera Software\Opera Stable\File System\000\t\00\00000000	Win32/AdWare.1ClickDownload.AT Anwendung
C:\Users\Nutzer\AppData\Roaming\Opera Software\Opera Stable\File System\001\t\00\00000000	Win32/AdWare.1ClickDownload.AT Anwendung
D:\GameDIR\UFO\Dosbox.exe	möglicherweise unbekannter Virus NewHeur_PE Virus
H:\Games\Age of Empires\Age of Empires II\Age Of Empires 2 & The Conquerors Expansion - Full Game.exe	Variante von Win32/Hupigon.NWG Trojaner
H:\Games\AoE2HD\Age.of.Empires.II.HD.GERMAN-0x0007\de-aoe2hd.iso	Variante von Win32/Packed.VMProtect.AAH Trojaner
H:\Games\Assassins Creed Brotherhood\Assassins.Creed.Brotherhood.v1.01.Update.Repack-SKIDROW\ac_brotherhood_1.01_update.exe	MSIL/Arcdoor.AH Wurm
H:\Games\Assassins Creed II\sr-acii.iso	Variante von Win32/Packed.VMProtect.AAA Trojaner
H:\Games\Die Siedler 7\rzr-set7.iso	Variante von Win32/Packed.VMProtect.AAA Trojaner
H:\Games\DIRT 3\sr-dirt3.iso	Variante von Win32/Packed.VMProtect.AAA Trojaner
H:\Games\Left 4 Dead 2\L4D2 Update 2.0.0.0-2.0.1.5 Setup.exe	Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung
H:\Games\The Witcher 2\DVD2\sr-tw2b.iso	Variante von Win32/Packed.VMProtect.AAA Trojaner
         
der Securitycheck Log

Code:
ATTFilter
 Results of screen317's Security Check version 1.002  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Sophos Anti-Virus   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 JavaFX 2.1.1    
 Java(TM) 6 Update 26  
 Java 8 Update 31  
 Java version 32-bit out of Date! 
 Adobe Flash Player 17.0.0.169  
 Adobe Reader XI  
 Mozilla Firefox (38.0.1) 
 Mozilla Thunderbird (31.4.0) 
 Google Chrome (43.0.2357.65) 
 Google Chrome (43.0.2357.81) 
````````Process Check: objlist.exe by Laurent````````  
 Sophos Sophos Anti-Virus SavService.exe  
 Sophos Sophos Anti-Virus SAVAdminService.exe  
 Sophos Sophos Anti-Virus Web Control swc_service.exe 
 Sophos Sophos Anti-Virus Web Intelligence swi_service.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
und der frischeste FRST Log

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Nutzer (administrator) on LUCYNDE on 01-06-2015 23:45:49
Running from C:\Users\Nutzer\Desktop
Loaded Profiles: Nutzer (Available Profiles: Nutzer & Helena)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Hi-Rez Studios) D:\GameDIR\SMITE\HiPatchService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1593640 2015-05-07] (Sophos Limited)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\system: [EnableLUA] 1
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [1 compatibilitycheck.exe] 
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [2 db88.exe] 
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [3 UCV.exe] 
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [4 UCV.tmp] 
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [5 vcredist_x86.exe] 
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 22 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 22 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2014-02-06] (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-03-26] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2011-07-14] (the VideoLAN Team)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3323010747-2788445057-3376602549-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-03-26] (Pando Networks)
FF Plugin HKU\S-1-5-21-3323010747-2788445057-3376602549-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-09-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-09-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-09-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-09-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-09-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-09-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-09-17] (Apple Inc.)
FF Extension: Ghostery - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\firefox@ghostery.com.xpi [2015-01-23]
FF Extension: Video DownloadHelper - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: {c2255ecc-6835-4084-8f2b-08ccd0ac4e73} - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\{c2255ecc-6835-4084-8f2b-08ccd0ac4e73}.xpi [2015-03-10]
FF Extension: skype converter - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\{cc6cc534-0a92-464a-91be-f27f39fe75fa}.xpi [2015-04-29]
FF Extension: Adblock Plus - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\aipr1e7v.default-1347110546619\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-17]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-24]
CHR Extension: (YouTube) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-05]
CHR Extension: (Google Search) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-05]
CHR Extension: (Google Wallet) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-08]
CHR Extension: (Gmail) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-05]
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Nutzer\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2015-03-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [237864 2015-03-20] (EasyAntiCheat Ltd)
R2 HiPatchService; D:\GameDIR\SMITE\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [File not signed]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2010-11-08] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-12-29] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2015-05-07] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2015-05-07] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [340776 2015-05-07] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2015-05-07] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3278632 2015-05-07] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2081064 2015-05-07] (Sophos Limited)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2015-01-17] (Tunngle.net GmbH)
R2 Verifies software is compatible; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [99496 2015-04-20] () [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-12] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-31] (Microsoft Corporation)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-31] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 SaiK0CD5; C:\Windows\System32\DRIVERS\SaiK0CD5.sys [183104 2011-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [24680 2012-06-26] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52200 2012-06-26] (Saitek)
R3 SaiU0CD5; C:\Windows\System32\DRIVERS\SaiU0CD5.sys [47168 2011-09-20] (Saitek)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2015-05-07] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2015-05-07] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2015-05-07] (Sophos Limited)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-08-10] (Duplex Secure Ltd.)
