WIN7 Suchanfragen werden auf Werbesuchseiten umgeleitet, Laptop bootet extrem langsam

armer tor · 28.05.2015, 21:07

Hallo liebe Helfer,

leider habe ich schon selber einiges veranstaltet, um das Laptop wieder flott zu machen.
Habe mit der Kaspersky Notfall CD 10 einen Scan gemacht (wovon ich das gespeicherte Logfile nichtmehr wiederfinde), und alle Vorschläge befolgt (Quarantäne, Neutralisieren, Löschen).
Vorher hatte ich schon mit Malwarebytes einen Scan gemacht (Logfile anbei).
Alle Checks und Scans habe ich ohne Internetverbindung gemacht. Ich schreine jetzt auch vom PC, obwohl das Laptop infiziert ist.

Die Infekte haben folgende Erscheinungsformen: Suchanfragen über Chrome oder Firefox werden an andere (Werbe)Adressen umgeleitet. Es scheint alles mögliche im Hintergrund zu laufen, da das Laptop ewig braucht um hochzufahren. Der Datei-Explorer ist öfters instabil, und stürzt ab. Chrome kann ich nicht deinstallieren

So, besser kann ich es erstmal nicht beschreiben. Danke für eure Hilfe

der arme Tor

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 20.05.2015
Suchlauf-Zeit: 20:40:53
Logdatei: Scan-Antimalware.txt
Administrator: Nein

Version: 2.01.6.1022
Malware Datenbank: v2015.03.09.05
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Va

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 247304
Verstrichene Zeit: 23 Min, 40 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 46
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\CLSID\{934B156A-3D17-3981-B78A-5C138F423AD6}, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{63D2A451-3351-178C-7BC4-13C4D58A7652}, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{63D2A451-3351-178C-7BC4-13C4D58A7652}, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{63D2A451-3351-178C-7BC4-13C4D58A7652}, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\adTech.adTech.1, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\adTech.adTech, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\adTech.adTech, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\adTech.adTech, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{934B156A-3D17-3981-B78A-5C138F423AD6}, In Quarantäne, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\adTech.adTech.1, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\adTech.adTech.1, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{934B156A-3D17-3981-B78A-5C138F423AD6}, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{934B156A-3D17-3981-B78A-5C138F423AD6}, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{934B156A-3D17-3981-B78A-5C138F423AD6}, In Quarantäne, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{934B156A-3D17-3981-B78A-5C138F423AD6}, In Quarantäne, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.QuickShare.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [8cedeb58d8b258de1bcb9abafa0932ce], 
PUP.Optional.QuickShare.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [8cedeb58d8b258de1bcb9abafa0932ce], 
PUP.Optional.SupTab.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [2b4e75ce0e7c90a6aac548d8d0337f81], 
PUP.Optional.SupTab.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [2b4e75ce0e7c90a6aac548d8d0337f81], 
PUP.Optional.Yontoo.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, In Quarantäne, [f485c57ee2a8340226ede13cad563dc3], 
PUP.Optional.Yontoo.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, In Quarantäne, [f485c57ee2a8340226ede13cad563dc3], 
PUP.Optional.Incredibar, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}, In Quarantäne, [5e1bd86b2565ca6c90f5292ecd36916f], 
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Löschen bei Neustart, [db9ed76c7a100d29d00eda7ef60d32ce], 
PUP.Optional.NoVooIT.A, HKCU\SOFTWARE\NoVooITSet, In Quarantäne, [1069c77c90fa4fe7d1c1357ace35fa06], 
PUP.Optional.RGMUpdater.A, HKCU\SOFTWARE\RGMService, In Quarantäne, [ef8a92b12b5fab8bd0f8783be122a858], 
PUP.Optional.SmartBar, HKCU\SOFTWARE\SmartbarBackup, In Quarantäne, [017864df71191026120ba87b5ea7c739], 
PUP.Optional.SmartBar, HKCU\SOFTWARE\SmartbarLog, In Quarantäne, [e594cb78dfab20163be1978ce12451af], 
PUP.Optional.SweetIM.A, HKCU\SOFTWARE\SweetIM, In Quarantäne, [67122c17dbaf2412fbc8f3c043c0a35d], 
PUP.Optional.TNT.A, HKCU\SOFTWARE\TNT2, In Quarantäne, [3d3c77cce0aaf640a6c8a803ae554cb4], 
PUP.Optional.Tuto4PC.A, HKCU\SOFTWARE\TutoTag, In Quarantäne, [2950c67ddfab2f071fa780ad2cd9e818], 
PUP.Optional.Shopperz.A, HKCU\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, In Quarantäne, [8decb291d4b645f17a794b59f50eeb15], 
PUP.Optional.Iminent.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, In Quarantäne, [54253a09e1a959ddd79af4b10ef53fc1], 
PUP.Optional.Iminent.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, In Quarantäne, [a2d775ceccbe83b3e290188dbd464eb2], 
PUP.Optional.Linkey.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, In Quarantäne, [0b6e4003dbaf5bdbbab9d8cd9e6522de], 
PUP.Optional.Vosteran.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, In Quarantäne, [3445e55e206aee483f35584d7291cf31], 
PUP.Optional.Wajam.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, In Quarantäne, [8dec79ca7416280eb3c21f8648bb2dd3], 
PUP.Optional.IStart.A, HKCU\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [6910dc67860496a025f8aff7b350e818], 
PUP.Optional.Wajam.A, HKCU\SOFTWARE\SIMPLYTECH\HomeTabWajIEnhance, In Quarantäne, [2257c67d8a00b77fe5a3f0b9a75ca25e], 
PUP.Optional.SafeFinder.A, HKCU\SOFTWARE\SMARTBAR, In Quarantäne, [c1b851f24e3c77bfb20d3790739057a9], 
PUP.Optional.AdvancedSystemProtector.A, HKCU\SOFTWARE\SYSTWEAK\Advanced System Protector, In Quarantäne, [6d0c133036542c0a90b710b6dc272fd1], 
PUP.Optional.Incredibar.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, Löschen bei Neustart, [f683b09395f562d41e0a43a0d2313cc4], 
Adware.SmartBar, HKLM\SOFTWARE\WOW6432NODE\Smartbar, Löschen bei Neustart, [0a6f5ce7d1b9ef47ce1eb6d123e135cb], 
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{cae99edb}, Löschen bei Neustart, [582187bc11793006e6a08849dc270df3], 

Registrierungswerte: 14
PUP.Optional.StartPage.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{336D0C35-8A85-403a-B9D2-65C292C39087}, In Quarantäne, [ee8b98ab88022a0ccfc1cd4edd26e020], 
PUP.Optional.StartPage.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\IB Updater\Firefox, Löschen bei Neustart, [ee8b98ab88022a0ccfc1cd4edd26e020]
PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\IB Updater\Firefox, Löschen bei Neustart, [ee8b98ab88022a0ccfc1cd4edd26e020]
PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{336D0C35-8A85-403a-B9D2-65C292C39087}, In Quarantäne, [2c4def549eecb4827b15a873fe05bb45], 
PUP.Optional.SmartBar.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Browser Infrastructure Helper, C:\Users\Va\AppData\Local\Smartbar\Application\SafeFinder.exe startup, In Quarantäne, [136697ac3c4ecd69cffd7a8fa95c9a66]
PUP.Optional.IStart.A, HKCU\SOFTWARE\MOZILLA\EXTENDS|appid, istart_ffnt@gmail.com, In Quarantäne, [6910dc67860496a025f8aff7b350e818]
PUP.Optional.ReMarkIT.A, HKCU\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{1effa55f-843c-4f45-b36c-c1600c8b3fc6}, C:\Program Files (x86)\Re-markit\150.xpi, In Quarantäne, [5a1f99aa3357b4825a8950cf5ca9936d]
PUP.Optional.SafeFinder.A, HKCU\SOFTWARE\SMARTBAR|Publisher, IrsSF, In Quarantäne, [c1b851f24e3c77bfb20d3790739057a9]
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|shopperz, C:\Program Files\shopperz\wrex.exe, Löschen bei Neustart, [babf74cf5b2fbc7a540faf038e75669a]
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|shopperz64, C:\Program Files\shopperz\wrex64.exe, Löschen bei Neustart, [8dec043fccbed561135181315aa944bc]
PUP.Optional.Incredibar, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}, C:\Program Files\IB Updater\Firefox, Löschen bei Neustart, [9cdd3f0401890f27c3a8ff1723e28f71]
PUP.Optional.Incredibar, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}, C:\Program Files\IB Updater\Firefox, Löschen bei Neustart, [43364ff4206ad660caa1ef27fe07a15f]
PUP.Optional.SearchEngine.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|searchengine@gmail.com, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\searchengine@gmail.com, Löschen bei Neustart, [4534af945f2bea4ca7cbb6813dc8dc24]
PUP.Optional.IStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|istart_ffnt@gmail.com, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com, Löschen bei Neustart, [0574ec57fc8e76c0272b1491d033ae52]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 38
PUP.Optional.SearchEngine.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\searchengine@gmail.com, In Quarantäne, [2d4cb48fe3a7d95d8c131b8641c27090], 
PUP.Optional.SearchEngine.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\searchengine@gmail.com\chrome, In Quarantäne, [2d4cb48fe3a7d95d8c131b8641c27090], 
PUP.Optional.SearchEngine.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\searchengine@gmail.com\chrome\content, In Quarantäne, [2d4cb48fe3a7d95d8c131b8641c27090], 
PUP.Optional.SearchEngine.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\searchengine@gmail.com\chrome\skin, In Quarantäne, [2d4cb48fe3a7d95d8c131b8641c27090], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\include, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\include\tools, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js\lib, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js\module, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js\pack, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\en, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\en-US, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\es, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\es-419, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\fr, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\fr-BE, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\fr-CA, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\fr-CH, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\fr-LU, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\it, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\it-CH, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\pl, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\pt-BR, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\ru, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\ru-MO, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\tr, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\vi, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\zh-CN, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\zh-TW, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\skin, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\defaults, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\defaults\preferences, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\modules, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\updateinfo, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 

Dateien: 83
PUP.Optional.Downloader, C:\Users\Va\AppData\Roaming\jellylam\rinti.exe, Löschen bei Neustart, [4534043f197141f5de3357ef06ff758b], 
PUP.Optional.Firseria, C:\Users\Va\Downloads\Microsoft PowerPoint.exe, In Quarantäne, [b0c960e3e5a57abc2f5e31d8808639c7], 
PUP.Optional.Softonic.A, C:\Users\Va\Downloads\SoftonicDownloader_fuer_free-powerpoint-templates.exe, In Quarantäne, [bebb3f043b4f56e014e688c21ae77f81], 
PUP.Optional.InstallCore, C:\Users\Va\Downloads\tuneup-utilities_setup.exe, In Quarantäne, [d1a874cf800acb6b082d4c666a9b9d63], 
PUP.Optional.SnapDo.A, C:\Windows\Installer\8be45.msi, Löschen bei Neustart, [9bde0241d7b354e26ca1456a89787c84], 
PUP.Optional.VeriStaff, C:\Windows\Installer\8be53.msi, Löschen bei Neustart, [4a2f4cf73258171f99fc481537c97b85], 
PUP.Optional.Winsta.A, C:\Users\Va\AppData\Roaming\Winsta\Winsta.exe, In Quarantäne, [8aefee5597f3fc3a04b45e4f0ff49070], 
PUP.Optional.WidgetContext.A, C:\Users\Va\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi, In Quarantäne, [06734201078392a43533f3bd877c4fb1], 
PUP.Optional.MyStartSearch.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\searchplugins\MyStart Search.xml, In Quarantäne, [611891b2a1e93afc8b72faeef0139868], 
PUP.Optional.WebSearch.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\searchplugins\Web Search.xml, In Quarantäne, [116867dc890170c65640d516c2416799], 
PUP.Optional.SearchEngine.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\searchengine@gmail.com\chrome.manifest, In Quarantäne, [2d4cb48fe3a7d95d8c131b8641c27090], 
PUP.Optional.SearchEngine.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\searchengine@gmail.com\install.rdf, In Quarantäne, [2d4cb48fe3a7d95d8c131b8641c27090], 
PUP.Optional.SearchEngine.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\searchengine@gmail.com\chrome\content\toolbar.js, In Quarantäne, [2d4cb48fe3a7d95d8c131b8641c27090], 
PUP.Optional.SearchEngine.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\searchengine@gmail.com\chrome\content\toolbar.xul, In Quarantäne, [2d4cb48fe3a7d95d8c131b8641c27090], 
PUP.Optional.SearchEngine.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\searchengine@gmail.com\chrome\skin\icon.png, In Quarantäne, [2d4cb48fe3a7d95d8c131b8641c27090], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome.manifest, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\install.rdf, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\index.html, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\quick_start.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js\js.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js\lib\doT.min.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js\module\hotSearch.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js\module\mostgrid.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js\module\search.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js\module\stat.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js\pack\common.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js\pack\ga.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js\pack\xagainit.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\skin\googlelogo.png, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\skin\icon.png, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\skin\loading.gif, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\skin\logo.png, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\skin\newtab.ico, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\skin\simple.css, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\skin\style.css, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\defaults\preferences\preferences.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\modules\addonmanager.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\modules\aes.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\modules\config.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\modules\dialogs.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\modules\last_tab.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\modules\misc.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\modules\properties.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\modules\remoterequest.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\modules\restoreprefs.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\modules\settings.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\updateinfo\faststart.update.rdf, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\updateinfo\ff.update.rdf, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\updateinfo\istart.update.rdf, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\updateinfo\istart_ffnt#5.3.6.xpi, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\updateinfo\istart_ffnt.xpi, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\updateinfo\lightning.update.rdf, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.Softonic.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\prefs.js, Gut: (), Schlecht: (user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searchfor\",\"search.mywebsearch.com\":\"searchfor\",\"search.mindspark.com\":\"searchfor\",\"search.conduit.com\":\"q\",\"search.zugo.com\":\"p\",\"www2.mystart.com\":\"q\",\"www.mystart.com\":\"q\",\"www.bigseekpro.com\":\"q\",\"bigseekpro.com\":\"q\",\"bigspeedpro.com\":\"q\",\"search.esnips.com\":\"searchQuery\",\"search.foxtab.com\":\"q\",\"search.brothersoft.com\":\"keyword\",\"search.softonic.com\":\"q\",\"search.iobit.com\":\"q\",\"search.iminent.com\":\"\",\"search.facemoods.com\":\"s\",\"www.plusnetwork.com\":\"q\",\"www.alothome.com\":\"q\",\"alothome.com\":\"q\",\"search.alothome.com\":\"q\",\"search.chatvibes.com\":\"q\",\"search.blekko.com\":\"\",\"www.searchnu.com\":\"q\",\"searchnu.com\":\"q\",\"search.icq.com\":\"q\",\"search.etype.com\":\"query\",\"isearch.babylon.com\":\"q\",\"search.utorrent.com\":\"\",\"search.bittorrent.com\":\"\",\"search.bearshare.com\":\"q\",\"search.bearshare.net\":\"q\",\"searchya.com\":\"q\",\"int.search-results.com\":\"q\",\"search.searchcompletion.com\":\"q\",\"www.adoresearch.com\":\"q\",\"www.searchcore.net\":\"q\",\"googosearch.info\":\"terms\",\"bar.searchqu.com\":\"q\",\"search.speedbit.com\":\"q\",\"search.toggle.com\":\"q\",\"isearch.whitesmoke.com\":\"q\",\"search.handycafe.com\":\"q\",\"searchassist.babylon.com\":\"q\",\"video.searchcompletion.com\":\"q\",\"www.searchbrowsing.com\":\"q\",\"search.anchorfree.net\":\"q\",\"search.hotspotshield.com\":\"q\",\"dts.search-results.com\":\"q\",\"uk.search-results.com\":\"q\",\"search.chatzum.com\":\"q\",\"search.phpnuke.org\":\"q\",\"www.i-mysearch.com\":\"q\",\"search.smartaddressbar.com\":\"q\",\"www.search-guru.com\":\"q\",\"searchgby.com\":\"\",\"thespecialsearch.com\":\"q\",\"search.bpath.com\":\"q\",\"start.funmoods.com\":\"s\",\"fr.search-results.com\":\"q\",\"de.search-results.com\":\"q\",\"it.search-results.com\":\"q\",\"es.search-results.com\":\"q\",\"search.imesh.com\":\"q\",\"search.swagbucks.com\":\"q\",\"isearch.avg.com\":\"q\",\"search.avg.com\":\"q\",\"search.yippy.com\":\"query\",\"cludr.com\":\"q\",\"search.vmn.net\":\"q\",\"www.gigablast.com\":\"q\",\"www.metacrawler.com\":\"q\",\"www.ixquick.com\":\"\",\"www.search.com\":\"q\",\"duckduckgo.com\":\"q\",\"search.lycos.com\":\"q\",\"monstercrawler.com\":\"q\",\"go.com\":\"p\",\"hotbot.com\":\"keyword\",\"home.myplaycity.com\":\"s\",\"www.findamo.com\":\"q\",\"search.gboxapp.com\":\"q\",\"start.iplay.com\":\"q\",\"home.speedbit.com\":\"q\",\"search.alot.com\":\"q\",\"search.searchplusnetwork.com\":\"q\",\"www.searchqu.net\":\"\",\"search.insiteapp.com\":\"q\",\"somoto.com\":\"q\",\"blekko.com\":\"\",\"suggestor.netliker.com\":\"\",\"search.netliker.com\":\"\",\"insta-search.com\":\"q\",\"www.fast-search.biz\":\"q\",\"start.facemoods.com\":\"s\",\"search.coolnovo.com\":\"\",\"chromeplus.info\":\"q\",\"www.searchble.com\":\"keyword\",\"home.allgameshome.com\":\"s\",\"forsearch.net\":\"q\",\"allssearch.com\":\"q\",\"search.snap.do\":\"q\",\"search.smartsearchbox.net\":\"\",\"search.seznam.cz\":\"q\",\"search.funmoods.com\":\"s\",\"search.avira.com\":\"q\",\"search.jzip.com\":\"q\",\"search.findeer.com\":\"\",\"search-faster.com\":\"\",\"dnssearch.rr.com\":\"search\",\"search.rr.com\":\"q\",\"search.kalloutsearch4.com\":\"q\",\"kalloutsearch4.com\":\"Keywords\",\"search.rapidns.net\":\"SearchQuery\",\"websearch.4shared.com\":\"q\",\"images.search.conduit.com\":\"q\",\"search.cpchero.biz\":\"q\",\"search.kikin.com\":\"q\",\"www.engine-search.biz\":\"q\",\"www.mysearchresults.com\":\"q\",\"search.vdc.com.vn\":\"SearchQuery\",\"search.charter.net\":\"search\",\"search-vbc.com\":\"keywords\",\"search.pch.com\":\"q\",\"search.pantip.com\":\"\",\"www.startsearcher.com\":\"q\",\"search.icafemanager.com\":\"q\",\"aolsearcht10.search.aol.com\":\"q\",\"search.free.fr\":\"\",\"www.similarsitesearch.com\":\"URL\",\"qoqole.com\":\"q\",\"www.claro-search.com\":\"q\",\"isearch.claro-search.com\":\"q\",\"www.uncoverthenet.com/search\":\"q\",\"www.searchcanvas.com\":\"q\",\"search.etoolkit.com\":\"q\",\"www.searchalgo.com\":\"q\",\"bestsearchall.com\":\"q\",\"bestorganicsearch.com\":\"q\",\"mysearchproperties.com\":\"q\",\"search.treasuretrooper.com\":\"q\",\"btsearch.name\":\"q\",\"optu.search-help.net\":\"search\",\"search.clinck.in\":\"q\",\"search.shareazaweb.net\":\"q\",\"search.solarmash.com\":\"q\",\"search.surfcanyon.com\":\"q\",\"search.tedata.net\":\"SearchQuery\",\"www.gooofullsearch.com\":\"keywords\",\"www.alnaddy.com\":\"q\",\"searchsafer.com\":\"q\",\"www.searchqu.com\":\"q\",\"searchfunmoods.com\":\"s\",\"www.searchfunmoods.com\":\"s\",\"www.searchya.com\":\"q\",\"search.lphant.net\":\"\",\"searchremagnified.com\":\"\",\"www.pagequeryresults.com\":\"\",\"www.searchqueryresults.com\":\"\",\"domainhelp.search.com\":\"q\",\"search.b1.org\":\"q\",\"search.pontofrio.com.br\":\"q\",\"search.maxonline.com.sg\":\"q\",\"search.us.com\":\"k\",\"www.picsearch.com\":\"q\",\"www.search-document.com\":\"q\",\"www.searchsafer.com\":\"q\",\"www.website-unavailable.com\":\"q\",\"search.appsarefun.info\":\"\",\"www.searchamong.com\":\"query\",\"www.savevalet.com\":\"q\",\"www.navegaki.com.br\":\"q\",\"my.rally.io\":\"\",\"isearch.glarysoft.com\":\"q\",\"websearch.mocaflix.com\":\"s\",\"search.fastaddressbar.com\":\"s\",\"search.certified-toolbar.com\":\"q\",\"www.delta-search.com\":\"q\",\"mysearch.avg.com\":\"q\",\"www1.search-results.com\":\"q\",\"search.searchya.com\":\"q\",\"websearch.just-browse.info\":\"s\",\"search.fbdownloader.com\":\"q\",\"search.startnow.com\":\"q\",\"search.protectedsearch.com\":\"q\",\"start.iminent.com\":\"q\",\"websearch.pu-results.info\":\"s\",\"22find.com\":\"\",\"search.comcast.net\":\"q\",\"rss2search.com\":\"q\",\"www.searchinq.com\":\"q\",\"search.22find.com\":\"\",\"search.genieo.com\":\"q\",\"www.safesearch.net\":\"q\",\"isearch.fantastigames.com\":\"q\",\"nortonsafe.search.ask.com\":\"q\",\"www.dnsrsearch.com\":\"search\",\"yourstartsearch.com\":\"q\",\"mixidj.delta-search.com\":\"q\",\"searchiu.com\":\"q\",\"www1.dlinksearch.com\":\"q\",\"search.eazel.com\":\"q\",\"en.eazel.com\":\"q\",\"search.smartsuggestor.net\":\"s\",\"mixidj.claro-search.com\":\"q\",\"search.buzzdock.com\":\"q\",\"search.oracle.com\":\"q\",\"visualbee.delta-search.com\":\"q\",\"filesearch.setun.net\":\"q\",\"search.smartsuggestor.com\":\"s\",\"go.findrsearch.com\":\"q\",\"search.earthlink.net\":\"q\",\"search.netzero.net\":\"query\",\"www.holasearch.com\":\"q\",\"searchengines.com\":\"query\",\"www.31searchengines.com\":\"query\",\"www.99searchengines.com\":\"query\",\"www.28searchengines.com\":\"query\",\"www.29searchengines.com\":\"query\",\"www.38searchengines.com\":\"query\",\"www.39searchengines.com\":\"query\",\"www.50searchengines.com\":\"query\",\"www.100searchengines.com\":\"query\",\"www.20searchengines.com\":\"query\",\"www.24searchengines.com\":\"query\",\"www.45searchengines.com\":\"query\",\"www.55searchengines.com\":\"query\",\"www.60searchengines.com\":\"query\",\"www.70searchengines.com\":\"query\",\"www.88searchengines.com\":\"query\",\"www.47searchengines.com\":\"query\",\"www.32searchengines.com\":\"query\",\"www.48searchengines.com\":\"query\",\"www.53searchengines.com\":\"query\",\"www.40searchengines.com\":\"query\",\"www.66searchengines.com\":\"query\",\"www.34searchengines.com\":\"query\",\"www.49searchengines.com\":\"query\",\"www.30searchengines.com\":\"query\",\"www.41searchengines.com\":\"query\",\"www.36searchengines.com\":\"query\",\"www.52searchengines.com\":\"query\",\"www.25searchengines.com\":\"query\",\"home.maxwebsearch.com\":\"query\",\"polysearch.org\":\"srch\",\"search.bnpmedia.com\":\"q\",\"start.search.us.com\":\"k\",\"www.searchnfind.org\":\"\",\"searching-gambling.com\":\"\",\"search.easylifeapp.com\":\"s\",\"www.goodsearch.com\":\"keywords\",\"search.adlux.com\":\"\",\"websearch.good-results.info\":\"s\",\"search.beesq.net\":\"k\",\"www1.delta-search.com\":\"q\",\"www.search.delta-search.com\":\"q\",\"www.yhs.delta-search.com\":\"q\",\"info.delta-search.com\":\"q\",\"www.yd.delta-search.com\":\"q\",\"www2.delta-search.com\":\"q\",\"www3.delta-search.com\":\"q\",\"websearch.helpmefindyour.info\":\"s\",\"tuvaro.com\":\"q\",\"amazon.smart-search.com\":\"query\",\"butterflysearch.net\":\"search\",\"g9search.com\":\"q\",\"images.searchcompletion.com\":\"q\",\"lab.search.conduit.com\":\"q\",\"search.autocompletepro.com\":\"q\",\"search.creativetoolbars.com\":\"q\",\"search.dudu.com\":\"q\",\"search.filebulldog.com\":\"p\",\"search.findwide.com\":\"k\",\"search.focalprice.com\":\"\",\"search.juno.com\":\"query\",\"search.peoplepc.com\":\"q\",\"search.piccshare.com\":\"q\",\"search.starburnsoftware.com\":\"q\",\"search.zonealarm.com\":\"q\",\"search27.info.com\":\"qkw\",\"search42.info.com\":\"qkw\",\"search45.info.com\":\"qkw\",\"search49.info.com\":\"qkw\",\"securesearch.lavasoft.com\":\"q\",\"shieldedsearch.com\":\"q\",\"us.aolsearch.com\":\"q\",\"websearch.brandthunder.com\":\"q\",\"websearch.youwillfind.info\":\"s\",\"websearchsimple.com\":\"q\",\"wind.search-help.net\":\"search\",\"www.21searchengines.com\":\"\",\"www.22searchengines.com\":\"\",\"www.42searchengines.com\":\"\",\"www.46searchengines.com\":\"\",\"www.85searchengines.com\":\"\",\"www.goonsearch.com\":\"q\",\"www.isearch-123.com\":\"q\",\"www.maxwebsearch.com\":\"query\",\"www.searchgby.com\":\"\",\"www.tlbsearch.com\":\"q\",\"avira.search.ask.com\":\"q\",\"search.coupons.com\":\"\",\"smartsearchfacts.com\":\"search\",\"www.27searchengines.com\":\"\",\"www.90searchengines.com\":\"\",\"www.searchgol.com\":\"q\",\"www.searchpage.com\":\"\",\"www.toastsearch.com\":\"q\",\"search.zum.com\":\"query\",\"searchzone.com\":\"query\",\"contenko.com\":\"q\",\"www.mysearch.com\":\"searchfor\",\"home.tb.ask.com\":\"searchfor\",\"isearch.shopathome.com\":\"\",\"searchy.easylifeapp.com\":\"p\",\"www.search.smartshopping.com\":\"keywords\",\"search.bitcomet.com\":\"q\",\"trusearch.com\":\"squery\",\"www.photoshopsearch.com\":\"q\",\"search.snapdo.com\":\"q\",\"search.globososo.com\":\"q\",\"search34.info.com\":\"KW\",\"start.mysearchdial.com\":\"q\",\"search.v9.com\":\"p\",\"maxwebsearch.com\":\"query\",\"search.twcc.com\":\"\",\"websearch.simplespeedy.info\":\"q\",\"search.ividi.org\":\"q\",\"securedsearch2.lavasoft.com\":\"p\",\"yumyumsearch.com\":\"q\",\"wisersearch.com\":\"q\",\"www.morefastsearch.com\":\"q\",\"search.minituner.org\":\"q\",\"websearch.searchrocket.info\":\"q\",\"www.firstsearchhere.com\":\"q\",\"infosearchresults.com\":\"q\",\"mp3tubetoolbarsearch.com\":\"p\",\"sr.searchfunmoods.com\":\"q\",\"websearch.searchdwebs.info\":\"q\",\"www.buenosearch.com\":\"q\",\"www.isearch-for.com\":\"q\",\"www.triple-search.com\":\"q\",\"onlinelivesearch.com\":\"q\",\"search.freecause.com\":\"p\",\"search.url.com\":\"query\",\"search.viewpoint.com\":\"k\",\"search2.virginmedia.com\":\"q\",\"twww1.delta-search.com\":\"q\",\"websearch.pu-result.info\":\"s\",\"websearch.searchannel.info\":\"q\",\"websearch.simplesearches.info\":\"s\",\"www.aolsearch.com\":\"q\",\"www.dalesearch.com\":\"q\",\"www.greenpoweredsearch.com\":\"q\",\"www.search.us.com\":\"k\",\"www.search30.com\":\"q\",\"www.searchfog.com\":\"q\",\"www.thedreamsearch.com\":\"q\",\"www1.delta-seawww1.delta-search.com\":\"q\",\"Searchamong.com\":\"q\",\"www.searchstarburnsoftware.com\":\"q\",\"qvo6.com\":\"p\",\"start.qone8.com\":\"q\",\"delta-homes.com\":\"p\",\"search.localstrike.net\":\"q\",\"websearch.pur-esult.info\":\"\",\"www.searchfusion.com\":\"\",\"search.rpidity.com\":\"\",\"www.isearchspace.com\":\"\",\"www.tika-search.com\":\"\",\"www.doko-search.com\":\"\",\"www.only-search.com\":\"\",\"mixidj.buenosearch.com\":\"\",\"www.golsearch.com\":\"\",\"search.splashtop.com\":\"\",\"www.dosearches.com\":\"\",\"search.all.biz\":\"q\",\"websearch.soft-quick.info\":\"s\",\"search.centrum.cz\":\"q\",\"searchfog.com\":\"q\",\"search.whitesmoke.com\":\"q\",\"search.domainnotfound.optimum.net\":\"q\",\"search.hao123.co.th\":\"wd\",\"searchiy.gboxapp.com\":\"q\",\"www.funnysearch.org\":\"q\",\"native-search.com\":\"q\",\"www2.search-results.com\":\"q\",\"www.webssearches.com\":\"q\",\"www.globasearch.com\":\"q\",\"search.hao123.com.eg\":\"wd\",\"search2.mayoclinic.com\":\"q\",\"www.onlinelivesearch.com\":\"q\",\"www.searchsheet.com\":\"q\",\"search.bigpond.net.au\":\"SearchQuery\",\"searchsearchsearch.org\":\"Keywords\",\"bar.maxwebsearch.com\":\"query\",\"search30.com\":\"q\",\"search.quebles.com\":\"q\",\"isearch.omiga-plus.com\":\"q\",\"websearch.searchpages.info\":\"q\",\"www.oursearching.com\":\"\",\"do-search.com\":\"q\",\"websearch.search-guide.info\":\"\",\"websearch.wisesearch.info\":\"\",\"www.looksafesearch.com\":\"\",\"search14.accoona.com\":\"search\",\"search.gifthulk.com\":\"\",\"folksearcher.com\":\"\",\"searchitallonline.com\":\"query\",\"searchresultsonline.com\":\"query\",\"websearch.homesearch-hub.info\":\"s\",\"www.searchnet.com\":\"utm_term\",\"www.safesearchkids.com\":\"\",\"bittorrent.inspsearch.com\":\"q\",\"dnssearch2.ono.es\":\"SearchQuery\",\"firstsearchnow.com\":\"q\",\"morefastsearch.com\":\"q\",\"r.search.adlux.com\":\"\",\"search.atajitos.com\":\"q\",\"search.bt.com\":\"p\",\"search.ominent.com\":\"q\",\"search.qone8.com\":\"q\",\"search.ueep.com\":\"q\",\"searchstarburnsoftware.com\":\"q\",\"searchstats.iminent.com\":\"\",\"ultimate-search.net\":\"q\",\"utorrent.inspsearch.com\":\"q\",\"websearch.oversearch.info\":\"q\",\"websearch.relevantsearch.info\":\"q\",\"websearch.searchboxes.info\":\"q\",\"websearch.searchere.info\":\"q\",\"websearch.searchesplace.info\":\"q\",\"websearch.the-searcheng.info\":\"q\",\"www.firstsearchnow.com\":\"q\",\"www.fullsearch.com.ar\":\"q\",\"www.infosearchresults.com\":\"q\",\"www.searcheo.fr\":\"q\",\"www.searchresultsonline.com\":\"\",\"www.superquicksearch.com\":\"\"}|||8641407788491093");), Ersetzt,[601984bf2a60e74f38d8f926b74f49b7]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:33 on 28/05/2015 (Administrator)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

M-K-D-B · 28.05.2015, 21:13

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Schritt 2
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdatei von TDSS-Killer,
die beiden neuen Logdateien von FRST.

armer tor · 28.05.2015, 21:19

Hallo Matthias,

hier die Logfiles die ich schon erstellt habe. Waren zu lang für den ersten Beitrag.