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] () [File not signed]
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 usj; \??\D:\GameDIR\EdenEternal\avital\ussjcs64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-01 23:43 - 2015-06-01 23:43 - 00852639 _____ () C:\Users\Nutzer\Desktop\SecurityCheck.exe
2015-06-01 23:42 - 2015-06-01 23:42 - 00009642 _____ () C:\Users\Nutzer\Desktop\ESET.txt
2015-06-01 13:09 - 2015-06-01 13:10 - 00000085 _____ () C:\Windows\wininit.ini
2015-06-01 12:23 - 2015-06-01 12:23 - 00000000 ____D () C:\Users\Nutzer\AppData\Local\GWX
2015-06-01 11:40 - 2015-06-01 11:40 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-06-01 11:39 - 2015-06-01 11:39 - 02347384 _____ (ESET) C:\Users\Nutzer\Downloads\esetsmartinstaller_deu.exe
2015-05-31 16:43 - 2015-05-31 16:43 - 00050260 _____ () C:\Users\Nutzer\Desktop\Addition.txt
2015-05-31 16:42 - 2015-06-01 23:45 - 00010693 _____ () C:\Users\Nutzer\Desktop\FRST.txt
2015-05-31 16:39 - 2015-05-31 16:39 - 00001063 _____ () C:\Users\Nutzer\Desktop\JRT.txt
2015-05-31 16:36 - 2015-05-30 17:05 - 02947635 _____ (Thisisu) C:\Users\Nutzer\Desktop\JRT_NEW.exe
2015-05-31 16:11 - 2015-05-31 16:11 - 00000362 _____ () C:\Users\Nutzer\Desktop\mbam.txt
2015-05-31 15:21 - 2015-05-31 15:21 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-31 15:21 - 2015-05-31 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-31 15:21 - 2015-05-31 15:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-31 15:21 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-31 15:21 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-31 15:20 - 2015-05-31 15:20 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Nutzer\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-30 13:58 - 2015-05-30 13:58 - 00031498 _____ () C:\ComboFix.txt
2015-05-30 13:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-30 13:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-30 13:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-30 13:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-30 13:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-30 13:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-30 13:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-30 13:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-30 13:39 - 2015-05-30 13:58 - 00000000 ____D () C:\Qoobox
2015-05-30 13:34 - 2015-05-30 13:57 - 00000000 ____D () C:\Windows\erdnt
2015-05-30 13:32 - 2015-05-30 13:32 - 05628678 ____R (Swearware) C:\Users\Nutzer\Desktop\ComboFix.exe
2015-05-29 11:50 - 2015-05-29 11:50 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Nutzer\Desktop\tdsskiller.exe
2015-05-29 11:47 - 2015-05-31 15:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-29 11:46 - 2015-05-31 16:24 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-29 11:46 - 2015-05-30 12:19 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-29 11:45 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-29 11:43 - 2015-05-29 12:25 - 00000000 ____D () C:\Users\Nutzer\Desktop\mbar
2015-05-29 11:41 - 2015-05-29 11:41 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Nutzer\Desktop\mbar-1.09.1.1004.exe
2015-05-28 13:43 - 2015-06-01 23:45 - 00000000 ____D () C:\FRST
2015-05-28 13:35 - 2015-05-28 13:35 - 00000188 _____ () C:\Users\Nutzer\defogger_reenable
2015-05-28 13:33 - 2015-05-28 13:33 - 00050477 _____ () C:\Users\Nutzer\Desktop\Defogger.exe
2015-05-28 13:31 - 2015-05-28 13:31 - 02108928 _____ (Farbar) C:\Users\Nutzer\Desktop\FRST64.exe
2015-05-27 20:13 - 2015-05-27 20:13 - 00002104 _____ () C:\Windows\DPINST.LOG
2015-05-27 17:08 - 2015-05-27 17:08 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LUCYNDE-Windows-7-Home-Premium-(64-bit).dat
2015-05-27 17:08 - 2015-05-27 17:08 - 00000000 ____D () C:\RegBackup
2015-05-27 17:05 - 2015-05-27 17:05 - 02946603 _____ (Thisisu) C:\Users\Nutzer\Desktop\JRT.exe
2015-05-27 16:55 - 2015-05-27 16:57 - 00000000 ____D () C:\Users\Nutzer\Desktop\Games
2015-05-27 16:45 - 2015-05-31 16:21 - 00005342 _____ () C:\Windows\PFRO.log
2015-05-27 16:28 - 2015-05-27 16:29 - 02223104 _____ () C:\Users\Nutzer\Desktop\adwcleaner_4.205.exe
2015-05-26 14:13 - 2015-06-01 13:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-24 13:12 - 2015-05-31 16:32 - 00000000 ____D () C:\AdwCleaner
2015-05-18 07:55 - 2015-05-18 07:55 - 00000000 ____D () C:\Windows\SysWOW64\%LOCALAPPDATA%
2015-05-17 12:01 - 2015-06-01 11:33 - 00002072 _____ () C:\Windows\setupact.log
2015-05-17 12:01 - 2015-05-17 12:01 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-16 13:32 - 2015-06-01 15:19 - 00000112 _____ () C:\ProgramData\QUX80go.dat
2015-05-16 13:30 - 2015-05-16 13:30 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-05-16 13:30 - 2015-05-16 13:30 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-05-16 13:27 - 2015-06-01 23:45 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2015-05-16 13:27 - 2015-06-01 23:45 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2015-05-16 13:11 - 2015-05-16 13:11 - 00000000 ____D () C:\DAEMON Tools Lite
2015-05-13 16:46 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 16:46 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 12:24 - 2015-05-05 05:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 12:24 - 2015-05-05 05:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 12:24 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 12:24 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 12:24 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 12:24 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 12:24 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 12:24 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 12:24 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 12:24 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 12:24 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 12:24 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 12:24 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 12:24 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 12:24 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 12:24 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 12:24 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 12:24 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 12:24 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 12:24 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 12:24 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 12:24 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 12:24 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 12:24 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 12:24 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 12:24 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 12:24 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 12:24 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 12:24 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 12:24 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 12:24 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 12:24 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 12:24 