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Va (ATTENTION: The logged in user is not administrator) on VANESSA on 28-05-2015 20:34:14
Running from F:\
Loaded Profiles: Va & Administrator (Available Profiles: Va & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> MsMpEng.exe
Failed to access process -> atiesrxx.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> FBAgent.exe
Failed to access process -> AsLdrSrv.exe
Failed to access process -> GFNEXSrv.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> Fuel.Service.exe
Failed to access process -> Application Hosting.exe
Failed to access process -> svchost.exe
Failed to access process -> sftvsa.exe
Failed to access process -> WLIDSVC.EXE
Failed to access process -> sftlist.exe
Failed to access process -> WLIDSVCM.EXE
Failed to access process -> CVHSVC.EXE
Failed to access process -> NisSrv.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
Failed to access process -> WUDFHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-07-11] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [shopperz] => C:\Program Files\shopperz\wrex.exe
HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\wrex64.exe
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-533800774-2781401254-862098746-1001\...\Run: [Facebook Update] => C:\Users\Va\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-20] (Facebook Inc.)
HKU\S-1-5-21-533800774-2781401254-862098746-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-533800774-2781401254-862098746-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-06] (Acresso Corporation)
Startup: C:\Users\Va\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-14]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{98781c85-f0a2-8c2e-9878-81c85f0a7217}\hqghumeaylnlf.exe (No File)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
URLSearchHook: [S-1-5-21-533800774-2781401254-862098746-500] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRak5VLd2-qOELyVxZYVzEWTOSLvRC5kQFMUFB7HWxsC9qmgaEbtsWspeiXQk_8_R5znT6R1fDwhz3ZT22Ce-MfY_wYPvYB4AnBCxL1g_GQSduAYPn-8I3RnEZZS00xXKu2ObU3QI19LskZNnUYycjKHjOqjFsJR-kRbYXjgg&q={searchTerms}
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-533800774-2781401254-862098746-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-533800774-2781401254-862098746-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-533800774-2781401254-862098746-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)

FireFox:
========
FF ProfilePath: C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257
FF NewTab: hxxp://mystart.incredibar.com/?a=6R8R6YBjbO&i=26&did=10963&loc=skw
FF DefaultSearchEngine: MyStart Search
FF SelectedSearchEngine: MyStart Search
FF Homepage: https://de.yahoo.com/
FF Keyword.URL: hxxp://mystart.incredibar.com/?a=6R8R6YBjbO&i=26&did=10963&loc=skw&search=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-11-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Users\Va\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-01-23] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-533800774-2781401254-862098746-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Va\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2013-10-03]
FF Extension: buyfaest - C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\Extensions\6b@n.edu [2015-05-15]
FF Extension: No Name - C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\Extensions\nbmtblkvubrszbdbolp@rybjnwmsnsyqmuck.edu [2015-05-14]
FF Extension: Adblock Plus - C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-14]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-15]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\searchengine@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com
FF Extension: No Name - C:\Program Files\IB Updater\Firefox [not found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-05-15] <==== ATTENTION

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [Not Found]
StartMenuInternet: Chrome.6GZLNA5C4J2QMH4JSOMW2BL5CY - C:\Users\Va\AppData\Local\Chrome\Application\chrome.exe hxxp://www.mystartsearch.com/?type=sc&ts=1429045915&from=ima&uid=WDCXWD3200BPVT-80ZEST0_WD-WXA1A41H0606H0606

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-13] (Advanced Micro Devices, Inc.) [File not signed]
R2 Application Hosting; C:\ProgramData\Application Hosting\Application Hosting.exe [34304 2015-04-14] () [File not signed]
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 JetDrive WindowsClosingService; C:\Windows\System32\WindowsClosingService [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 jetdrive; C:\Windows\System32\DRIVERS\jddrv.sys [37248 2012-05-22] (Abelssoft GmbH)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 cpuz134; \??\C:\Users\Va\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 20:34 - 2015-05-28 20:34 - 00000000 ____D () C:\FRST
2015-05-28 20:17 - 2015-05-28 20:17 - 00000000 ____D () C:\Users\Va\AppData\Local\{44EFFC24-9A11-456C-9B68-99F4DE8F578A}
2015-05-28 17:52 - 2015-05-28 17:52 - 00000000 ____D () C:\Users\Va\AppData\Local\{F4AD3D71-E05D-462F-82A8-8175F86F3613}
2015-05-27 21:55 - 2015-05-27 21:55 - 00000000 ____D () C:\Users\Va\AppData\Local\{226B8C84-8E97-4400-8B07-CA88C3F60E3F}
2015-05-20 21:16 - 2015-05-20 21:16 - 00000000 ____D () C:\Users\Va\AppData\Local\{1432F450-032F-4DCA-A989-3212D395CE53}
2015-05-20 20:34 - 2015-05-20 20:34 - 00000000 ____D () C:\Users\Va\AppData\Local\{05E28185-CE2F-4D67-A3B9-969D18B71351}
2015-05-20 20:21 - 2015-05-20 20:21 - 00000000 ____D () C:\Users\Va\AppData\Local\{0B366F7F-19FB-4669-9467-4C433FEC4700}
2015-05-20 00:23 - 2015-05-20 08:52 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-20 00:23 - 2015-05-20 00:23 - 00001100 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-20 00:23 - 2015-05-20 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-20 00:23 - 2015-05-20 00:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-20 00:23 - 2015-05-20 00:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-20 00:23 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-20 00:23 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-20 00:23 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-19 23:32 - 2015-05-27 22:32 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-19 23:19 - 2015-05-19 23:24 - 00000000 ____D () C:\AdwCleaner
2015-05-19 17:08 - 2015-05-19 17:08 - 00059088 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-05-19 17:07 - 2015-05-28 20:31 - 00000000 ____D () C:\Users\Administrator
2015-05-19 15:13 - 2015-05-19 15:13 - 00000000 ____D () C:\Users\Va\AppData\Local\{2D494D01-B861-49E4-B3D9-355F35CB2E4E}
2015-05-16 22:25 - 2015-05-27 21:51 - 00000272 _____ () C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job
2015-05-16 22:21 - 2015-05-20 20:20 - 00058584 _____ () C:\Users\Va\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-16 22:20 - 2015-05-28 18:30 - 00002446 _____ () C:\Windows\setupact.log
2015-05-16 22:20 - 2015-05-16 22:20 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-16 22:19 - 2015-05-20 08:47 - 00002716 _____ () C:\Windows\PFRO.log
2015-05-16 22:19 - 2015-05-20 00:18 - 04822584 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-16 22:18 - 2015-05-16 22:18 - 00088172 _____ () C:\Users\Va\Documents\cc_20150516_221800.reg
2015-05-16 21:44 - 2015-05-16 21:44 - 00001142 _____ () C:\Users\Va\Desktop\ASUS Produktregistrierung.lnk
2015-05-16 21:26 - 2015-05-16 21:26 - 00000000 _____ () C:\Users\Va\AppData\Local\Temp.dat
2015-05-16 11:04 - 2015-05-16 11:05 - 00000000 ____D () C:\Users\Va\AppData\Local\{F001455B-59BE-4115-AE64-C165EFB84113}
2015-05-15 22:36 - 2015-05-19 23:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-15 17:24 - 2015-05-15 17:24 - 00000000 ____D () C:\Users\Va\AppData\Local\{7A20DB37-FBC4-4BCF-A0D4-EE44E831AD1F}
2015-05-15 00:33 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 00:33 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 18:18 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-14 18:18 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-14 18:18 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-14 18:18 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-14 18:18 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-14 18:18 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-14 18:18 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-14 18:18 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-14 18:18 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-14 18:18 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-14 18:18 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-14 18:18 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-14 18:18 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-14 18:18 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-14 18:18 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-14 18:18 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-14 18:18 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-14 18:18 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-14 18:18 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-14 18:18 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-14 18:18 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-14 18:18 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-14 18:18 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-14 18:18 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-14 18:18 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-14 18:18 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-14 18:18 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-14 18:18 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-14 18:18 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-14 18:18 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-14 18:18 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-14 18:18 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-14 18:18 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-14 18:18 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-14 18:18 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-14 18:18 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-14 18:18 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-14 18:18 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-14 18:18 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-14 18:18 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-14 18:18 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-14 18:18 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-14 18:18 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-14 18:18 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-14 18:18 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-14 18:18 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-14 18:18 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-14 18:18 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-14 18:18 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-14 18:18 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-14 18:18 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-14 18:18 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-14 18:18 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-14 18:18 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-14 18:18 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-14 18:17 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-14 18:17 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-14 18:17 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-14 18:17 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-14 18:17 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-14 16:49 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-14 16:49 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-14 16:49 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-14 16:49 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-14 16:49 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 16:46 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-14 16:46 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-14 16:46 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-14 16:46 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-14 16:46 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-14 16:46 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-14 16:46 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-14 16:46 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-14 16:46 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-14 16:46 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-14 16:46 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-14 16:46 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-14 16:46 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-14 16:46 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-14 16:46 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-14 16:46 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-14 16:46 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-14 16:46 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-14 16:46 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-14 16:46 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-14 16:46 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-14 16:46 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-14 16:46 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-14 16:46 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-14 16:44 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 16:44 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 16:44 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-14 16:44 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-14 16:44 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-14 16:44 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-14 16:44 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-14 16:43 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-14 16:43 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-14 16:43 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-14 16:43 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-14 16:43 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-14 16:43 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-14 16:43 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-14 16:43 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-14 16:43 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-14 16:43 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-14 16:43 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-14 15:14 - 2015-05-14 15:14 - 00000000 ____D () C:\Program Files (x86)\TrimModule
2015-05-14 15:13 - 2015-05-14 15:13 - 00000000 ____D () C:\Users\Va\AppData\Local\{799E0E24-8409-4364-BAA9-CC81AB87C1DC}
2015-05-03 14:16 - 2015-05-03 14:16 - 00000000 ____D () C:\Users\Va\AppData\Local\{AB8A634F-5BD1-4B6B-BC2B-6BEB6328F204}
2015-05-03 12:13 - 2015-05-03 12:13 - 00000000 ____D () C:\Users\Va\AppData\Local\{CC9CB319-0D4D-4A95-8B0E-474F65A4F04D}
2015-05-03 12:12 - 2015-05-03 12:14 - 00000000 ____D () C:\Users\Va\Documents\Fax
2015-05-02 10:55 - 2015-05-02 10:55 - 00684184 _____ (Opera Software) C:\Users\Va\Downloads\Opera_NI_stable.exe
2015-05-02 09:58 - 2015-05-02 09:59 - 00000000 ____D () C:\Users\Va\AppData\Local\{D135E88E-4572-4C5E-A949-EB6173D0C63E}
2015-04-29 20:42 - 2015-04-29 20:42 - 00000000 ____D () C:\Users\Va\AppData\Local\{827C5103-74DE-4620-B4AE-AED0DA9E9E6F}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 20:16 - 2011-12-24 23:50 - 00000000 ____D () C:\Users\Va\Tracing
2015-05-28 20:16 - 2011-08-11 17:44 - 01821223 _____ () C:\Windows\WindowsUpdate.log
2015-05-28 20:05 - 2011-12-24 22:46 - 00001126 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001UA.job
2015-05-28 19:59 - 2012-04-11 22:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-28 18:38 - 2009-07-14 06:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-28 18:38 - 2009-07-14 06:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-28 18:31 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-28 15:06 - 2014-12-03 20:03 - 00001312 _____ () C:\Users\Va\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome.lnk
2015-05-28 15:05 - 2015-04-14 23:12 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.79
2015-05-27 22:58 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-27 22:07 - 2011-02-19 06:24 - 00711530 _____ () C:\Windows\system32\perfh007.dat
2015-05-27 22:07 - 2011-02-19 06:24 - 00153720 _____ () C:\Windows\system32\perfc007.dat
2015-05-27 22:07 - 2009-07-14 07:13 - 01652924 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-20 21:13 - 2015-04-21 17:35 - 00000000 ____D () C:\Users\Va\AppData\Roaming\jellylam
2015-05-20 21:13 - 2015-04-14 23:10 - 00000000 ____D () C:\Users\Va\AppData\Roaming\Winsta
2015-05-20 21:01 - 2011-04-13 04:47 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-05-20 21:00 - 2011-04-13 04:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-05-20 20:58 - 2011-08-11 18:14 - 00000000 ____D () C:\Windows\SysWOW64\ASUS_Screensaver dir
2015-05-20 20:57 - 2014-07-14 01:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetDrive
2015-05-20 08:49 - 2011-08-11 18:12 - 00002052 _____ () C:\Windows\system32\ServiceFilter.ini
2015-05-20 01:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-20 00:20 - 2009-07-29 08:03 - 00000000 ____D () C:\Windows\Panther
2015-05-20 00:16 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-05-20 00:16 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2015-05-20 00:10 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-05-19 23:41 - 2012-11-06 23:31 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-19 23:28 - 2011-12-24 07:02 - 00000000 ___HD () C:\ASUS.DAT
2015-05-19 23:24 - 2011-12-24 07:01 - 00000000 ____D () C:\Users\Va
2015-05-19 18:06 - 2011-12-29 15:30 - 00000000 ____D () C:\Program Files (x86)\FILSHtray
2015-05-16 22:21 - 2011-08-11 18:12 - 00002628 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-05-16 22:07 - 2015-04-14 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-05-15 17:14 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-15 17:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-15 17:08 - 2011-04-13 04:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-15 00:47 - 2012-01-17 23:23 - 01680542 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-15 00:47 - 2012-01-17 23:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-05-15 00:43 - 2014-07-13 17:46 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-15 00:43 - 2014-07-13 17:46 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-15 00:42 - 2014-07-13 17:46 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-15 00:42 - 2014-07-13 17:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-15 00:33 - 2013-03-15 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-15 00:30 - 2013-03-15 14:53 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 19:42 - 2015-04-21 17:35 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-05-14 19:41 - 2011-08-11 17:52 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-03 14:14 - 2013-10-03 19:05 - 00250368 ___SH () C:\Users\Va\Desktop\Thumbs.db
2015-04-29 20:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat

==================== Files in the root of some directories =======

2013-10-24 21:18 - 2013-10-24 21:18 - 50053120 _____ () C:\Program Files (x86)\GUTF19F.tmp
2014-01-10 19:50 - 2014-01-10 19:52 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2012-06-03 19:58 - 2012-06-03 19:58 - 0003584 _____ () C:\Users\Va\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-16 21:26 - 2015-05-16 21:26 - 0000000 _____ () C:\Users\Va\AppData\Local\Temp.dat
2011-04-13 04:48 - 2010-07-07 01:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2011-08-11 18:18 - 2011-08-11 18:20 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-08-11 18:17 - 2011-08-11 18:18 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some files in TEMP:
====================
C:\Users\Va\AppData\Local\Temp\_is9211.exe
C:\Users\Va\AppData\Local\Temp\_isBE10.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by Va at 2015-05-28 20:35:58
Running from F:\
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-533800774-2781401254-862098746-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-533800774-2781401254-862098746-501 - Limited - Disabled)
Va (S-1-5-21-533800774-2781401254-862098746-1001 - Limited - Enabled) => C:\Users\Va

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Out of date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Out of date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Design Premium (HKLM-x32\...\{02698606-3A21-489D-9D2A-75C9E8D3E5BD}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{E17025A7-39B6-375E-8F1E-20637D19549C}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.27 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0010 - ASUS)
Chromium Browser (HKU\S-1-5-21-533800774-2781401254-862098746-1001\...\Chromium) (Version: 41.0.2231.0 - Chrome)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Complemento Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.41.0 - International GeoGebra Institute)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 分享元件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6403 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Search and Replace (HKLM-x32\...\{26453017-2C54-574B-7597-9EA6652686A6}) (Version:  - "") <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{8150221C-8F7E-4997-AD4E-AFDEE7F4B410}) (Version: 3.0.21 - ASUS)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Компаньон Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
מסייע Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => 
Task: C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job => 
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001Core.job => C:\Users\Va\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001UA.job => C:\Users\Va\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5D458568
AlternateDataStreams: C:\ProgramData\Temp:981884E7
AlternateDataStreams: C:\ProgramData\Temp:D20FFA63
AlternateDataStreams: C:\Users\Va\Documents\boot:$WIMMOUNTDATA

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-533800774-2781401254-862098746-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Va\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{50D76052-134E-46DB-AF8E-63827F883C0F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}] => (Allow) LPort=2869
FirewallRules: [{B827E1C7-5A7A-484C-9653-2FE388A8B888}] => (Allow) LPort=1900
FirewallRules: [{25BDD843-A815-48A8-A216-66D065687049}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}] => (Allow) LPort=5353
FirewallRules: [{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}] => (Allow) LPort=8182
FirewallRules: [{D937DAF1-0E89-4549-8ADF-0103B21110E9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{90B9A9CB-6E84-40C9-8639-F26816E9C8D9}] => (Allow) C:\Users\Va\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{1AE4FF3B-5152-4233-AE6C-83F30FCA38F0}] => (Allow) C:\Users\Va\AppData\Local\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2015 06:41:43 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/28/2015 06:31:26 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/28/2015 06:02:20 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/28/2015 05:52:05 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/27/2015 11:02:21 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/27/2015 10:58:11 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/27/2015 10:01:20 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/27/2015 09:54:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ASUSWSShellExt64.dll, Version: 1.1.0.27, Zeitstempel: 0x4c7f631d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000051da
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (05/27/2015 09:50:54 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/20/2015 09:52:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ASUSWSShellExt64.dll, Version: 1.1.0.27, Zeitstempel: 0x4c7f631d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000051da
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3


System errors:
=============
Error: (05/28/2015 07:50:01 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (05/28/2015 07:01:01 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 114.16.0.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/28/2015 07:01:01 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.197.2716.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/28/2015 07:01:01 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.197.2716.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/28/2015 07:01:01 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.197.2716.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/28/2015 06:41:12 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 114.16.0.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/28/2015 06:41:12 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.197.2716.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/28/2015 06:41:12 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.197.2716.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/28/2015 06:41:12 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.197.2716.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/28/2015 06:34:09 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office:
=========================
Error: (05/28/2015 06:41:43 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/28/2015 06:31:26 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/28/2015 06:02:20 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/28/2015 05:52:05 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/27/2015 11:02:21 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/27/2015 10:58:11 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/27/2015 10:01:20 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/27/2015 09:54:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ASUSWSShellExt64.dll1.1.0.274c7f631dc000000500000000000051da

Error: (05/27/2015 09:50:54 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/20/2015 09:52:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7601.175674d672ee4ASUSWSShellExt64.dll1.1.0.274c7f631dc000000500000000000051da


CodeIntegrity Errors:
===================================
  Date: 2013-10-01 19:40:42.127
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:40:40.772
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:40:39.098
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:40:36.341
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:34:30.914
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:34:28.174
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:34:25.610
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:34:23.200
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:33:58.163
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:33:55.433
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD E-350 Processor
Percentage of memory in use: 40%
Total physical RAM: 3691.71 MB
Available physical RAM: 2197.28 MB
Total Pagefile: 7381.64 MB
Available Pagefile: 5672.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:128.18 GB) (Free:60.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:144.91 GB) (Free:142.43 GB) NTFS
Drive f: (VERBATIM) (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 0C55F312)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)