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 12:24 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 12:24 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 12:24 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 12:24 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 12:24 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 12:24 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 12:24 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 12:24 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 12:24 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 12:24 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 12:24 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 12:24 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 12:24 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 12:24 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 12:24 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 12:24 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 12:24 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 12:24 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 12:24 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 12:24 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 12:24 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 12:24 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 12:24 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 12:24 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 12:24 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 12:24 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 12:24 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 12:24 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 12:24 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 12:23 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 12:23 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 12:23 - 2015-04-27 21:22 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 12:23 - 2015-04-27 21:22 - 00706496 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-05-13 12:23 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 12:23 - 2015-04-27 21:22 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 12:23 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 12:23 - 2015-04-27 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 12:23 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 12:23 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 12:23 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 12:23 - 2015-04-27 21:20 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 12:23 - 2015-04-27 21:20 - 00631384 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-05-13 12:23 - 2015-04-27 21:18 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 12:23 - 2015-04-27 21:18 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 12:23 - 2015-04-27 21:18 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 12:23 - 2015-04-27 21:17 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 12:23 - 2015-04-27 21:17 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 12:23 - 2015-04-27 21:16 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 12:23 - 2015-04-27 21:16 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-05-13 12:23 - 2015-04-27 21:16 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 12:23 - 2015-04-27 21:16 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 12:23 - 2015-04-27 21:16 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-05-13 12:23 - 2015-04-27 21:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 12:23 - 2015-04-27 21:12 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 12:23 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 12:23 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 12:23 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 12:23 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 12:23 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 12:23 - 2015-04-27 21:01 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 12:23 - 2015-04-27 21:01 - 03939264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 12:23 - 2015-04-27 20:58 - 01311256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00260096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 12:23 - 2015-04-27 20:55 - 00643072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 12:23 - 2015-04-27 20:55 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 12:23 - 2015-04-27 20:55 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 12:23 - 2015-04-27 20:55 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-05-13 12:23 - 2015-04-27 20:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 12:23 - 2015-04-27 20:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 12:23 - 2015-04-27 20:55 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 12:23 - 2015-04-27 20:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 12:23 - 2015-04-27 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 12:23 - 2015-04-27 20:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 12:23 - 2015-04-27 20:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 12:23 - 2015-04-27 20:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 12:23 - 2015-04-27 20:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:14 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-05-13 12:23 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 12:23 - 2015-04-27 19:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 12:23 - 2015-04-27 19:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 12:23 - 2015-04-27 19:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 19:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 19:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 19:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 12:23 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 12:23 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 12:23 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 12:23 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 12:23 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 12:23 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 12:23 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 12:23 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 12:23 - 2015-03-19 01:39 - 00632984 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-05-13 12:23 - 2015-03-19 01:39 - 00546656 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-05-13 12:23 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 12:23 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 12:22 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 12:22 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 12:22 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 12:22 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 12:22 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 12:22 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 12:22 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 12:22 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 12:22 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-07 16:04 - 2015-05-07 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-05-07 16:03 - 2015-05-07 16:00 - 00035624 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe
2015-05-07 16:01 - 2015-05-07 16:01 - 00038144 _____ (Sophos Limited) C:\Windows\system32\Drivers\sdcfilter.sys
2015-05-07 16:01 - 2015-05-07 16:01 - 00027904 _____ (Sophos Limited) C:\Windows\system32\Drivers\SophosBootDriver.sys
2015-05-07 16:00 - 2015-05-07 16:00 - 00176120 _____ (Sophos Limited) C:\Windows\system32\sdccoinstaller.dll
2015-05-07 16:00 - 2015-05-07 16:00 - 00158976 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-01 23:45 - 2011-08-09 23:39 - 00000000 ____D () C:\Users\Nutzer\AppData\Local\CrashDumps
2015-06-01 23:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-06-01 23:36 - 2011-08-04 07:34 - 01744796 _____ () C:\Windows\WindowsUpdate.log
2015-06-01 23:34 - 2014-07-02 20:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-01 23:31 - 2012-03-30 10:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-01 21:39 - 2009-07-14 06:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-01 21:39 - 2009-07-14 06:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-01 20:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-06-01 14:41 - 2015-02-17 11:25 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT
2015-06-01 14:41 - 2013-07-25 19:06 - 00000000 ____D () C:\ProgramData\Ubisoft
2015-06-01 14:40 - 2011-08-07 14:40 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-06-01 14:39 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-06-01 14:35 - 2013-07-07 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2015-06-01 13:34 - 2013-07-25 19:07 - 00000000 ____D () C:\Users\Nutzer\AppData\Roaming\Ubisoft
2015-06-01 13:32 - 2014-02-06 14:26 - 00000000 ____D () C:\ProgramData\NexonUS
2015-06-01 13:10 - 2014-08-17 23:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-06-01 13:09 - 2014-08-17 23:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-06-01 13:08 - 2012-06-25 18:22 - 00000000 ____D () C:\ProgramData\Sony Ericsson
2015-06-01 13:08 - 2012-06-25 18:22 - 00000000 ____D () C:\Program Files (x86)\Sony Ericsson
2015-06-01 11:36 - 2014-07-02 20:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-01 11:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-31 15:20 - 2011-08-17 11:26 - 00000000 ____D () C:\Users\Nutzer\dwhelper
2015-05-30 13:56 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-30 13:54 - 2011-08-04 07:44 - 00000000 ____D () C:\Users\Nutzer
2015-05-30 13:52 - 2012-06-29 00:35 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-29 15:15 - 2013-07-25 12:15 - 00000000 ____D () C:\Users\Nutzer\AppData\Roaming\uTorrent
2015-05-29 12:50 - 2010-11-21 08:50 - 00710518 _____ () C:\Windows\system32\perfh007.dat
2015-05-29 12:50 - 2010-11-21 08:50 - 00154848 _____ () C:\Windows\system32\perfc007.dat
2015-05-29 12:50 - 2009-07-14 07:13 - 01651822 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-28 16:28 - 2011-08-07 15:30 - 00007602 _____ () C:\Users\Nutzer\AppData\Local\resmon.resmoncfg
2015-05-28 15:13 - 2014-08-11 17:37 - 00000000 ____D () C:\Users\Nutzer\AppData\Local\Battle.net
2015-05-27 16:45 - 2012-05-26 23:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-27 14:50 - 2015-04-24 11:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-05-26 12:45 - 2013-04-15 15:00 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-24 13:14 - 2012-05-26 23:29 - 00001072 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-24 13:14 - 2011-08-04 07:45 - 00001004 _____ () C:\Users\Nutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-20 15:31 - 2015-04-07 19:49 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 15:31 - 2015-04-07 19:49 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-20 12:27 - 2014-06-09 14:14 - 00003850 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1379773154
2015-05-20 12:27 - 2013-09-21 16:19 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-05-18 07:25 - 2014-07-02 20:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 07:25 - 2014-07-02 20:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 13:28 - 2013-12-16 00:13 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-14 20:43 - 2011-08-12 20:57 - 00000000 ____D () C:\Users\Nutzer\Documents\My Games
2015-05-14 18:51 - 2013-01-17 15:56 - 00412528 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 18:47 - 2010-11-21 09:00 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 18:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 17:04 - 2011-09-04 15:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 17:00 - 2013-07-16 17:37 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 16:52 - 2011-08-06 13:21 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 16:46 - 2013-12-14 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 16:45 - 2013-12-14 16:50 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 16:45 - 2013-12-14 16:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-12 14:24 - 2014-08-11 17:37 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-05-11 14:39 - 2015-03-29 15:34 - 00000000 ____D () C:\Users\Nutzer\AppData\Local\Songr
2015-05-07 16:05 - 2012-10-04 13:11 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-05-07 16:04 - 2012-10-04 13:11 - 00000000 ____D () C:\ProgramData\Sophos

==================== Files in the root of some directories =======

2012-02-08 00:27 - 2012-02-29 00:33 - 0000080 _____ () C:\Users\Nutzer\AppData\Roaming\blckdom.res
2011-08-07 15:09 - 2015-02-14 04:30 - 0015360 _____ () C:\Users\Nutzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-14 18:03 - 2012-11-14 18:03 - 0000094 _____ () C:\Users\Nutzer\AppData\Local\fusioncache.dat
2011-08-07 15:30 - 2015-05-28 16:28 - 0007602 _____ () C:\Users\Nutzer\AppData\Local\resmon.resmoncfg
2013-09-20 12:03 - 2013-09-20 12:03 - 0005082 _____ () C:\ProgramData\iqrjmdeq.fak
2015-05-16 13:32 - 2015-06-01 15:19 - 0000112 _____ () C:\ProgramData\QUX80go.dat

Files to move or delete:
====================
C:\ProgramData\QUX80go.dat
C:\Users\Nutzer\F.bat


Some files in TEMP:
====================
C:\Users\Nutzer\AppData\Local\Temp\NGM.exe
C:\Users\Nutzer\AppData\Local\Temp\NGMDll.dll
C:\Users\Nutzer\AppData\Local\Temp\NGMResource.dll
C:\Users\Nutzer\AppData\Local\Temp\Quarantine.exe
C:\Users\Nutzer\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-01 20:49

==================== End of log ============================
         

Alt 02.06.2015, 18:45   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Compatiybilitycheck.exe - Standard

Compatiybilitycheck.exe



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Program Files\7B2309EA-E015-4F90-83B6-EB71CABA5A4E
C:\Program Files (x86)\7B2309EA-E015-4F90-83B6-EB71CABA5A4E
C:\Users\Default\AppData\Roaming\Compatibility Verifier
C:\Users\Helena\AppData\Local\Mozilla\Firefox\Profiles\gt17l0qh.default
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\system: [EnableLUA] 1
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [1 compatibilitycheck.exe] 
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [2 db88.exe] 
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [3 UCV.exe] 
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [4 UCV.tmp] 
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [5 vcredist_x86.exe] 
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 usj; \??\D:\GameDIR\EdenEternal\avital\ussjcs64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
2012-02-08 00:27 - 2012-02-29 00:33 - 0000080 _____ () C:\Users\Nutzer\AppData\Roaming\blckdom.res
2013-09-20 12:03 - 2013-09-20 12:03 - 0005082 _____ () C:\ProgramData\iqrjmdeq.fak
2015-05-16 13:32 - 2015-06-01 15:19 - 0000112 _____ () C:\ProgramData\QUX80go.dat

Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen



Frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.06.2015, 20:30   #13
SepZis
 
Compatiybilitycheck.exe - Standard

Compatiybilitycheck.exe



Einmal das Fixlog

Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by Nutzer at 2015-06-02 21:07:14 Run:1
Running from C:\Users\Nutzer\Desktop
Loaded Profiles: Nutzer (Available Profiles: Nutzer & Helena)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Program Files\7B2309EA-E015-4F90-83B6-EB71CABA5A4E
C:\Program Files (x86)\7B2309EA-E015-4F90-83B6-EB71CABA5A4E
C:\Users\Default\AppData\Roaming\Compatibility Verifier
C:\Users\Helena\AppData\Local\Mozilla\Firefox\Profiles\gt17l0qh.default
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\system: [EnableLUA] 1
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [1 compatibilitycheck.exe] 
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [2 db88.exe] 
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [3 UCV.exe] 
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [4 UCV.tmp] 
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\...\Policies\Explorer: [5 vcredist_x86.exe] 
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 usj; \??\D:\GameDIR\EdenEternal\avital\ussjcs64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
2012-02-08 00:27 - 2012-02-29 00:33 - 0000080 _____ () C:\Users\Nutzer\AppData\Roaming\blckdom.res
2013-09-20 12:03 - 2013-09-20 12:03 - 0005082 _____ () C:\ProgramData\iqrjmdeq.fak
2015-05-16 13:32 - 2015-06-01 15:19 - 0000112 _____ () C:\ProgramData\QUX80go.dat

Emptytemp:
         
*****************

C:\Program Files\7B2309EA-E015-4F90-83B6-EB71CABA5A4E => Moved successfully.
C:\Program Files (x86)\7B2309EA-E015-4F90-83B6-EB71CABA5A4E => Moved successfully.
C:\Users\Default\AppData\Roaming\Compatibility Verifier => Moved successfully.
C:\Users\Helena\AppData\Local\Mozilla\Firefox\Profiles\gt17l0qh.default => Moved successfully.
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\EnableLUA => value Removed successfully
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value Removed successfully
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\1 compatibilitycheck.exe => value Removed successfully
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\2 db88.exe => value Removed successfully
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\3 UCV.exe => value Removed successfully
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\4 UCV.tmp => value Removed successfully
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\5 vcredist_x86.exe => value Removed successfully
"HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
pccsmcfd => Service Removed successfully
usj => Service Removed successfully
xhunter1 => Service Removed successfully
C:\Users\Nutzer\AppData\Roaming\blckdom.res => Moved successfully.
C:\ProgramData\iqrjmdeq.fak => Moved successfully.
C:\ProgramData\QUX80go.dat => Moved successfully.
EmptyTemp: => Removed 740.6 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 21:09:33 ====
         
und das FRST Log

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Nutzer (administrator) on LUCYNDE on 02-06-2015 21:28:09
Running from C:\Users\Nutzer\Desktop
Loaded Profiles: Nutzer (Available Profiles: Nutzer & Helena)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hi-Rez Studios) D:\GameDIR\SMITE\HiPatchService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1593640 2015-05-07] (Sophos Limited)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3323010747-2788445057-3376602549-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9 22 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Winsock: Catalog9-x64 22 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2012-10-04] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\wl1u72kk.default-1433273151049
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2014-02-06] (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-03-26] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2011-07-14] (the VideoLAN Team)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3323010747-2788445057-3376602549-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-03-26] (Pando Networks)
FF Plugin HKU\S-1-5-21-3323010747-2788445057-3376602549-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-24]
CHR Extension: (YouTube) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-05]
CHR Extension: (Google Search) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-05]
CHR Extension: (Google Wallet) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-08]
CHR Extension: (Gmail) - C:\Users\Nutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-05]
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Nutzer\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2015-03-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [237864 2015-03-20] (EasyAntiCheat Ltd)
R2 HiPatchService; D:\GameDIR\SMITE\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [File not signed]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2010-11-08] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-12-29] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2015-05-07] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2015-05-07] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [340776 2015-05-07] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2015-05-07] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3278632 2015-05-07] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2081064 2015-05-07] (Sophos Limited)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2015-01-17] (Tunngle.net GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-12] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Verifies software is compatible; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-31] (Microsoft Corporation)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-31] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 SaiK0CD5; C:\Windows\System32\DRIVERS\SaiK0CD5.sys [183104 2011-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [24680 2012-06-26] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52200 2012-06-26] (Saitek)
R3 SaiU0CD5; C:\Windows\System32\DRIVERS\SaiU0CD5.sys [47168 2011-09-20] (Saitek)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2015-05-07] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2015-05-07] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2015-05-07] (Sophos Limited)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-08-10] (Duplex Secure Ltd.)