==================== End of log ============================

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-28 20:57:17
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000067 WDC_WD32 rev.01.0 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\fwldypow.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                      0000000075ba1401 2 bytes JMP 75ddb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                        0000000075ba1419 2 bytes JMP 75ddb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                      0000000075ba1431 2 bytes JMP 75e58f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                      0000000075ba144a 2 bytes CALL 75db489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                       * 9
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                         0000000075ba14dd 2 bytes JMP 75e58822 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                  0000000075ba14f5 2 bytes JMP 75e589f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                         0000000075ba150d 2 bytes JMP 75e58718 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                  0000000075ba1525 2 bytes JMP 75e58ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                        0000000075ba153d 2 bytes JMP 75dcfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                             0000000075ba1555 2 bytes JMP 75dd68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                      0000000075ba156d 2 bytes JMP 75e58fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                        0000000075ba1585 2 bytes JMP 75e58b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                           0000000075ba159d 2 bytes JMP 75e586dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                        0000000075ba15b5 2 bytes JMP 75dcfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                      0000000075ba15cd 2 bytes JMP 75ddb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                  0000000075ba16b2 2 bytes JMP 75e58ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                  0000000075ba16bd 2 bytes JMP 75e58671 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                   0000000075ba1401 2 bytes JMP 75ddb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                     0000000075ba1419 2 bytes JMP 75ddb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                   0000000075ba1431 2 bytes JMP 75e58f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                   0000000075ba144a 2 bytes CALL 75db489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                       * 9
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                      0000000075ba14dd 2 bytes JMP 75e58822 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                               0000000075ba14f5 2 bytes JMP 75e589f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                      0000000075ba150d 2 bytes JMP 75e58718 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                               0000000075ba1525 2 bytes JMP 75e58ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                     0000000075ba153d 2 bytes JMP 75dcfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                          0000000075ba1555 2 bytes JMP 75dd68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                   0000000075ba156d 2 bytes JMP 75e58fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                     0000000075ba1585 2 bytes JMP 75e58b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                        0000000075ba159d 2 bytes JMP 75e586dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                     0000000075ba15b5 2 bytes JMP 75dcfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                   0000000075ba15cd 2 bytes JMP 75ddb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                               0000000075ba16b2 2 bytes JMP 75e58ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                               0000000075ba16bd 2 bytes JMP 75e58671 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35                                                           00000000704c11a8 2 bytes [4C, 70]
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248                                                          00000000704c127d 2 bytes CALL 75db14c9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395                                                          00000000704c1310 2 bytes CALL 75db14c9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21                                                     00000000704c13a8 2 bytes [4C, 70]
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21                                                         00000000704c1422 2 bytes [4C, 70]
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19                                                  00000000704c1498 2 bytes [4C, 70]
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextCreate + 4                                               00000000704b1825 2 bytes JMP 75b6613d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroy + 4                                              00000000704b1830 2 bytes JMP 75b6615d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroyAll + 4                                           00000000704b183b 2 bytes JMP 75b6617d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dDrawPrimitives2 + 4                                             00000000704b1846 2 bytes JMP 75b65a1d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dValidateTextureStageState + 4                                   00000000704b1851 2 bytes JMP 75b6619d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAddAttachedSurface + 4                                           00000000704b185c 2 bytes JMP 75b6627d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAlphaBlt + 4                                                     00000000704b1867 2 bytes JMP 75b6629d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAttachSurface + 4                                                00000000704b1872 2 bytes JMP 75b662bd C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBeginMoCompFrame + 4                                             00000000704b187d 2 bytes JMP 75b662dd C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBlt + 4                                                          00000000704b1888 2 bytes JMP 75b65a3d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateD3DBuffer + 4                                           00000000704b1893 2 bytes JMP 75b662fd C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateSurface + 4                                             00000000704b189e 2 bytes JMP 75b65abd C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdColorControl + 4                                                 00000000704b18a9 2 bytes JMP 75b6631d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateD3DBuffer + 4                                              00000000704b18b4 2 bytes JMP 75b6633d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateDirectDrawObject + 4                                       00000000704b18bf 2 bytes JMP 75b31fcb C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateMoComp + 4                                                 00000000704b18ca 2 bytes JMP 75b6637d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurface + 4                                                00000000704b18d5 2 bytes JMP 75b65add C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceEx + 4                                              00000000704b18e0 2 bytes JMP 75b65b5d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceObject + 4                                          00000000704b18eb 2 bytes JMP 75b65b7d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteDirectDrawObject + 4                                       00000000704b18f6 2 bytes JMP 75b668dd C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteSurfaceObject + 4                                          00000000704b1901 2 bytes JMP 75b65a9d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyD3DBuffer + 4                                             00000000704b190c 2 bytes JMP 75b668fd C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyMoComp + 4                                                00000000704b1917 2 bytes JMP 75b6693d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroySurface + 4                                               00000000704b1922 2 bytes JMP 75b65afd C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdEndMoCompFrame + 4                                               00000000704b192d 2 bytes JMP 75b6695d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlip + 4                                                         00000000704b1938 2 bytes JMP 75b6697d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlipToGDISurface + 4                                             00000000704b1943 2 bytes JMP 75b6699d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetAvailDriverMemory + 4                                         00000000704b194e 2 bytes JMP 75b669bd C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetBltStatus + 4                                                 00000000704b1959 2 bytes JMP 75b669dd C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDC + 4                                                        00000000704b1964 2 bytes JMP 75b669fd C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverInfo + 4                                                00000000704b196f 2 bytes JMP 75b66a1d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverState + 4                                               00000000704b197a 2 bytes JMP 75b66a3d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDxHandle + 4                                                  00000000704b1985 2 bytes JMP 75b66a5d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetFlipStatus + 4                                                00000000704b1990 2 bytes JMP 75b66a7d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetInternalMoCompInfo + 4                                        00000000704b199b 2 bytes JMP 75b66a9d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompBuffInfo + 4                                            00000000704b19a6 2 bytes JMP 75b66abd C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompFormats + 4                                             00000000704b19b1 2 bytes JMP 75b66add C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompGuids + 4                                               00000000704b19bc 2 bytes JMP 75b66afd C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetScanLine + 4                                                  00000000704b19c7 2 bytes JMP 75b66b1d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLock + 4                                                         00000000704b19d2 2 bytes JMP 75b66b3d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLockD3D + 4                                                      00000000704b19dd 2 bytes JMP 75b65b9d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryDirectDrawObject + 4                                        00000000704b19e8 2 bytes JMP 75b66b7d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryMoCompStatus + 4                                            00000000704b19f3 2 bytes JMP 75b66b9d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReenableDirectDrawObject + 4                                     00000000704b19fe 2 bytes JMP 75b66bdb C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReleaseDC + 4                                                    00000000704b1a09 2 bytes JMP 75b66bfb C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdRenderMoComp + 4                                                 00000000704b1a14 2 bytes JMP 75b66c1b C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdResetVisrgn + 4                                                  00000000704b1a1f 2 bytes JMP 75b65b1d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetColorKey + 4                                                  00000000704b1a2a 2 bytes JMP 75b66c3b C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetExclusiveMode + 4                                             00000000704b1a35 2 bytes JMP 75b66c5b C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetGammaRamp + 4                                                 00000000704b1a40 2 bytes JMP 75b66c7b C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetOverlayPosition + 4                                           00000000704b1a4b 2 bytes JMP 75b66c9b C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnattachSurface + 4                                              00000000704b1a56 2 bytes JMP 75b66cbb C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlock + 4                                                       00000000704b1a61 2 bytes JMP 75b66cdb C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlockD3D + 4                                                    00000000704b1a6c 2 bytes JMP 75b65bbd C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUpdateOverlay + 4                                                00000000704b1a77 2 bytes JMP 75b66cfb C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 4                                         00000000704b1a82 2 bytes JMP 75b66d1b C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 52                                        00000000704b1ab2 2 bytes JMP 7520dc75 C:\Windows\syswow64\msvcrt.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                     0000000075ba1401 2 bytes JMP 75ddb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                       0000000075ba1419 2 bytes JMP 75ddb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                     0000000075ba1431 2 bytes JMP 75e58f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                     0000000075ba144a 2 bytes CALL 75db489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                       * 9
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                        0000000075ba14dd 2 bytes JMP 75e58822 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                 0000000075ba14f5 2 bytes JMP 75e589f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                        0000000075ba150d 2 bytes JMP 75e58718 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                 0000000075ba1525 2 bytes JMP 75e58ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                       0000000075ba153d 2 bytes JMP 75dcfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                            0000000075ba1555 2 bytes JMP 75dd68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                     0000000075ba156d 2 bytes JMP 75e58fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                       0000000075ba1585 2 bytes JMP 75e58b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                          0000000075ba159d 2 bytes JMP 75e586dc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                       0000000075ba15b5 2 bytes JMP 75dcfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                     0000000075ba15cd 2 bytes JMP 75ddb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                 0000000075ba16b2 2 bytes JMP 75e58ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                 0000000075ba16bd 2 bytes JMP 75e58671 C:\Windows\syswow64\kernel32.dll
---- Processes - GMER 2.1 ----

Process  C:\ProgramData\Application Hosting\Application Hosting.exe (*** suspicious ***) @ C:\ProgramData\Application Hosting\Application Hosting.exe [1792](2015-04-14 14:55:44)  0000000000bf0000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e                                                                                               
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)                                                                           

---- EOF - GMER 2.1 ----

M-K-D-B · 28.05.2015, 21:22

Servus,

Zitat:

Ran by Va (ATTENTION: The logged in user is not administrator) on VANESSA on 28-05-2015 20:34:14

Alle unsere Tools benötigen Administratorrechte. Bitte FRST und TDSS-Killer neu als Admin ausführen.

armer tor · 28.05.2015, 21:37

Hier der TDSSKiller Report

Code:

ATTFilter

22:25:35.0874 0x0c88  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
22:26:06.0716 0x0c88  ============================================================
22:26:06.0716 0x0c88  Current date / time: 2015/05/28 22:26:06.0716
22:26:06.0716 0x0c88  SystemInfo:
22:26:06.0716 0x0c88  
22:26:06.0716 0x0c88  OS Version: 6.1.7601 ServicePack: 1.0
22:26:06.0716 0x0c88  Product type: Workstation
22:26:06.0716 0x0c88  ComputerName: VANESSA
22:26:06.0716 0x0c88  UserName: Administrator
22:26:06.0716 0x0c88  Windows directory: C:\Windows
22:26:06.0716 0x0c88  System windows directory: C:\Windows
22:26:06.0716 0x0c88  Running under WOW64
22:26:06.0716 0x0c88  Processor architecture: Intel x64
22:26:06.0716 0x0c88  Number of processors: 2
22:26:06.0716 0x0c88  Page size: 0x1000
22:26:06.0716 0x0c88  Boot type: Normal boot
22:26:06.0716 0x0c88  ============================================================
22:26:10.0132 0x0c88  KLMD registered as C:\Windows\system32\drivers\32857536.sys
22:26:10.0678 0x0c88  System UUID: {0D1E0FF7-115E-CC38-4964-0BA623867DBA}
22:26:11.0910 0x0c88  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:26:11.0942 0x0c88  Drive \Device\Harddisk1\DR1 - Size: 0xEEE00000 ( 3.73 Gb ), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:26:11.0942 0x0c88  ============================================================
22:26:11.0942 0x0c88  \Device\Harddisk0\DR0:
22:26:11.0942 0x0c88  MBR partitions:
22:26:11.0942 0x0c88  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1005B800
22:26:11.0973 0x0c88  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1325C800, BlocksNum 0x121D2000
22:26:11.0973 0x0c88  \Device\Harddisk1\DR1:
22:26:11.0988 0x0c88  MBR partitions:
22:26:11.0988 0x0c88  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x776FE0
22:26:11.0988 0x0c88  ============================================================
22:26:12.0035 0x0c88  C: <-> \Device\Harddisk0\DR0\Partition1
22:26:12.0066 0x0c88  D: <-> \Device\Harddisk0\DR0\Partition2
22:26:12.0066 0x0c88  ============================================================
22:26:12.0066 0x0c88  Initialize success
22:26:12.0066 0x0c88  ============================================================
22:26:58.0367 0x0d5c  ============================================================
22:26:58.0367 0x0d5c  Scan started
22:26:58.0367 0x0d5c  Mode: Manual; SigCheck; TDLFS; 
22:26:58.0367 0x0d5c  ============================================================
22:26:58.0367 0x0d5c  KSN ping started
22:26:58.0508 0x0d5c  KSN ping finished: false
22:27:00.0770 0x0d5c  ================ Scan system memory ========================
22:27:00.0770 0x0d5c  System memory - ok
22:27:00.0770 0x0d5c  ================ Scan services =============================
22:27:01.0035 0x0d5c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:27:01.0206 0x0d5c  1394ohci - ok
22:27:01.0269 0x0d5c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:27:01.0316 0x0d5c  ACPI - ok
22:27:01.0316 0x0d5c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:27:01.0394 0x0d5c  AcpiPmi - ok
22:27:01.0550 0x0d5c  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:27:01.0612 0x0d5c  AdobeFlashPlayerUpdateSvc - ok
22:27:01.0659 0x0d5c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:27:01.0721 0x0d5c  adp94xx - ok
22:27:01.0768 0x0d5c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:27:01.0799 0x0d5c  adpahci - ok
22:27:01.0830 0x0d5c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:27:01.0862 0x0d5c  adpu320 - ok
22:27:01.0893 0x0d5c  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:27:01.0955 0x0d5c  AeLookupSvc - ok
22:27:02.0002 0x0d5c  [ 6E79A119B0CE418FE44E0C824BF3F039, 7C7E8ED41EFCDB20C1A0C038BB6C53CDBE6709E3573C8A93B4059C0CD08759EB ] AFBAgent        C:\Windows\system32\FBAgent.exe
22:27:02.0096 0x0d5c  AFBAgent - ok
22:27:02.0158 0x0d5c  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
22:27:02.0236 0x0d5c  AFD - ok
22:27:02.0252 0x0d5c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
22:27:02.0283 0x0d5c  agp440 - ok
22:27:02.0330 0x0d5c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
22:27:02.0376 0x0d5c  ALG - ok
22:27:02.0423 0x0d5c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:27:02.0454 0x0d5c  aliide - ok
22:27:02.0517 0x0d5c  [ 9CCAF5CCD848F8D77CD18DAA51F9C987, 1FA0A67765298F9CA701CC1C948390C2B8E71DA49D194AC2CB8FEADF4770A87D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:27:02.0642 0x0d5c  AMD External Events Utility - ok
22:27:02.0704 0x0d5c  AMD FUEL Service - ok
22:27:02.0751 0x0d5c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
22:27:02.0782 0x0d5c  amdide - ok
22:27:02.0813 0x0d5c  [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
22:27:02.0844 0x0d5c  amdiox64 - ok
22:27:02.0891 0x0d5c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:27:02.0954 0x0d5c  AmdK8 - ok
22:27:03.0546 0x0d5c  [ 8BD152EAAEFEB8667E7E43FD8CAC3642, 19FA414A398D1C545E4C2C0322F9E35195AFD256419CCB3DFE8C84398DC03C71 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
22:27:04.0280 0x0d5c  amdkmdag - ok
22:27:04.0373 0x0d5c  [ 4112266BD3949EBE9B0B8AB198D3D0EE, 8CF582E6050013E2370A8269F4B9F12E91EA7FE35394E8E54EAC67B7A0B5D599 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
22:27:04.0420 0x0d5c  amdkmdap - ok
22:27:04.0451 0x0d5c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:27:04.0467 0x0d5c  AmdPPM - ok
22:27:04.0560 0x0d5c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:27:04.0607 0x0d5c  amdsata - ok
22:27:04.0732 0x0d5c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
22:27:04.0763 0x0d5c  amdsbs - ok
22:27:04.0779 0x0d5c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:27:04.0810 0x0d5c  amdxata - ok
22:27:04.0857 0x0d5c  [ CAEE7C1AFC9F1C9EE8DD11ACD18D22E7, B8953CC6B833E76F1483EFDB0198F14FA43E530D1A9FEA33260FD2EDB811B230 ] amd_sata        C:\Windows\system32\DRIVERS\amd_sata.sys
22:27:04.0888 0x0d5c  amd_sata - ok
22:27:04.0919 0x0d5c  [ 23726116B4FBCC84FC45B95157C08F5F, BCF1762FFB36D3846628917DC86CF26A83BDFE7D3DE54F8D6B1B1D3AC3E73F02 ] amd_xata        C:\Windows\system32\DRIVERS\amd_xata.sys
22:27:04.0950 0x0d5c  amd_xata - ok
22:27:04.0997 0x0d5c  [ 4DE0D5D747A73797C95A97DCCE5018B5, 17EC669675C2E43515EFE2D8BCC9DDFFBE64F99EBFB9A6DAB429F65A2B504560 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
22:27:05.0044 0x0d5c  androidusb - ok
22:27:05.0091 0x0d5c  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
22:27:05.0153 0x0d5c  AppID - ok
22:27:05.0169 0x0d5c  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:27:05.0200 0x0d5c  AppIDSvc - ok
22:27:05.0231 0x0d5c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
22:27:05.0294 0x0d5c  Appinfo - ok
22:27:05.0372 0x0d5c  [ 7F5028A20C78F10CA2E88EEF6D9C9BD1, 0C9C82AA7264311B38925EBD018E943686B3DDADC02FCD2BDBEF278AD6CD1C03 ] Application Hosting C:\ProgramData\Application Hosting\Application Hosting.exe
22:27:05.0387 0x0d5c  Application Hosting - detected UnsignedFile.Multi.Generic ( 1 )
22:27:05.0606 0x0d5c  Application Hosting ( UnsignedFile.Multi.Generic ) - warning
22:27:05.0621 0x0d5c  Force sending object to P2P due to detect: Application Hosting
22:27:05.0621 0x0d5c  Object send P2P result: false
22:27:05.0652 0x0d5c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
22:27:05.0684 0x0d5c  arc - ok
22:27:05.0699 0x0d5c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:27:05.0730 0x0d5c  arcsas - ok
22:27:05.0824 0x0d5c  [ 18E5C2F937F9DEB8C282DF66A3761925, 30294C381F8C7DCB45EF9BCF572F410FF47630E12D5AA02259C6C80F07BEF495 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
22:27:05.0886 0x0d5c  ASLDRService - ok
22:27:05.0933 0x0d5c  [ 4C016FD76ED5C05E84CA8CAB77993961, 025E7BE9FCEFD6A83F4471BBA0C11F1C11BD5047047D26626DA24EE9A419CDC4 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
22:27:05.0996 0x0d5c  ASMMAP64 - ok
22:27:06.0136 0x0d5c  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:27:06.0183 0x0d5c  aspnet_state - ok
22:27:06.0198 0x0d5c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:27:06.0370 0x0d5c  AsyncMac - ok
22:27:06.0417 0x0d5c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
22:27:06.0432 0x0d5c  atapi - ok
22:27:06.0557 0x0d5c  [ F8633CDD09647A64EE8DB550630427FF, 565F32E6B1E8451B2DD866E4997336A47B8DC6669392BDAAF252C35C0383E8A3 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
22:27:06.0698 0x0d5c  athr - ok
22:27:06.0760 0x0d5c  [ DBB487D09F56C674430AC454FD8BCAB9, CF6413DD5D4876CE1F65E40115994423804AA5EA5CBDEB433DB751B445C17BB8 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
22:27:06.0791 0x0d5c  AtiHDAudioService - ok
22:27:06.0822 0x0d5c  [ 7910158929571214A959D5A6D16DD9C0, 9B4F8A3AF9E09B2F772EEF1CB8F7EAB8A226068784837F375AE97B89B0B3A383 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
22:27:06.0854 0x0d5c  ATKGFNEXSrv - ok
22:27:06.0916 0x0d5c  [ AC31727F9946E9009480708E4D1B9986, D1D5DC2A377D37483E10BF5F96D670712718BC27C753E86ABBB6C0708992E7C9 ] ATKWMIACPIIO    C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
22:27:06.0947 0x0d5c  ATKWMIACPIIO - ok
22:27:07.0025 0x0d5c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:27:07.0103 0x0d5c  AudioEndpointBuilder - ok
22:27:07.0150 0x0d5c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:27:07.0212 0x0d5c  AudioSrv - ok
22:27:07.0244 0x0d5c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:27:07.0368 0x0d5c  AxInstSV - ok
22:27:07.0462 0x0d5c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
22:27:07.0524 0x0d5c  b06bdrv - ok
22:27:07.0618 0x0d5c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:27:07.0696 0x0d5c  b57nd60a - ok
22:27:07.0743 0x0d5c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:27:07.0774 0x0d5c  BDESVC - ok
22:27:07.0790 0x0d5c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:27:07.0868 0x0d5c  Beep - ok
22:27:07.0914 0x0d5c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
22:27:08.0008 0x0d5c  BFE - ok
22:27:08.0086 0x0d5c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
22:27:08.0367 0x0d5c  BITS - ok
22:27:08.0398 0x0d5c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:27:08.0429 0x0d5c  blbdrive - ok
22:27:08.0476 0x0d5c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:27:08.0523 0x0d5c  bowser - ok
22:27:08.0554 0x0d5c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
22:27:08.0648 0x0d5c  BrFiltLo - ok
22:27:08.0663 0x0d5c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
22:27:08.0694 0x0d5c  BrFiltUp - ok
22:27:08.0741 0x0d5c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
22:27:08.0788 0x0d5c  Browser - ok
22:27:08.0804 0x0d5c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:27:08.0866 0x0d5c  Brserid - ok
22:27:08.0866 0x0d5c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:27:08.0913 0x0d5c  BrSerWdm - ok
22:27:08.0928 0x0d5c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:27:08.0960 0x0d5c  BrUsbMdm - ok
22:27:08.0975 0x0d5c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:27:09.0006 0x0d5c  BrUsbSer - ok
22:27:09.0038 0x0d5c  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
22:27:09.0084 0x0d5c  BthEnum - ok
22:27:09.0116 0x0d5c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:27:09.0162 0x0d5c  BTHMODEM - ok
22:27:09.0178 0x0d5c  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
22:27:09.0209 0x0d5c  BthPan - ok
22:27:09.0272 0x0d5c  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
22:27:09.0365 0x0d5c  BTHPORT - ok
22:27:09.0396 0x0d5c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
22:27:09.0474 0x0d5c  bthserv - ok
22:27:09.0521 0x0d5c  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
22:27:09.0568 0x0d5c  BTHUSB - ok
22:27:09.0584 0x0d5c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:27:09.0662 0x0d5c  cdfs - ok
22:27:09.0693 0x0d5c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:27:09.0724 0x0d5c  cdrom - ok
22:27:09.0771 0x0d5c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
22:27:09.0833 0x0d5c  CertPropSvc - ok
22:27:09.0864 0x0d5c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
22:27:09.0896 0x0d5c  circlass - ok
22:27:09.0942 0x0d5c  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
22:27:09.0989 0x0d5c  CLFS - ok
22:27:10.0083 0x0d5c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:27:10.0130 0x0d5c  clr_optimization_v2.0.50727_32 - ok
22:27:10.0208 0x0d5c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:27:10.0254 0x0d5c  clr_optimization_v2.0.50727_64 - ok
22:27:10.0332 0x0d5c  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:27:10.0379 0x0d5c  clr_optimization_v4.0.30319_32 - ok
22:27:10.0410 0x0d5c  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:27:10.0442 0x0d5c  clr_optimization_v4.0.30319_64 - ok
22:27:10.0457 0x0d5c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:27:10.0488 0x0d5c  CmBatt - ok
22:27:10.0535 0x0d5c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:27:10.0551 0x0d5c  cmdide - ok
22:27:10.0613 0x0d5c  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
22:27:10.0691 0x0d5c  CNG - ok
22:27:10.0707 0x0d5c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
22:27:10.0738 0x0d5c  Compbatt - ok
22:27:10.0754 0x0d5c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
22:27:10.0785 0x0d5c  CompositeBus - ok
22:27:10.0800 0x0d5c  COMSysApp - ok
22:27:10.0925 0x0d5c  cpuz134 - ok
22:27:10.0956 0x0d5c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:27:10.0988 0x0d5c  crcdisk - ok
22:27:11.0034 0x0d5c  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:27:11.0081 0x0d5c  CryptSvc - ok
22:27:11.0237 0x0d5c  [ B4D1D62A09F09CB2DFD55628350CDAFB, 7DD3CE77D88B5AFAC4B6187F4CA6D50B7BD3398207163B2A1E4C76467801FF28 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:27:11.0331 0x0d5c  cvhsvc - ok
22:27:11.0424 0x0d5c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:27:11.0534 0x0d5c  DcomLaunch - ok
22:27:11.0596 0x0d5c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
22:27:11.0674 0x0d5c  defragsvc - ok
22:27:11.0736 0x0d5c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:27:11.0799 0x0d5c  DfsC - ok
22:27:11.0846 0x0d5c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:27:11.0924 0x0d5c  Dhcp - ok
22:27:12.0080 0x0d5c  [ EA8A3E8C674B03CB4AFA1D344DBD7BC1, 564D9370AE4D12973647997684B9637B2A5A7480F66B87018F789CE4E43C8191 ] DiagTrack       C:\Windows\system32\diagtrack.dll
22:27:12.0220 0x0d5c  DiagTrack - ok
22:27:12.0236 0x0d5c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
22:27:12.0314 0x0d5c  discache - ok
22:27:12.0360 0x0d5c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
22:27:12.0392 0x0d5c  Disk - ok
22:27:12.0423 0x0d5c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:27:12.0470 0x0d5c  Dnscache - ok
22:27:12.0501 0x0d5c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:27:12.0594 0x0d5c  dot3svc - ok
22:27:12.0626 0x0d5c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
22:27:12.0704 0x0d5c  DPS - ok
22:27:12.0750 0x0d5c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:27:12.0782 0x0d5c  drmkaud - ok
22:27:12.0906 0x0d5c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:27:12.0984 0x0d5c  DXGKrnl - ok
22:27:13.0016 0x0d5c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
22:27:13.0094 0x0d5c  EapHost - ok
22:27:13.0312 0x0d5c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
22:27:13.0577 0x0d5c  ebdrv - ok
22:27:13.0624 0x0d5c  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] EFS             C:\Windows\System32\lsass.exe
22:27:13.0655 0x0d5c  EFS - ok
22:27:13.0764 0x0d5c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:27:13.0874 0x0d5c  ehRecvr - ok
22:27:13.0889 0x0d5c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
22:27:13.0952 0x0d5c  ehSched - ok
22:27:13.0998 0x0d5c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:27:14.0061 0x0d5c  elxstor - ok
22:27:14.0076 0x0d5c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:27:14.0108 0x0d5c  ErrDev - ok
22:27:14.0186 0x0d5c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
22:27:14.0295 0x0d5c  EventSystem - ok
22:27:14.0326 0x0d5c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
22:27:14.0404 0x0d5c  exfat - ok
22:27:14.0435 0x0d5c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:27:14.0513 0x0d5c  fastfat - ok
22:27:14.0591 0x0d5c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
22:27:14.0669 0x0d5c  Fax - ok
22:27:14.0685 0x0d5c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
22:27:14.0716 0x0d5c  fdc - ok
22:27:14.0747 0x0d5c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
22:27:14.0825 0x0d5c  fdPHost - ok
22:27:14.0841 0x0d5c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:27:14.0903 0x0d5c  FDResPub - ok
22:27:14.0934 0x0d5c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:27:14.0966 0x0d5c  FileInfo - ok
22:27:14.0981 0x0d5c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:27:15.0059 0x0d5c  Filetrace - ok
22:27:15.0075 0x0d5c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
22:27:15.0106 0x0d5c  flpydisk - ok
22:27:15.0153 0x0d5c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:27:15.0200 0x0d5c  FltMgr - ok
22:27:15.0324 0x0d5c  [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache       C:\Windows\system32\FntCache.dll
22:27:15.0449 0x0d5c  FontCache - ok
22:27:15.0543 0x0d5c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:27:15.0574 0x0d5c  FontCache3.0.0.0 - ok
22:27:15.0590 0x0d5c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:27:15.0621 0x0d5c  FsDepends - ok
22:27:15.0668 0x0d5c  [ 07DA62C960DDCCC2D35836AEAB4FC578, C67A29E928AF59BF7FB573FAC2176C5598F595406AA90DDB4A364A15BC89A6C4 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
22:27:15.0683 0x0d5c  fssfltr - ok
22:27:15.0870 0x0d5c  [ 28DDEEEC44E988657B732CF404D504CB, 47F83018E5449CDCED3DD447991788EBAAC92C418D4513FBA9408C45E9AB8E7E ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:27:16.0011 0x0d5c  fsssvc - ok
22:27:16.0058 0x0d5c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:27:16.0104 0x0d5c  Fs_Rec - ok
22:27:16.0151 0x0d5c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:27:16.0198 0x0d5c  fvevol - ok
22:27:16.0245 0x0d5c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:27:16.0276 0x0d5c  gagp30kx - ok
22:27:16.0385 0x0d5c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:27:16.0510 0x0d5c  gpsvc - ok
22:27:16.0541 0x0d5c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:27:16.0572 0x0d5c  hcw85cir - ok
22:27:16.0604 0x0d5c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:27:16.0650 0x0d5c  HdAudAddService - ok
22:27:16.0682 0x0d5c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:27:16.0728 0x0d5c  HDAudBus - ok
22:27:16.0728 0x0d5c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
22:27:16.0760 0x0d5c  HidBatt - ok
22:27:16.0791 0x0d5c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:27:16.0838 0x0d5c  HidBth - ok
22:27:16.0853 0x0d5c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:27:16.0884 0x0d5c  HidIr - ok
22:27:16.0916 0x0d5c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
22:27:16.0994 0x0d5c  hidserv - ok
22:27:17.0040 0x0d5c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:27:17.0072 0x0d5c  HidUsb - ok
22:27:17.0118 0x0d5c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:27:17.0196 0x0d5c  hkmsvc - ok
22:27:17.0228 0x0d5c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:27:17.0274 0x0d5c  HomeGroupListener - ok
22:27:17.0337 0x0d5c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:27:17.0462 0x0d5c  HomeGroupProvider - ok
22:27:17.0524 0x0d5c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:27:17.0571 0x0d5c  HpSAMD - ok
22:27:17.0649 0x0d5c  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:27:17.0727 0x0d5c  HTTP - ok
22:27:17.0758 0x0d5c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:27:17.0774 0x0d5c  hwpolicy - ok
22:27:17.0820 0x0d5c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:27:17.0852 0x0d5c  i8042prt - ok
22:27:17.0930 0x0d5c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:27:17.0976 0x0d5c  iaStorV - ok
22:27:18.0086 0x0d5c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:27:18.0179 0x0d5c  idsvc - ok
22:27:18.0195 0x0d5c  IEEtwCollectorService - ok
22:27:18.0226 0x0d5c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:27:18.0257 0x0d5c  iirsp - ok
22:27:18.0335 0x0d5c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
22:27:18.0429 0x0d5c  IKEEXT - ok
22:27:18.0647 0x0d5c  [ 0A30A899C6295F908729EDA7F95615A8, CF99AF47C3C1CD04D3A780C3F0FA2AECD0057DF5D697F5584C6D84906E38EB17 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:27:18.0819 0x0d5c  IntcAzAudAddService - ok