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] () [File not signed]
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-02 21:25 - 2015-06-02 21:25 - 00000000 ____D () C:\Users\Nutzer\Desktop\Alte Firefox-Daten
2015-06-02 21:24 - 2015-06-02 21:24 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-02 21:24 - 2015-06-02 21:24 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-02 21:24 - 2015-06-02 21:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-06-02 21:22 - 2015-06-02 21:23 - 00243592 _____ () C:\Users\Nutzer\Downloads\Firefox Setup Stub 38.0.5.exe
2015-06-02 21:13 - 2015-06-02 21:13 - 00001275 _____ () C:\Users\Nutzer\Desktop\Revo Uninstaller.lnk
2015-06-02 21:13 - 2015-06-02 21:13 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-06-02 21:12 - 2015-06-02 21:12 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Nutzer\Downloads\revosetup95.exe
2015-06-01 23:43 - 2015-06-01 23:43 - 00852639 _____ () C:\Users\Nutzer\Desktop\SecurityCheck.exe
2015-06-01 23:42 - 2015-06-01 23:42 - 00009642 _____ () C:\Users\Nutzer\Desktop\ESET.txt
2015-06-01 13:09 - 2015-06-01 13:10 - 00000085 _____ () C:\Windows\wininit.ini
2015-06-01 12:23 - 2015-06-01 12:23 - 00000000 ____D () C:\Users\Nutzer\AppData\Local\GWX
2015-06-01 11:40 - 2015-06-01 11:40 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-06-01 11:39 - 2015-06-01 11:39 - 02347384 _____ (ESET) C:\Users\Nutzer\Downloads\esetsmartinstaller_deu.exe
2015-05-31 16:43 - 2015-05-31 16:43 - 00050260 _____ () C:\Users\Nutzer\Desktop\Addition.txt
2015-05-31 16:42 - 2015-06-02 21:28 - 00006628 _____ () C:\Users\Nutzer\Desktop\FRST.txt
2015-05-31 16:39 - 2015-05-31 16:39 - 00001063 _____ () C:\Users\Nutzer\Desktop\JRT.txt
2015-05-31 16:36 - 2015-05-30 17:05 - 02947635 _____ (Thisisu) C:\Users\Nutzer\Desktop\JRT_NEW.exe
2015-05-31 16:11 - 2015-05-31 16:11 - 00000362 _____ () C:\Users\Nutzer\Desktop\mbam.txt
2015-05-31 15:21 - 2015-05-31 15:21 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-31 15:21 - 2015-05-31 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-31 15:21 - 2015-05-31 15:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-31 15:21 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-31 15:21 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-31 15:20 - 2015-05-31 15:20 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Nutzer\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-30 13:58 - 2015-05-30 13:58 - 00031498 _____ () C:\ComboFix.txt
2015-05-30 13:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-30 13:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-30 13:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-30 13:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-30 13:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-30 13:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-30 13:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-30 13:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-30 13:39 - 2015-05-30 13:58 - 00000000 ____D () C:\Qoobox
2015-05-30 13:34 - 2015-05-30 13:57 - 00000000 ____D () C:\Windows\erdnt
2015-05-30 13:32 - 2015-05-30 13:32 - 05628678 ____R (Swearware) C:\Users\Nutzer\Desktop\ComboFix.exe
2015-05-29 11:50 - 2015-05-29 11:50 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Nutzer\Desktop\tdsskiller.exe
2015-05-29 11:47 - 2015-05-31 15:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-29 11:46 - 2015-05-31 16:24 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-29 11:46 - 2015-05-30 12:19 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-29 11:45 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-29 11:43 - 2015-05-29 12:25 - 00000000 ____D () C:\Users\Nutzer\Desktop\mbar
2015-05-29 11:41 - 2015-05-29 11:41 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Nutzer\Desktop\mbar-1.09.1.1004.exe
2015-05-28 13:43 - 2015-06-02 21:28 - 00000000 ____D () C:\FRST
2015-05-28 13:35 - 2015-05-28 13:35 - 00000188 _____ () C:\Users\Nutzer\defogger_reenable
2015-05-28 13:33 - 2015-05-28 13:33 - 00050477 _____ () C:\Users\Nutzer\Desktop\Defogger.exe
2015-05-28 13:31 - 2015-05-28 13:31 - 02108928 _____ (Farbar) C:\Users\Nutzer\Desktop\FRST64.exe
2015-05-27 20:13 - 2015-05-27 20:13 - 00002104 _____ () C:\Windows\DPINST.LOG
2015-05-27 17:08 - 2015-05-27 17:08 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LUCYNDE-Windows-7-Home-Premium-(64-bit).dat
2015-05-27 17:08 - 2015-05-27 17:08 - 00000000 ____D () C:\RegBackup
2015-05-27 17:05 - 2015-05-27 17:05 - 02946603 _____ (Thisisu) C:\Users\Nutzer\Desktop\JRT.exe
2015-05-27 16:55 - 2015-05-27 16:57 - 00000000 ____D () C:\Users\Nutzer\Desktop\Games
2015-05-27 16:45 - 2015-06-02 21:04 - 00008768 _____ () C:\Windows\PFRO.log
2015-05-27 16:28 - 2015-05-27 16:29 - 02223104 _____ () C:\Users\Nutzer\Desktop\adwcleaner_4.205.exe
2015-05-24 13:12 - 2015-05-31 16:32 - 00000000 ____D () C:\AdwCleaner
2015-05-18 07:55 - 2015-05-18 07:55 - 00000000 ____D () C:\Windows\SysWOW64\%LOCALAPPDATA%
2015-05-17 12:01 - 2015-06-02 21:10 - 00002184 _____ () C:\Windows\setupact.log
2015-05-17 12:01 - 2015-05-17 12:01 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-16 13:30 - 2015-05-16 13:30 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-05-16 13:30 - 2015-05-16 13:30 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-05-16 13:11 - 2015-05-16 13:11 - 00000000 ____D () C:\DAEMON Tools Lite
2015-05-13 16:46 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 16:46 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 12:24 - 2015-05-05 05:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 12:24 - 2015-05-05 05:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 12:24 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 12:24 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 12:24 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 12:24 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 12:24 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 12:24 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 12:24 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 12:24 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 12:24 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 12:24 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 12:24 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 12:24 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 12:24 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 12:24 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 12:24 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 12:24 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 12:24 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 12:24 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 12:24 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 12:24 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 12:24 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 12:24 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 12:24 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 12:24 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 12:24 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 12:24 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 12:24 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 12:24 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 