22:27:18.0897 0x0d5c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:27:18.0928 0x0d5c  intelide - ok
22:27:18.0944 0x0d5c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
22:27:18.0975 0x0d5c  intelppm - ok
22:27:19.0022 0x0d5c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:27:19.0100 0x0d5c  IPBusEnum - ok
22:27:19.0115 0x0d5c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:27:19.0193 0x0d5c  IpFilterDriver - ok
22:27:19.0256 0x0d5c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:27:19.0334 0x0d5c  iphlpsvc - ok
22:27:19.0365 0x0d5c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:27:19.0396 0x0d5c  IPMIDRV - ok
22:27:19.0412 0x0d5c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:27:19.0490 0x0d5c  IPNAT - ok
22:27:19.0521 0x0d5c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:27:19.0599 0x0d5c  IRENUM - ok
22:27:19.0614 0x0d5c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:27:19.0646 0x0d5c  isapnp - ok
22:27:19.0724 0x0d5c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:27:19.0802 0x0d5c  iScsiPrt - ok
22:27:19.0848 0x0d5c  [ 4778C034B12DB297F47C9E75E839CC30, 0B676213D2DE1C9DE07F3AFD51DA3E9C65575A2167D1773D4F1F63B1CB80B035 ] jetdrive        C:\Windows\system32\DRIVERS\jddrv.sys
22:27:19.0895 0x0d5c  jetdrive - ok
22:27:19.0911 0x0d5c  JetDrive WindowsClosingService - ok
22:27:19.0942 0x0d5c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:27:19.0958 0x0d5c  kbdclass - ok
22:27:19.0973 0x0d5c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
22:27:20.0004 0x0d5c  kbdhid - ok
22:27:20.0051 0x0d5c  [ E63EF8C3271D014F14E2469CE75FECB4, 3A8DFA4B446AFDC35F01FD5218D0BEBC510A1E3DE9976210F00D19767D0F9069 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
22:27:20.0098 0x0d5c  kbfiltr - ok
22:27:20.0129 0x0d5c  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] KeyIso          C:\Windows\system32\lsass.exe
22:27:20.0145 0x0d5c  KeyIso - ok
22:27:20.0192 0x0d5c  [ F7DFAE6040AC910B7C64EE208A34157D, AEF1100F12391692D9DB78519D843A90C97E199A80DDC4D43E3AF1919A9E8E56 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:27:20.0223 0x0d5c  KSecDD - ok
22:27:20.0254 0x0d5c  [ 8FE94F2EF9BF444E93E35D87E210D02F, 78E8F6FD7C1EA3556194947707BE6893538A9E25A550C22045866C5B30251D14 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:27:20.0285 0x0d5c  KSecPkg - ok
22:27:20.0301 0x0d5c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:27:20.0379 0x0d5c  ksthunk - ok
22:27:20.0457 0x0d5c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:27:20.0566 0x0d5c  KtmRm - ok
22:27:20.0597 0x0d5c  [ 033B4AED2C5519072C0D81E00804D003, 6C450A604C382416C482FED43098B4E95BD61B480B0CEFD728A269446AF18708 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
22:27:20.0628 0x0d5c  L1C - ok
22:27:20.0675 0x0d5c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:27:20.0769 0x0d5c  LanmanServer - ok
22:27:20.0831 0x0d5c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:27:20.0909 0x0d5c  LanmanWorkstation - ok
22:27:20.0940 0x0d5c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:27:21.0018 0x0d5c  lltdio - ok
22:27:21.0065 0x0d5c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:27:21.0159 0x0d5c  lltdsvc - ok
22:27:21.0190 0x0d5c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:27:21.0268 0x0d5c  lmhosts - ok
22:27:21.0315 0x0d5c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:27:21.0346 0x0d5c  LSI_FC - ok
22:27:21.0362 0x0d5c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:27:21.0393 0x0d5c  LSI_SAS - ok
22:27:21.0408 0x0d5c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
22:27:21.0440 0x0d5c  LSI_SAS2 - ok
22:27:21.0455 0x0d5c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:27:21.0486 0x0d5c  LSI_SCSI - ok
22:27:21.0518 0x0d5c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
22:27:21.0596 0x0d5c  luafv - ok
22:27:21.0689 0x0d5c  [ 1E9E32AEC3E1EB1B31B8169F33168B56, 39114585E1FDBBA31E1F781C6A627281907183F94626EB347B08D1F78992ED2A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
22:27:21.0720 0x0d5c  MBAMProtector - ok
22:27:21.0876 0x0d5c  [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
22:27:21.0970 0x0d5c  MBAMService - ok
22:27:22.0032 0x0d5c  [ F49FB3C88E263AE9A246593B0BB29294, FB53D6FA4A98B98334DCFF81E40712265256D31A9E9FF36022887BABD50F39EB ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
22:27:22.0079 0x0d5c  MBAMWebAccessControl - ok
22:27:22.0142 0x0d5c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:27:22.0173 0x0d5c  Mcx2Svc - ok
22:27:22.0188 0x0d5c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
22:27:22.0220 0x0d5c  megasas - ok
22:27:22.0266 0x0d5c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
22:27:22.0298 0x0d5c  MegaSR - ok
22:27:22.0329 0x0d5c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
22:27:22.0407 0x0d5c  MMCSS - ok
22:27:22.0422 0x0d5c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
22:27:22.0500 0x0d5c  Modem - ok
22:27:22.0516 0x0d5c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:27:22.0563 0x0d5c  monitor - ok
22:27:22.0594 0x0d5c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:27:22.0625 0x0d5c  mouclass - ok
22:27:22.0656 0x0d5c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:27:22.0688 0x0d5c  mouhid - ok
22:27:22.0734 0x0d5c  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:27:22.0766 0x0d5c  mountmgr - ok
22:27:22.0859 0x0d5c  [ 73150F67D20270FF95A021A22E64F28A, A8878DEFBE437FB453F8E9243FB5C787D07AC7415A4475388D479C10417C524F ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
22:27:22.0906 0x0d5c  MpFilter - ok
22:27:22.0937 0x0d5c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:27:22.0984 0x0d5c  mpio - ok
22:27:23.0031 0x0d5c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:27:23.0109 0x0d5c  mpsdrv - ok
22:27:23.0218 0x0d5c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:27:23.0343 0x0d5c  MpsSvc - ok
22:27:23.0405 0x0d5c  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:27:23.0436 0x0d5c  MRxDAV - ok
22:27:23.0483 0x0d5c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:27:23.0530 0x0d5c  mrxsmb - ok
22:27:23.0577 0x0d5c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:27:23.0624 0x0d5c  mrxsmb10 - ok
22:27:23.0670 0x0d5c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:27:23.0702 0x0d5c  mrxsmb20 - ok
22:27:23.0748 0x0d5c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:27:23.0764 0x0d5c  msahci - ok
22:27:23.0842 0x0d5c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:27:23.0873 0x0d5c  msdsm - ok
22:27:23.0904 0x0d5c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
22:27:23.0936 0x0d5c  MSDTC - ok
22:27:23.0982 0x0d5c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:27:24.0060 0x0d5c  Msfs - ok
22:27:24.0076 0x0d5c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:27:24.0154 0x0d5c  mshidkmdf - ok
22:27:24.0170 0x0d5c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:27:24.0201 0x0d5c  msisadrv - ok
22:27:24.0248 0x0d5c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:27:24.0341 0x0d5c  MSiSCSI - ok
22:27:24.0357 0x0d5c  msiserver - ok
22:27:24.0372 0x0d5c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:27:24.0450 0x0d5c  MSKSSRV - ok
22:27:24.0544 0x0d5c  [ CE996C1821021ADF8E28E80A54E846A8, 99042E895B6C2EA80F3BA65563A12C8EBA882E3AD6A21DD8E799B0112C75DDD2 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
22:27:24.0575 0x0d5c  MsMpSvc - ok
22:27:24.0591 0x0d5c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:27:24.0669 0x0d5c  MSPCLOCK - ok
22:27:24.0684 0x0d5c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:27:24.0747 0x0d5c  MSPQM - ok
22:27:24.0794 0x0d5c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:27:24.0856 0x0d5c  MsRPC - ok
22:27:24.0903 0x0d5c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:27:24.0934 0x0d5c  mssmbios - ok
22:27:24.0950 0x0d5c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:27:25.0028 0x0d5c  MSTEE - ok
22:27:25.0043 0x0d5c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
22:27:25.0074 0x0d5c  MTConfig - ok
22:27:25.0106 0x0d5c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
22:27:25.0137 0x0d5c  Mup - ok
22:27:25.0199 0x0d5c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
22:27:25.0308 0x0d5c  napagent - ok
22:27:25.0355 0x0d5c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:27:25.0402 0x0d5c  NativeWifiP - ok
22:27:25.0511 0x0d5c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:27:25.0589 0x0d5c  NDIS - ok
22:27:25.0652 0x0d5c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:27:25.0745 0x0d5c  NdisCap - ok
22:27:25.0776 0x0d5c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:27:25.0854 0x0d5c  NdisTapi - ok
22:27:25.0870 0x0d5c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:27:25.0948 0x0d5c  Ndisuio - ok
22:27:25.0979 0x0d5c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:27:26.0057 0x0d5c  NdisWan - ok
22:27:26.0088 0x0d5c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:27:26.0166 0x0d5c  NDProxy - ok
22:27:26.0198 0x0d5c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:27:26.0260 0x0d5c  NetBIOS - ok
22:27:26.0307 0x0d5c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:27:26.0385 0x0d5c  NetBT - ok
22:27:26.0416 0x0d5c  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] Netlogon        C:\Windows\system32\lsass.exe
22:27:26.0447 0x0d5c  Netlogon - ok
22:27:26.0510 0x0d5c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
22:27:26.0619 0x0d5c  Netman - ok
22:27:26.0712 0x0d5c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:27:26.0759 0x0d5c  NetMsmqActivator - ok
22:27:26.0790 0x0d5c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:27:26.0822 0x0d5c  NetPipeActivator - ok
22:27:26.0868 0x0d5c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
22:27:26.0962 0x0d5c  netprofm - ok
22:27:26.0993 0x0d5c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:27:27.0024 0x0d5c  NetTcpActivator - ok
22:27:27.0040 0x0d5c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:27:27.0071 0x0d5c  NetTcpPortSharing - ok
22:27:27.0102 0x0d5c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:27:27.0134 0x0d5c  nfrd960 - ok
22:27:27.0212 0x0d5c  [ 4774AD83C650001B337B92E5E5DA337B, 138ECC7F556D8A12AE58B78B68F6515BE4C00F9F062596B48B6CA6C010F13035 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:27:27.0243 0x0d5c  NisDrv - ok
22:27:27.0321 0x0d5c  [ 96B7D15161A778B359E707796CCEA646, 9E4A25D9848FAECC517474EAD548E7975CBE3F41AAA964E5245E78F2A723925E ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
22:27:27.0399 0x0d5c  NisSrv - ok
22:27:27.0477 0x0d5c  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:27:27.0617 0x0d5c  NlaSvc - ok
22:27:27.0648 0x0d5c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:27:27.0711 0x0d5c  Npfs - ok
22:27:27.0789 0x0d5c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
22:27:27.0851 0x0d5c  nsi - ok
22:27:27.0929 0x0d5c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:27:27.0992 0x0d5c  nsiproxy - ok
22:27:28.0148 0x0d5c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:27:28.0319 0x0d5c  Ntfs - ok
22:27:28.0350 0x0d5c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
22:27:28.0413 0x0d5c  Null - ok
22:27:28.0460 0x0d5c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:27:28.0491 0x0d5c  nvraid - ok
22:27:28.0553 0x0d5c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:27:28.0616 0x0d5c  nvstor - ok
22:27:28.0678 0x0d5c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:27:28.0709 0x0d5c  nv_agp - ok
22:27:28.0725 0x0d5c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:27:28.0756 0x0d5c  ohci1394 - ok
22:27:28.0803 0x0d5c  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:27:28.0834 0x0d5c  ose - ok
22:27:29.0224 0x0d5c  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:27:29.0583 0x0d5c  osppsvc - ok
22:27:29.0692 0x0d5c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:27:29.0754 0x0d5c  p2pimsvc - ok
22:27:29.0832 0x0d5c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
22:27:29.0895 0x0d5c  p2psvc - ok
22:27:29.0957 0x0d5c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
22:27:30.0004 0x0d5c  Parport - ok
22:27:30.0066 0x0d5c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:27:30.0082 0x0d5c  partmgr - ok
22:27:30.0144 0x0d5c  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:27:30.0191 0x0d5c  PcaSvc - ok
22:27:30.0222 0x0d5c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
22:27:30.0269 0x0d5c  pci - ok
22:27:30.0300 0x0d5c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
22:27:30.0332 0x0d5c  pciide - ok
22:27:30.0363 0x0d5c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:27:30.0410 0x0d5c  pcmcia - ok
22:27:30.0425 0x0d5c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:27:30.0456 0x0d5c  pcw - ok
22:27:30.0519 0x0d5c  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:27:30.0597 0x0d5c  PEAUTH - ok
22:27:30.0753 0x0d5c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:27:30.0784 0x0d5c  PerfHost - ok
22:27:30.0987 0x0d5c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
22:27:31.0174 0x0d5c  pla - ok
22:27:31.0252 0x0d5c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:27:31.0330 0x0d5c  PlugPlay - ok
22:27:31.0361 0x0d5c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:27:31.0392 0x0d5c  PNRPAutoReg - ok
22:27:31.0424 0x0d5c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:27:31.0470 0x0d5c  PNRPsvc - ok
22:27:31.0548 0x0d5c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:27:31.0642 0x0d5c  PolicyAgent - ok
22:27:31.0720 0x0d5c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
22:27:31.0814 0x0d5c  Power - ok
22:27:31.0876 0x0d5c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:27:31.0938 0x0d5c  PptpMiniport - ok
22:27:32.0001 0x0d5c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
22:27:32.0032 0x0d5c  Processor - ok
22:27:32.0094 0x0d5c  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:27:32.0141 0x0d5c  ProfSvc - ok
22:27:32.0172 0x0d5c  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:27:32.0204 0x0d5c  ProtectedStorage - ok
22:27:32.0235 0x0d5c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:27:32.0313 0x0d5c  Psched - ok
22:27:32.0438 0x0d5c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:27:32.0562 0x0d5c  ql2300 - ok
22:27:32.0594 0x0d5c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:27:32.0625 0x0d5c  ql40xx - ok
22:27:32.0687 0x0d5c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
22:27:32.0734 0x0d5c  QWAVE - ok
22:27:32.0765 0x0d5c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:27:32.0812 0x0d5c  QWAVEdrv - ok
22:27:32.0828 0x0d5c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:27:32.0906 0x0d5c  RasAcd - ok
22:27:32.0952 0x0d5c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:27:33.0015 0x0d5c  RasAgileVpn - ok
22:27:33.0062 0x0d5c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
22:27:33.0140 0x0d5c  RasAuto - ok
22:27:33.0171 0x0d5c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:27:33.0249 0x0d5c  Rasl2tp - ok
22:27:33.0327 0x0d5c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
22:27:33.0436 0x0d5c  RasMan - ok
22:27:33.0467 0x0d5c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:27:33.0545 0x0d5c  RasPppoe - ok
22:27:33.0561 0x0d5c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:27:33.0639 0x0d5c  RasSstp - ok
22:27:33.0686 0x0d5c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:27:33.0779 0x0d5c  rdbss - ok
22:27:33.0826 0x0d5c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
22:27:33.0857 0x0d5c  rdpbus - ok
22:27:33.0888 0x0d5c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:27:33.0966 0x0d5c  RDPCDD - ok
22:27:34.0013 0x0d5c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:27:34.0076 0x0d5c  RDPENCDD - ok
22:27:34.0138 0x0d5c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:27:34.0200 0x0d5c  RDPREFMP - ok
22:27:34.0294 0x0d5c  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:27:34.0341 0x0d5c  RdpVideoMiniport - ok
22:27:34.0419 0x0d5c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:27:34.0481 0x0d5c  RDPWD - ok
22:27:34.0512 0x0d5c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:27:34.0544 0x0d5c  rdyboost - ok
22:27:34.0606 0x0d5c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:27:34.0684 0x0d5c  RemoteAccess - ok
22:27:34.0746 0x0d5c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:27:34.0840 0x0d5c  RemoteRegistry - ok
22:27:34.0871 0x0d5c  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
22:27:34.0918 0x0d5c  RFCOMM - ok
22:27:34.0949 0x0d5c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:27:35.0027 0x0d5c  RpcEptMapper - ok
22:27:35.0074 0x0d5c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
22:27:35.0105 0x0d5c  RpcLocator - ok
22:27:35.0152 0x0d5c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
22:27:35.0246 0x0d5c  RpcSs - ok
22:27:35.0293 0x0d5c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:27:35.0371 0x0d5c  rspndr - ok
22:27:35.0433 0x0d5c  [ 135A64530D7699AD48F29D73A658DD11, 35838AE8ACFD9047C68DD0C8910557A82998E5CD778D5B98D4767AFA4BCE85BB ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
22:27:35.0480 0x0d5c  RSUSBSTOR - ok
22:27:35.0573 0x0d5c  [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
22:27:35.0636 0x0d5c  RTL8167 - ok
22:27:35.0651 0x0d5c  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] SamSs           C:\Windows\system32\lsass.exe
22:27:35.0683 0x0d5c  SamSs - ok
22:27:35.0729 0x0d5c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:27:35.0761 0x0d5c  sbp2port - ok
22:27:35.0792 0x0d5c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:27:35.0870 0x0d5c  SCardSvr - ok
22:27:35.0917 0x0d5c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:27:35.0979 0x0d5c  scfilter - ok
22:27:36.0073 0x0d5c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
22:27:36.0213 0x0d5c  Schedule - ok
22:27:36.0275 0x0d5c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:27:36.0353 0x0d5c  SCPolicySvc - ok
22:27:36.0385 0x0d5c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:27:36.0431 0x0d5c  SDRSVC - ok
22:27:36.0494 0x0d5c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:27:36.0556 0x0d5c  secdrv - ok
22:27:36.0587 0x0d5c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
22:27:36.0665 0x0d5c  seclogon - ok
22:27:36.0697 0x0d5c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
22:27:36.0775 0x0d5c  SENS - ok
22:27:36.0806 0x0d5c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:27:36.0837 0x0d5c  SensrSvc - ok
22:27:36.0868 0x0d5c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
22:27:36.0899 0x0d5c  Serenum - ok
22:27:36.0931 0x0d5c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
22:27:36.0962 0x0d5c  Serial - ok
22:27:36.0977 0x0d5c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:27:37.0009 0x0d5c  sermouse - ok
22:27:37.0118 0x0d5c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
22:27:37.0196 0x0d5c  SessionEnv - ok
22:27:37.0227 0x0d5c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:27:37.0258 0x0d5c  sffdisk - ok
22:27:37.0274 0x0d5c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:27:37.0305 0x0d5c  sffp_mmc - ok
22:27:37.0336 0x0d5c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:27:37.0367 0x0d5c  sffp_sd - ok
22:27:37.0399 0x0d5c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:27:37.0414 0x0d5c  sfloppy - ok
22:27:37.0523 0x0d5c  [ 21AB491BBCC8C1B26FDC402A374AB196, DD973C9963C840200D153A15078152D499639730D065BB8122C6BE65D4372300 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
22:27:37.0617 0x0d5c  Sftfs - ok
22:27:37.0711 0x0d5c  [ 4E1BB8A9CCDB4BAF41F7F9A930EB121D, D994B20DACEB187BEB6530309E2185040B58105E4FD5AC1DA435712F9DE027D0 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:27:37.0757 0x0d5c  sftlist - ok
22:27:37.0820 0x0d5c  [ 3B8D43FEEFF7A187534DDDFD675FE123, 9308D5C552FE3AF1121A3F7B7595547C6B892FF500377953F3B623511D84698C ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:27:37.0851 0x0d5c  Sftplay - ok
22:27:37.0882 0x0d5c  [ F1D1B1DC7A8765A09D7640FBF8D20970, 72E59B04BC44DAFFB88987C16CF3F9DC35438B15879E102FD83013673E0DB66F ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:27:37.0913 0x0d5c  Sftredir - ok
22:27:37.0945 0x0d5c  [ B3B9ADE7F8C4AF0C20E712E040588543, 9A6BB11DA046BF6F0239952871263E148FAE91FB21065613645114B5FA054EC5 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
22:27:37.0976 0x0d5c  Sftvol - ok
22:27:38.0007 0x0d5c  [ CECFDE5D3701B2D914862F5E6C3DFE18, E7627F90630C306324A39DC3C652B37D255F90636AC19D3302EE5B85BD504BD5 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:27:38.0054 0x0d5c  sftvsa - ok
22:27:38.0147 0x0d5c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:27:38.0257 0x0d5c  SharedAccess - ok
22:27:38.0319 0x0d5c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:27:38.0444 0x0d5c  ShellHWDetection - ok
22:27:38.0506 0x0d5c  [ 1BC348CF6BAA90EC8E533EF6E6A69933, 2B26F6EB701F48E092DED6A7B888F24736F2899EE81D54DD4B1E9DF7CFD36E7A ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
22:27:38.0537 0x0d5c  SiSGbeLH - ok
22:27:38.0569 0x0d5c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
22:27:38.0584 0x0d5c  SiSRaid2 - ok
22:27:38.0615 0x0d5c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:27:38.0647 0x0d5c  SiSRaid4 - ok
22:27:38.0740 0x0d5c  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:27:38.0818 0x0d5c  SkypeUpdate - ok
22:27:38.0849 0x0d5c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:27:38.0927 0x0d5c  Smb - ok
22:27:38.0990 0x0d5c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:27:39.0021 0x0d5c  SNMPTRAP - ok
22:27:39.0052 0x0d5c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:27:39.0083 0x0d5c  spldr - ok
22:27:39.0146 0x0d5c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
22:27:39.0239 0x0d5c  Spooler - ok
22:27:39.0489 0x0d5c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
22:27:39.0785 0x0d5c  sppsvc - ok
22:27:39.0848 0x0d5c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:27:39.0910 0x0d5c  sppuinotify - ok
22:27:39.0988 0x0d5c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:27:40.0066 0x0d5c  srv - ok
22:27:40.0129 0x0d5c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:27:40.0207 0x0d5c  srv2 - ok
22:27:40.0253 0x0d5c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:27:40.0285 0x0d5c  srvnet - ok
22:27:40.0347 0x0d5c  [ 8F8324ED1DE63FFC7B1A02CD2D963C72, E58603F81DEAFF1D45CB83FB6E625E6A13868741B833B1C9E60D672179D18EE0 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
22:27:40.0409 0x0d5c  ssadbus - ok
22:27:40.0456 0x0d5c  [ 58221EFCB74167B73667F0024C661CE0, D9B67A8897B4DC3E4729187F17ABEB4710CF57440D718E17ED828439198D34DB ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
22:27:40.0503 0x0d5c  ssadmdfl - ok
22:27:40.0550 0x0d5c  [ 4DA7C71BFAC5AD71255B7E4CAB980163, 4CC0F9C8E96ECEF36EEB021E448A9734B63512D030516DC38B1A2EEAA1043AEC ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
22:27:40.0612 0x0d5c  ssadmdm - ok
22:27:40.0675 0x0d5c  [ D33D1BD3EC0E766211A234F56A12726D, 53EEAA94865554F8422D111D717B548DF553B5B8647D2A45F3718BF4AEEBEC27 ] ssadserd        C:\Windows\system32\DRIVERS\ssadserd.sys
22:27:40.0737 0x0d5c  ssadserd - ok
22:27:40.0815 0x0d5c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:27:40.0893 0x0d5c  SSDPSRV - ok
22:27:40.0924 0x0d5c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:27:41.0002 0x0d5c  SstpSvc - ok
22:27:41.0065 0x0d5c  [ EF806D212D34B0E173BAEB3564D53E37, 6EF229A7B7AFF0268CDF47B77F961BD44335C3B35499BB00CBA494A22B2BA39E ] ss_bbus         C:\Windows\system32\DRIVERS\ss_bbus.sys
22:27:41.0096 0x0d5c  ss_bbus - ok
22:27:41.0127 0x0d5c  [ 08B1B34ABEBEB6AC2DEA06900C56411E, 928EF9B9F194DB07049BA2D7127756B021C2729F562E54F7FECD0F2B2FF5A209 ] ss_bmdfl        C:\Windows\system32\DRIVERS\ss_bmdfl.sys
22:27:41.0158 0x0d5c  ss_bmdfl - ok
22:27:41.0236 0x0d5c  [ 71A9DA6BEAA4CB54DFB827FB78600A5D, 6393CA17CF6A6F30447FF599B2D27CAB44BA1A709D986AC5E14463303094BE5F ] ss_bmdm         C:\Windows\system32\DRIVERS\ss_bmdm.sys
22:27:41.0283 0x0d5c  ss_bmdm - ok
22:27:41.0361 0x0d5c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
22:27:41.0392 0x0d5c  stexstor - ok
22:27:41.0486 0x0d5c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
22:27:41.0564 0x0d5c  stisvc - ok
22:27:41.0595 0x0d5c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:27:41.0626 0x0d5c  swenum - ok
22:27:41.0782 0x0d5c  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:27:41.0860 0x0d5c  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
22:27:41.0860 0x0d5c  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
22:27:41.0954 0x0d5c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
22:27:42.0063 0x0d5c  swprv - ok
22:27:42.0188 0x0d5c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
22:27:42.0359 0x0d5c  SysMain - ok
22:27:42.0406 0x0d5c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:27:42.0453 0x0d5c  TabletInputService - ok
22:27:42.0500 0x0d5c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:27:42.0625 0x0d5c  TapiSrv - ok
22:27:42.0656 0x0d5c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
22:27:42.0734 0x0d5c  TBS - ok
22:27:42.0890 0x0d5c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:27:43.0046 0x0d5c  Tcpip - ok
22:27:43.0171 0x0d5c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:27:43.0280 0x0d5c  TCPIP6 - ok
22:27:43.0405 0x0d5c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:27:43.0436 0x0d5c  tcpipreg - ok
22:27:43.0514 0x0d5c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:27:43.0561 0x0d5c  TDPIPE - ok
22:27:43.0639 0x0d5c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:27:43.0670 0x0d5c  TDTCP - ok
22:27:43.0732 0x0d5c  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:27:43.0763 0x0d5c  tdx - ok
22:27:43.0810 0x0d5c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:27:43.0826 0x0d5c  TermDD - ok
22:27:43.0935 0x0d5c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
22:27:44.0044 0x0d5c  TermService - ok
22:27:44.0091 0x0d5c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
22:27:44.0138 0x0d5c  Themes - ok
22:27:44.0185 0x0d5c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
22:27:44.0263 0x0d5c  THREADORDER - ok
22:27:44.0309 0x0d5c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
22:27:44.0387 0x0d5c  TrkWks - ok
22:27:44.0465 0x0d5c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:27:44.0543 0x0d5c  TrustedInstaller - ok
22:27:44.0653 0x0d5c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:27:44.0684 0x0d5c  tssecsrv - ok
22:27:44.0762 0x0d5c  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:27:44.0793 0x0d5c  TsUsbFlt - ok
22:27:44.0840 0x0d5c  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
22:27:44.0871 0x0d5c  TsUsbGD - ok
22:27:44.0933 0x0d5c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:27:45.0011 0x0d5c  tunnel - ok
22:27:45.0058 0x0d5c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:27:45.0089 0x0d5c  uagp35 - ok
22:27:45.0121 0x0d5c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:27:45.0214 0x0d5c  udfs - ok
22:27:45.0292 0x0d5c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:27:45.0323 0x0d5c  UI0Detect - ok
22:27:45.0355 0x0d5c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:27:45.0386 0x0d5c  uliagpkx - ok
22:27:45.0417 0x0d5c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:27:45.0448 0x0d5c  umbus - ok
22:27:45.0479 0x0d5c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
22:27:45.0495 0x0d5c  UmPass - ok
22:27:45.0557 0x0d5c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
22:27:45.0682 0x0d5c  upnphost - ok
22:27:45.0729 0x0d5c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:27:45.0776 0x0d5c  usbccgp - ok
22:27:45.0823 0x0d5c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:27:45.0869 0x0d5c  usbcir - ok
22:27:45.0916 0x0d5c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:27:45.0947 0x0d5c  usbehci - ok
22:27:46.0010 0x0d5c  [ 76E2FFAD301490BA27B947C6507752FB, A4C6FC5C3BF428C624D0792873CB01C8F16F49B0E8B36422025A1094F0AAE231 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
22:27:46.0041 0x0d5c  usbfilter - ok
22:27:46.0103 0x0d5c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:27:46.0150 0x0d5c  usbhub - ok
22:27:46.0197 0x0d5c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
22:27:46.0213 0x0d5c  usbohci - ok
22:27:46.0291 0x0d5c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:27:46.0322 0x0d5c  usbprint - ok
22:27:46.0384 0x0d5c  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
22:27:46.0431 0x0d5c  usbscan - ok
22:27:46.0462 0x0d5c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:27:46.0509 0x0d5c  USBSTOR - ok
22:27:46.0571 0x0d5c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:27:46.0603 0x0d5c  usbuhci - ok
22:27:46.0665 0x0d5c  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
22:27:46.0727 0x0d5c  usbvideo - ok
22:27:46.0759 0x0d5c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
22:27:46.0837 0x0d5c  UxSms - ok
22:27:46.0883 0x0d5c  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] VaultSvc        C:\Windows\system32\lsass.exe
22:27:46.0915 0x0d5c  VaultSvc - ok
22:27:46.0961 0x0d5c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:27:46.0993 0x0d5c  vdrvroot - ok
22:27:47.0055 0x0d5c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
22:27:47.0180 0x0d5c  vds - ok
22:27:47.0211 0x0d5c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:27:47.0258 0x0d5c  vga - ok
22:27:47.0289 0x0d5c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:27:47.0367 0x0d5c  VgaSave - ok
22:27:47.0398 0x0d5c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:27:47.0429 0x0d5c  vhdmp - ok
22:27:47.0523 0x0d5c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:27:47.0554 0x0d5c  viaide - ok
22:27:47.0601 0x0d5c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:27:47.0617 0x0d5c  volmgr - ok
22:27:47.0679 0x0d5c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:27:47.0726 0x0d5c  volmgrx - ok
22:27:47.0757 0x0d5c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:27:47.0804 0x0d5c  volsnap - ok
22:27:47.0851 0x0d5c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:27:47.0882 0x0d5c  vsmraid - ok
22:27:48.0007 0x0d5c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
22:27:48.0209 0x0d5c  VSS - ok
22:27:48.0256 0x0d5c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:27:48.0287 0x0d5c  vwifibus - ok
22:27:48.0319 0x0d5c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:27:48.0365 0x0d5c  vwififlt - ok
22:27:48.0397 0x0d5c  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
22:27:48.0428 0x0d5c  vwifimp - ok
22:27:48.0475 0x0d5c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
22:27:48.0568 0x0d5c  W32Time - ok
22:27:48.0631 0x0d5c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:27:48.0646 0x0d5c  WacomPen - ok
22:27:48.0693 0x0d5c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:27:48.0771 0x0d5c  WANARP - ok
22:27:48.0802 0x0d5c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:27:48.0865 0x0d5c  Wanarpv6 - ok
22:27:49.0021 0x0d5c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
22:27:49.0130 0x0d5c  WatAdminSvc - ok
22:27:49.0255 0x0d5c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
22:27:49.0379 0x0d5c  wbengine - ok
22:27:49.0442 0x0d5c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:27:49.0489 0x0d5c  WbioSrvc - ok
22:27:49.0535 0x0d5c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:27:49.0613 0x0d5c  wcncsvc - ok
22:27:49.0660 0x0d5c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:27:49.0707 0x0d5c  WcsPlugInService - ok
22:27:49.0769 0x0d5c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
22:27:49.0785 0x0d5c  Wd - ok
22:27:49.0894 0x0d5c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:27:49.0988 0x0d5c  Wdf01000 - ok
22:27:50.0035 0x0d5c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:27:50.0081 0x0d5c  WdiServiceHost - ok
22:27:50.0113 0x0d5c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:27:50.0144 0x0d5c  WdiSystemHost - ok
22:27:50.0206 0x0d5c  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
22:27:50.0284 0x0d5c  WebClient - ok
22:27:50.0362 0x0d5c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:27:50.0440 0x0d5c  Wecsvc - ok
22:27:50.0503 0x0d5c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:27:50.0581 0x0d5c  wercplsupport - ok
22:27:50.0612 0x0d5c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:27:50.0690 0x0d5c  WerSvc - ok
22:27:50.0737 0x0d5c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:27:50.0799 0x0d5c  WfpLwf - ok
22:27:50.0893 0x0d5c  [ 52DED146E4797E6CCF94799E8E22BB2A, 57A29260D81AA3AD3F8C29E9CFA7CE3970D7A8BF673ADD9B256EE76C7DEC080E ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
22:27:50.0924 0x0d5c  WimFltr - ok
22:27:50.0986 0x0d5c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:27:51.0017 0x0d5c  WIMMount - ok
22:27:51.0080 0x0d5c  WinDefend - ok
22:27:51.0142 0x0d5c  WinHttpAutoProxySvc - ok
22:27:51.0251 0x0d5c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:27:51.0361 0x0d5c  Winmgmt - ok
22:27:51.0532 0x0d5c  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
22:27:51.0719 0x0d5c  WinRM - ok
22:27:51.0860 0x0d5c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
22:27:51.0907 0x0d5c  WinUsb - ok
22:27:52.0016 0x0d5c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:27:52.0109 0x0d5c  Wlansvc - ok
22:27:52.0234 0x0d5c  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:27:52.0265 0x0d5c  wlcrasvc - ok
22:27:52.0468 0x0d5c  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:27:52.0624 0x0d5c  wlidsvc - ok
22:27:52.0671 0x0d5c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
22:27:52.0702 0x0d5c  WmiAcpi - ok
22:27:52.0796 0x0d5c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:27:52.0827 0x0d5c  wmiApSrv - ok
22:27:52.0889 0x0d5c  WMPNetworkSvc - ok
22:27:52.0952 0x0d5c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:27:52.0983 0x0d5c  WPCSvc - ok
22:27:53.0030 0x0d5c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:27:53.0061 0x0d5c  WPDBusEnum - ok
22:27:53.0123 0x0d5c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:27:53.0201 0x0d5c  ws2ifsl - ok
22:27:53.0233 0x0d5c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
22:27:53.0279 0x0d5c  wscsvc - ok
22:27:53.0326 0x0d5c  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
22:27:53.0373 0x0d5c  WSDPrintDevice - ok
22:27:53.0420 0x0d5c  [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
22:27:53.0451 0x0d5c  WSDScan - ok
22:27:53.0482 0x0d5c  WSearch - ok
22:27:53.0701 0x0d5c  [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:27:53.0935 0x0d5c  wuauserv - ok
22:27:53.0997 0x0d5c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:27:54.0075 0x0d5c  WudfPf - ok
22:27:54.0106 0x0d5c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:27:54.0137 0x0d5c  WUDFRd - ok
22:27:54.0200 0x0d5c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:27:54.0231 0x0d5c  wudfsvc - ok
22:27:54.0293 0x0d5c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:27:54.0356 0x0d5c  WwanSvc - ok
22:27:54.0481 0x0d5c  ================ Scan global ===============================
22:27:54.0543 0x0d5c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
22:27:54.0590 0x0d5c  [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
22:27:54.0652 0x0d5c  [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
22:27:54.0699 0x0d5c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
22:27:54.0761 0x0d5c  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
22:27:54.0777 0x0d5c  [ Global ] - ok
22:27:54.0777 0x0d5c  ================ Scan MBR ==================================
22:27:54.0808 0x0d5c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:27:55.0385 0x0d5c  \Device\Harddisk0\DR0 - ok
22:27:55.0401 0x0d5c  [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR1
22:27:55.0619 0x0d5c  \Device\Harddisk1\DR1 - ok
22:27:55.0619 0x0d5c  ================ Scan VBR ==================================
22:27:55.0635 0x0d5c  [ B4A6047DFC0BE341D16F429E084E05C2 ] \Device\Harddisk0\DR0\Partition1
22:27:55.0651 0x0d5c  \Device\Harddisk0\DR0\Partition1 - ok
22:27:55.0682 0x0d5c  [ 35F4BBC6B937761AE7440AC5822564C4 ] \Device\Harddisk0\DR0\Partition2
22:27:55.0682 0x0d5c  \Device\Harddisk0\DR0\Partition2 - ok
22:27:55.0697 0x0d5c  [ 80B1C80F0A2A638CA190B3A87D5A8DCE ] \Device\Harddisk1\DR1\Partition1
22:27:55.0697 0x0d5c  \Device\Harddisk1\DR1\Partition1 - ok
22:27:55.0697 0x0d5c  ================ Scan generic autorun ======================
22:27:55.0885 0x0d5c  [ 0BE126224273ACB0925C07B30A0E4209, CFFFCA6E70B1818438157209A99B573D06F8FC9F773F8EF3DE4A997A1992F25A ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
22:27:56.0056 0x0d5c  RtHDVBg - ok
22:27:56.0134 0x0d5c  [ 5447AF432CDA61159ADDE218C468FFD9, 63BD74521F679F195C24C1818267ECCBD8A7F5C2B4CEF3E60EC46B5AE0AC72A8 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
22:27:56.0181 0x0d5c  AdobeAAMUpdater-1.0 - ok
22:27:56.0337 0x0d5c  [ 35BA4E6632BA690EA6421C1E03537D0E, 99D6B4DB12ABE3A7F44AB1B2D626978E85231185AE280D9516986027BC8385CB ] C:\Program Files\Microsoft Security Client\msseces.exe
22:27:56.0462 0x0d5c  MSC - ok
22:27:56.0477 0x0d5c  shopperz - ok
22:27:56.0477 0x0d5c  shopperz64 - ok
22:27:56.0555 0x0d5c  [ 8784236EED5079493DA9FC95B28B89F8, E59C349B964F585C27F63FBF7C1B5D7C6CF8CC958BD35100A36D57542DC13972 ] C:\Windows\SYSTEM32\WerFault.exe
22:27:56.0602 0x0d5c  *WerKernelReporting - ok
22:27:56.0696 0x0d5c  [ 5AEBF6FA9805C9101220AA4FB4FA17E7, A9B2FC41380211A6C44E839A95676A5BA868CEEBB56D83A780230434C2A20836 ] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
22:27:56.0727 0x0d5c  HControlUser - ok
22:27:56.0899 0x0d5c  [ 36E7CE6EA4C190AA88C25CDD3C89D84C, F5F927116329982712310295CBFB3B9EA228FF9A7054E6BCB395B37C45D8DEA8 ] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
22:27:57.0070 0x0d5c  Wireless Console 3 - detected UnsignedFile.Multi.Generic ( 1 )
22:27:57.0070 0x0d5c  Wireless Console 3 ( UnsignedFile.Multi.Generic ) - warning
22:27:57.0164 0x0d5c  [ 8F9DCED3A575C7DC6011934AF06A052F, B37AC51B31991AEA1404F484C25C80A0004426F7377943423C35AE67D0D4EC5F ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
22:27:57.0211 0x0d5c  StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
22:27:57.0211 0x0d5c  StartCCC ( UnsignedFile.Multi.Generic ) - warning
22:27:57.0289 0x0d5c  [ 27CFFB1E41A2BE2A25957A679BD84E10, 521DC8F3439EAA780AE0DA68B0FC6E671963AF76E165590EA83D2F6896B1C941 ] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
22:27:57.0335 0x0d5c  AdobeCS5ServiceManager - detected UnsignedFile.Multi.Generic ( 1 )
22:27:57.0335 0x0d5c  AdobeCS5ServiceManager ( UnsignedFile.Multi.Generic ) - warning
22:27:57.0382 0x0d5c  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:27:57.0429 0x0d5c  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
22:27:57.0429 0x0d5c  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
22:27:57.0460 0x0d5c  Sidebar - ok
22:27:57.0491 0x0d5c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:27:57.0538 0x0d5c  mctadmin - ok
22:27:57.0554 0x0d5c  Sidebar - ok
22:27:57.0569 0x0d5c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:27:57.0601 0x0d5c  mctadmin - ok
22:27:57.0788 0x0d5c  [ 9EB925EDC8CF1C3D06E50E9348B54A0A, 99C1F8D40A65E1F4975B0D1180B3056712832E0E8FBE829785FDD505B6222AEA ] C:\Users\Va\AppData\Local\Facebook\Update\FacebookUpdate.exe
22:27:57.0819 0x0d5c  Facebook Update - ok
22:27:58.0147 0x0d5c  [ 24B1666FD14CC71C7B0679AC61625B90, 4243F0B91BF9EAB365BBC724F5984FEB3AD74DF91EAF15F36A44DEA0AEDB7D20 ] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
22:27:58.0443 0x0d5c  msnmsgr - ok
22:27:58.0583 0x0d5c  [ 6BF7676296D5359AFC135A5397000053, D31B9BCB856D6EFDEA27E4D4D341FF939BCBF0E8C97786B447C2074B3C68298E ] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
22:27:58.0615 0x0d5c  ISUSPM - ok
22:27:58.0661 0x0d5c  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x61010 ( enabled : outofdate )
22:27:58.0693 0x0d5c  Win FW state via NFP2: enabled
22:27:58.0693 0x0d5c  ============================================================
22:27:58.0693 0x0d5c  Scan finished
22:27:58.0693 0x0d5c  ============================================================
22:27:58.0708 0x0ebc  Detected object count: 6
22:27:58.0708 0x0ebc  Actual detected object count: 6
22:28:51.0951 0x0ebc  Application Hosting ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0951 0x0ebc  Application Hosting ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:28:51.0951 0x0ebc  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0951 0x0ebc  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:28:51.0951 0x0ebc  Wireless Console 3 ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0951 0x0ebc  Wireless Console 3 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:28:51.0951 0x0ebc  StartCCC ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0951 0x0ebc  StartCCC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:28:51.0967 0x0ebc  AdobeCS5ServiceManager ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0967 0x0ebc  AdobeCS5ServiceManager ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:28:51.0967 0x0ebc  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0967 0x0ebc  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