12:24 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 12:24 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 12:24 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 12:24 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 12:24 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 12:24 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 12:24 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 12:24 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 12:24 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 12:24 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 12:24 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 12:24 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 12:24 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 12:24 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 12:24 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 12:24 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 12:24 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 12:24 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 12:24 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 12:24 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 12:24 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 12:24 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 12:24 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 12:24 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 12:24 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 12:24 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 12:24 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 12:24 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 12:24 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 12:24 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 12:24 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 12:24 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 12:23 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 12:23 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 12:23 - 2015-04-27 21:22 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 12:23 - 2015-04-27 21:22 - 00706496 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-05-13 12:23 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 12:23 - 2015-04-27 21:22 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 12:23 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 12:23 - 2015-04-27 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 12:23 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 12:23 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 12:23 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 12:23 - 2015-04-27 21:20 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 12:23 - 2015-04-27 21:20 - 00631384 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-05-13 12:23 - 2015-04-27 21:18 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 12:23 - 2015-04-27 21:18 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 12:23 - 2015-04-27 21:18 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 12:23 - 2015-04-27 21:17 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 12:23 - 2015-04-27 21:17 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 12:23 - 2015-04-27 21:17 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 12:23 - 2015-04-27 21:16 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 12:23 - 2015-04-27 21:16 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-05-13 12:23 - 2015-04-27 21:16 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 12:23 - 2015-04-27 21:16 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 12:23 - 2015-04-27 21:16 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-05-13 12:23 - 2015-04-27 21:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 12:23 - 2015-04-27 21:12 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 12:23 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 12:23 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 12:23 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 12:23 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 12:23 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 12:23 - 2015-04-27 21:01 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 12:23 - 2015-04-27 21:01 - 03939264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 12:23 - 2015-04-27 20:58 - 01311256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00260096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 12:23 - 2015-04-27 20:56 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 12:23 - 2015-04-27 20:55 - 00643072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 12:23 - 2015-04-27 20:55 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 12:23 - 2015-04-27 20:55 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 12:23 - 2015-04-27 20:55 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-05-13 12:23 - 2015-04-27 20:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 12:23 - 2015-04-27 20:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 12:23 - 2015-04-27 20:55 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 12:23 - 2015-04-27 20:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 12:23 - 2015-04-27 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 12:23 - 2015-04-27 20:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 12:23 - 2015-04-27 20:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 12:23 - 2015-04-27 20:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 12:23 - 2015-04-27 20:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 20:14 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-05-13 12:23 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 12:23 - 2015-04-27 19:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 12:23 - 2015-04-27 19:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 12:23 - 2015-04-27 19:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 19:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 19:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 12:23 - 2015-04-27 19:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 12:23 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 12:23 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 12:23 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 12:23 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 12:23 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 12:23 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 12:23 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 12:23 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 12:23 - 2015-03-19 01:39 - 00632984 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-05-13 12:23 - 2015-03-19 01:39 - 00546656 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-05-13 12:23 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 12:23 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 12:22 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 12:22 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 12:22 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 12:22 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 12:22 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 12:22 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 12:22 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 12:22 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 12:22 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-07 16:04 - 2015-05-07 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-05-07 16:03 - 2015-05-07 16:00 - 00035624 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe
2015-05-07 16:01 - 2015-05-07 16:01 - 00038144 _____ (Sophos Limited) C:\Windows\system32\Drivers\sdcfilter.sys
2015-05-07 16:01 - 2015-05-07 16:01 - 00027904 _____ (Sophos Limited) C:\Windows\system32\Drivers\SophosBootDriver.sys
2015-05-07 16:00 - 2015-05-07 16:00 - 00176120 _____ (Sophos Limited) C:\Windows\system32\sdccoinstaller.dll
2015-05-07 16:00 - 2015-05-07 16:00 - 00158976 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-02 21:24 - 2012-05-26 23:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-02 21:18 - 2009-07-14 06:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-02 21:18 - 2009-07-14 06:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-02 21:10 - 2014-07-02 20:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-02 21:10 - 2013-09-21 16:19 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-06-02 21:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-02 21:09 - 2011-08-04 07:34 - 01754952 _____ () C:\Windows\WindowsUpdate.log
2015-06-02 21:04 - 2014-08-17 23:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-06-01 23:45 - 2011-08-09 23:39 - 00000000 ____D () C:\Users\Nutzer\AppData\Local\CrashDumps
2015-06-01 23:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-06-01 23:34 - 2014-07-02 20:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-01 23:31 - 2012-03-30 10:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-01 20:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-06-01 14:41 - 2015-02-17 11:25 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT
2015-06-01 14:41 - 2013-07-25 19:06 - 00000000 ____D () C:\ProgramData\Ubisoft
2015-06-01 14:40 - 2011-08-07 14:40 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-06-01 14:39 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-06-01 14:35 - 2013-07-07 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2015-06-01 13:34 - 2013-07-25 19:07 - 00000000 ____D () C:\Users\Nutzer\AppData\Roaming\Ubisoft
2015-06-01 13:32 - 2014-02-06 14:26 - 00000000 ____D () C:\ProgramData\NexonUS
2015-06-01 13:09 - 2014-08-17 23:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-06-01 13:08 - 2012-06-25 18:22 - 00000000 ____D () C:\ProgramData\Sony Ericsson
2015-06-01 13:08 - 2012-06-25 18:22 - 00000000 ____D () C:\Program Files (x86)\Sony Ericsson
2015-05-31 15:20 - 2011-08-17 11:26 - 00000000 ____D () C:\Users\Nutzer\dwhelper
2015-05-30 13:56 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-30 13:54 - 2011-08-04 07:44 - 00000000 ____D () C:\Users\Nutzer
2015-05-30 13:52 - 2012-06-29 00:35 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-29 15:15 - 2013-07-25 12:15 - 00000000 ____D () C:\Users\Nutzer\AppData\Roaming\uTorrent
2015-05-29 12:50 - 2010-11-21 08:50 - 00710518 _____ () C:\Windows\system32\perfh007.dat
2015-05-29 12:50 - 2010-11-21 08:50 - 00154848 _____ () C:\Windows\system32\perfc007.dat
2015-05-29 12:50 - 2009-07-14 07:13 - 01651822 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-28 16:28 - 2011-08-07 15:30 - 00007602 _____ () C:\Users\Nutzer\AppData\Local\resmon.resmoncfg
2015-05-28 15:13 - 2014-08-11 17:37 - 00000000 ____D () C:\Users\Nutzer\AppData\Local\Battle.net
2015-05-27 14:50 - 2015-04-24 11:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-05-26 12:45 - 2013-04-15 15:00 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-24 13:14 - 2011-08-04 07:45 - 00001004 _____ () C:\Users\Nutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-20 15:31 - 2015-04-07 19:49 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 15:31 - 2015-04-07 19:49 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-20 12:27 - 2014-06-09 14:14 - 00003850 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1379773154
2015-05-18 07:25 - 2014-07-02 20:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 07:25 - 2014-07-02 20:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 13:28 - 2013-12-16 00:13 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-14 20:43 - 2011-08-12 20:57 - 00000000 ____D () C:\Users\Nutzer\Documents\My Games
2015-05-14 18:51 - 2013-01-17 15:56 - 00412528 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 18:47 - 2010-11-21 09:00 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 18:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 17:04 - 2011-09-04 15:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 17:00 - 2013-07-16 17:37 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 16:52 - 2011-08-06 13:21 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 16:46 - 2013-12-14 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 16:45 - 2013-12-14 16:50 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 16:45 - 2013-12-14 16:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-12 14:24 - 2014-08-11 17:37 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-05-11 14:39 - 2015-03-29 15:34 - 00000000 ____D () C:\Users\Nutzer\AppData\Local\Songr
2015-05-07 16:05 - 2012-10-04 13:11 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-05-07 16:04 - 2012-10-04 13:11 - 00000000 ____D () C:\ProgramData\Sophos

==================== Files in the root of some directories =======

2011-08-07 15:09 - 2015-02-14 04:30 - 0015360 _____ () C:\Users\Nutzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-14 18:03 - 2012-11-14 18:03 - 0000094 _____ () C:\Users\Nutzer\AppData\Local\fusioncache.dat
2011-08-07 15:30 - 2015-05-28 16:28 - 0007602 _____ () C:\Users\Nutzer\AppData\Local\resmon.resmoncfg

Files to move or delete:
====================
C:\Users\Nutzer\F.bat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-01 20:49

==================== End of log ============================
         
Im Moment siehts gut aus, die Compatibilitycheck.exe ist noch nicht im Taskmanager aufgetaucht.

Alt 03.06.2015, 11:53   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Compatiybilitycheck.exe - Standard

Compatiybilitycheck.exe



Bitte noch nen Tag oder so beaobachten und nochmal melden
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.06.2015, 09:41   #15
SepZis
 
Compatiybilitycheck.exe - Standard

Compatiybilitycheck.exe



So nach einigen Tagen intensiven Testens scheint das Problem gelöst zu sein

Vielen Dank Schrauber.

Kannst du mir zumindest kurz sagen, was das eigentliche Problem war, habe bei den ganzen Meldungen etwas den Überblick verloren

Antwort

Themen zu Compatiybilitycheck.exe
ahnung, andere, anderen, ausführen, bereits, campatibilitycheck, datei, dateien, durchgeführt, forum, hoffe, interne, internet, log, manager, mehrfach, poste, posten, probleme, programme, schei, stehe, systemverlangsamt, task manager, thread, wenig, wenig ahnung, zusammen




Zum Thema Compatiybilitycheck.exe - Hallo liebes Trojanerboard- Team, ich hoffe Ihr könnt mir helfen. Ich habe seit geraumer Zeit Probleme mit der Datei Compatibilitycheck.exe. Sie taucht mehrfach im Task Manager auf und verschlingt meinen - Compatiybilitycheck.exe...
Archiv
Du betrachtest: Compatiybilitycheck.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.