M-K-D-B · 28.05.2015, 22:00

Servus,

FRST nochmal als Administrator ausführen:

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

armer tor · 28.05.2015, 22:08

Hallo Matthias,

anbei die neuen Logs. Dazu noch ne Frage: Soll ich mit dem infizierten Laptop ins Internet gehen? Ich hab bisher die Check-programme auf meinen PC runtergeladen, auf einen USB-Stick gepackt und von diesem aus auf dem Laptop gestartet. Kann ich das alles problemlos auf dem Laptop machen? Mein bisheriges Verfahren ist bischen umständlich.

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Administrator (administrator) on VANESSA on 28-05-2015 22:49:24
Running from F:\
Loaded Profiles: Administrator (Available Profiles: Va & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\ProgramData\Application Hosting\Application Hosting.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Windows\AsScrPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-07-11] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [shopperz] => C:\Program Files\shopperz\wrex.exe
HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\wrex64.exe
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-533800774-2781401254-862098746-500\...\MountPoints2: E - E:\tools\shelexec.exe html\index.htm
HKU\S-1-5-21-533800774-2781401254-862098746-500\Control Panel\Desktop\\SCRNSAVE.EXE -> none
Startup: C:\Users\Va\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-14]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{98781c85-f0a2-8c2e-9878-81c85f0a7217}\hqghumeaylnlf.exe (No File)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRak5VLd2-qOELyVxZYVzEWTOSLvRC5kQFMUFB7HWxsC9qmgaEbtsWspeiXQk_8_R5znT6R1fDwhz3ZT22Ce-MfY_wYPvYB4AnBCxL1g_GQSduAYPn-8I3RnEZZS00xXKu2ObU3QI19LskZNnUYycjKHjOqjFsJR-kRbYXjgg&q={searchTerms}
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-533800774-2781401254-862098746-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-11-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Users\Va\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-01-23] (Zeon Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2013-10-03]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-15]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\searchengine@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-05-15] <==== ATTENTION

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [Not Found]
StartMenuInternet: Chrome.6GZLNA5C4J2QMH4JSOMW2BL5CY - C:\Users\Va\AppData\Local\Chrome\Application\chrome.exe hxxp://www.mystartsearch.com/?type=sc&ts=1429045915&from=ima&uid=WDCXWD3200BPVT-80ZEST0_WD-WXA1A41H0606H0606

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-13] (Advanced Micro Devices, Inc.) [File not signed]
R2 Application Hosting; C:\ProgramData\Application Hosting\Application Hosting.exe [34304 2015-04-14] () [File not signed]
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 JetDrive WindowsClosingService; C:\Windows\System32\WindowsClosingService [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 jetdrive; C:\Windows\System32\DRIVERS\jddrv.sys [37248 2012-05-22] (Abelssoft GmbH)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 cpuz134; \??\C:\Users\Va\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 22:25 - 2015-05-28 22:25 - 00000000 ____D () C:\Users\Va\AppData\Local\{D84737A7-566F-467F-AF2D-8B712DAC0561}
2015-05-28 21:25 - 2015-05-28 21:25 - 576024606 _____ () C:\Windows\MEMORY.DMP
2015-05-28 21:25 - 2015-05-28 21:25 - 00455656 _____ () C:\Windows\Minidump\052815-46254-01.dmp
2015-05-28 21:25 - 2015-05-28 21:25 - 00000000 ____D () C:\Windows\Minidump
2015-05-28 20:34 - 2015-05-28 22:49 - 00000000 ____D () C:\FRST
2015-05-28 20:31 - 2015-05-28 20:31 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2015-05-28 20:17 - 2015-05-28 20:17 - 00000000 ____D () C:\Users\Va\AppData\Local\{44EFFC24-9A11-456C-9B68-99F4DE8F578A}
2015-05-28 17:52 - 2015-05-28 17:52 - 00000000 ____D () C:\Users\Va\AppData\Local\{F4AD3D71-E05D-462F-82A8-8175F86F3613}
2015-05-27 21:55 - 2015-05-27 21:55 - 00000000 ____D () C:\Users\Va\AppData\Local\{226B8C84-8E97-4400-8B07-CA88C3F60E3F}
2015-05-20 21:16 - 2015-05-20 21:16 - 00000000 ____D () C:\Users\Va\AppData\Local\{1432F450-032F-4DCA-A989-3212D395CE53}
2015-05-20 20:34 - 2015-05-20 20:34 - 00000000 ____D () C:\Users\Va\AppData\Local\{05E28185-CE2F-4D67-A3B9-969D18B71351}
2015-05-20 20:21 - 2015-05-20 20:21 - 00000000 ____D () C:\Users\Va\AppData\Local\{0B366F7F-19FB-4669-9467-4C433FEC4700}
2015-05-20 00:23 - 2015-05-20 08:52 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-20 00:23 - 2015-05-20 00:23 - 00001100 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-20 00:23 - 2015-05-20 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-20 00:23 - 2015-05-20 00:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-20 00:23 - 2015-05-20 00:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-20 00:23 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-20 00:23 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-20 00:23 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-20 00:11 - 2015-05-20 00:11 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2015-05-20 00:11 - 2015-05-20 00:11 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2015-05-20 00:11 - 2015-05-20 00:11 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieBrowserModeList
2015-05-19 23:32 - 2015-05-27 22:32 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-19 23:19 - 2015-05-19 23:24 - 00000000 ____D () C:\AdwCleaner
2015-05-19 17:08 - 2015-05-20 00:21 - 00058584 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-19 17:08 - 2015-05-19 17:08 - 00059088 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-05-19 17:08 - 2015-05-19 17:08 - 00000000 ____D () C:\Users\Administrator\Documents\FILSHtray
2015-05-19 17:08 - 2015-05-19 17:08 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2015-05-19 17:08 - 2015-05-19 17:08 - 00000000 ____D () C:\Users\Administrator\AppData\Local\FILSH_Media_GmbH
2015-05-19 17:08 - 2015-05-19 17:08 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2015-05-19 17:08 - 2015-05-19 17:08 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2015-05-19 17:07 - 2015-05-28 20:31 - 00000000 ____D () C:\Users\Administrator
2015-05-19 17:07 - 2015-05-19 17:08 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2015-05-19 17:07 - 2015-05-19 17:07 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Power2Go
2015-05-19 17:07 - 2012-10-14 18:06 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\TuneUp Software
2015-05-19 17:07 - 2012-10-11 09:03 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2015-05-19 17:07 - 2011-08-11 18:20 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-05-19 17:07 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-19 17:07 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-19 15:13 - 2015-05-19 15:13 - 00000000 ____D () C:\Users\Va\AppData\Local\{2D494D01-B861-49E4-B3D9-355F35CB2E4E}
2015-05-16 22:25 - 2015-05-27 21:51 - 00000272 _____ () C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job
2015-05-16 22:21 - 2015-05-20 20:20 - 00058584 _____ () C:\Users\Va\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-16 22:20 - 2015-05-28 22:41 - 00002558 _____ () C:\Windows\setupact.log
2015-05-16 22:20 - 2015-05-16 22:20 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-16 22:19 - 2015-05-20 08:47 - 00002716 _____ () C:\Windows\PFRO.log
2015-05-16 22:19 - 2015-05-20 00:18 - 04822584 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-16 22:18 - 2015-05-16 22:18 - 00088172 _____ () C:\Users\Va\Documents\cc_20150516_221800.reg
2015-05-16 21:44 - 2015-05-16 21:44 - 00001142 _____ () C:\Users\Va\Desktop\ASUS Produktregistrierung.lnk
2015-05-16 21:26 - 2015-05-16 21:26 - 00000000 _____ () C:\Users\Va\AppData\Local\Temp.dat
2015-05-16 11:04 - 2015-05-16 11:05 - 00000000 ____D () C:\Users\Va\AppData\Local\{F001455B-59BE-4115-AE64-C165EFB84113}
2015-05-15 22:36 - 2015-05-19 23:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-15 17:24 - 2015-05-15 17:24 - 00000000 ____D () C:\Users\Va\AppData\Local\{7A20DB37-FBC4-4BCF-A0D4-EE44E831AD1F}
2015-05-15 00:33 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 00:33 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 18:18 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-14 18:18 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-14 18:18 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-14 18:18 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-14 18:18 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-14 18:18 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-14 18:18 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-14 18:18 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-14 18:18 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-14 18:18 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-14 18:18 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-14 18:18 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-14 18:18 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-14 18:18 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-14 18:18 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-14 18:18 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-14 18:18 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-14 18:18 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-14 18:18 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-14 18:18 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-14 18:18 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-14 18:18 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-14 18:18 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-14 18:18 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-14 18:18 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-14 18:18 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-14 18:18 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-14 18:18 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-14 18:18 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-14 18:18 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-14 18:18 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-14 18:18 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-14 18:18 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-14 18:18 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-14 18:18 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-14 18:18 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-14 18:18 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-14 18:18 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-14 18:18 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-14 18:18 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-14 18:18 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-14 18:18 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-14 18:18 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-14 18:18 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-14 18:18 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-14 18:18 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-14 18:18 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-14 18:18 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-14 18:18 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-14 18:18 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-14 18:18 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-14 18:18 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-14 18:18 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-14 18:18 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-14 18:18 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-14 18:17 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-14 18:17 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-14 18:17 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-14 18:17 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-14 18:17 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-14 16:49 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-14 16:49 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-14 16:49 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-14 16:49 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-14 16:49 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 16:46 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-14 16:46 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-14 16:46 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-14 16:46 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-14 16:46 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-14 16:46 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-14 16:46 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-14 16:46 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-14 16:46 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-14 16:46 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-14 16:46 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-14 16:46 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-14 16:46 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-14 16:46 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-14 16:46 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-14 16:46 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-14 16:46 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-14 16:46 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-14 16:46 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-14 16:46 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-14 16:46 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-14 16:46 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-14 16:46 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-14 16:46 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-14 16:44 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 16:44 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 16:44 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-14 16:44 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-14 16:44 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-14 16:44 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-14 16:44 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-14 16:43 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-14 16:43 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-14 16:43 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-14 16:43 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-14 16:43 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-14 16:43 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-14 16:43 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-14 16:43 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-14 16:43 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-14 16:43 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-14 16:43 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-14 15:14 - 2015-05-14 15:14 - 00000000 ____D () C:\Program Files (x86)\TrimModule
2015-05-14 15:13 - 2015-05-14 15:13 - 00000000 ____D () C:\Users\Va\AppData\Local\{799E0E24-8409-4364-BAA9-CC81AB87C1DC}
2015-05-03 14:16 - 2015-05-03 14:16 - 00000000 ____D () C:\Users\Va\AppData\Local\{AB8A634F-5BD1-4B6B-BC2B-6BEB6328F204}
2015-05-03 12:13 - 2015-05-03 12:13 - 00000000 ____D () C:\Users\Va\AppData\Local\{CC9CB319-0D4D-4A95-8B0E-474F65A4F04D}
2015-05-03 12:12 - 2015-05-03 12:14 - 00000000 ____D () C:\Users\Va\Documents\Fax
2015-05-02 10:55 - 2015-05-02 10:55 - 00684184 _____ (Opera Software) C:\Users\Va\Downloads\Opera_NI_stable.exe
2015-05-02 09:58 - 2015-05-02 09:59 - 00000000 ____D () C:\Users\Va\AppData\Local\{D135E88E-4572-4C5E-A949-EB6173D0C63E}
2015-04-29 20:50 - 2015-05-14 19:42 - 00003736 _____ () C:\Windows\System32\Tasks\keepup
2015-04-29 20:42 - 2015-04-29 20:42 - 00000000 ____D () C:\Users\Va\AppData\Local\{827C5103-74DE-4620-B4AE-AED0DA9E9E6F}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 22:48 - 2009-07-14 06:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-28 22:48 - 2009-07-14 06:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-28 22:44 - 2011-08-11 17:44 - 01896372 _____ () C:\Windows\WindowsUpdate.log
2015-05-28 22:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-28 22:25 - 2011-12-24 23:50 - 00000000 ____D () C:\Users\Va\Tracing
2015-05-28 21:59 - 2012-04-11 22:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-28 20:05 - 2011-12-24 22:46 - 00001126 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001UA.job
2015-05-28 15:06 - 2014-12-03 20:03 - 00001312 _____ () C:\Users\Va\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome.lnk
2015-05-28 15:05 - 2015-04-14 23:12 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.79
2015-05-27 22:58 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-27 22:07 - 2011-02-19 06:24 - 00711530 _____ () C:\Windows\system32\perfh007.dat
2015-05-27 22:07 - 2011-02-19 06:24 - 00153720 _____ () C:\Windows\system32\perfc007.dat
2015-05-27 22:07 - 2009-07-14 07:13 - 01652924 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-20 21:13 - 2015-04-21 17:35 - 00000000 ____D () C:\Users\Va\AppData\Roaming\jellylam
2015-05-20 21:13 - 2015-04-14 23:10 - 00000000 ____D () C:\Users\Va\AppData\Roaming\Winsta
2015-05-20 21:01 - 2011-04-13 04:47 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-05-20 21:00 - 2011-04-13 04:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-05-20 20:58 - 2011-08-11 18:14 - 00000000 ____D () C:\Windows\SysWOW64\ASUS_Screensaver dir
2015-05-20 20:57 - 2014-07-14 01:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetDrive
2015-05-20 08:49 - 2011-08-11 18:12 - 00002052 _____ () C:\Windows\system32\ServiceFilter.ini
2015-05-20 01:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-20 00:20 - 2009-07-29 08:03 - 00000000 ____D () C:\Windows\Panther
2015-05-20 00:16 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-05-20 00:16 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2015-05-20 00:10 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-05-19 23:41 - 2012-11-06 23:31 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-19 23:28 - 2011-12-24 07:02 - 00000000 ___HD () C:\ASUS.DAT
2015-05-19 23:24 - 2011-12-24 07:01 - 00000000 ____D () C:\Users\Va
2015-05-19 18:06 - 2011-12-29 15:30 - 00000000 ____D () C:\Program Files (x86)\FILSHtray
2015-05-16 22:21 - 2011-08-11 18:12 - 00002628 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-05-16 22:16 - 2015-04-14 23:13 - 00003836 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1429045976
2015-05-16 22:07 - 2015-04-14 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-05-16 21:38 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-15 17:14 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-15 17:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-15 17:08 - 2011-04-13 04:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-15 00:47 - 2012-01-17 23:23 - 01680542 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-15 00:47 - 2012-01-17 23:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-05-15 00:43 - 2014-07-13 17:46 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-15 00:43 - 2014-07-13 17:46 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-15 00:42 - 2014-07-13 17:46 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-15 00:42 - 2014-07-13 17:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-15 00:33 - 2013-03-15 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-15 00:30 - 2013-03-15 14:53 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 19:42 - 2015-04-21 17:35 - 00003212 _____ () C:\Windows\System32\Tasks\DriverMgr
2015-05-14 19:42 - 2015-04-21 17:35 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-05-14 19:42 - 2015-04-14 23:11 - 00003264 _____ () C:\Windows\System32\Tasks\Winsta Update
2015-05-14 19:41 - 2011-08-11 17:52 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-03 14:14 - 2013-10-03 19:05 - 00250368 ___SH () C:\Users\Va\Desktop\Thumbs.db
2015-04-29 20:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat

==================== Files in the root of some directories =======

2013-10-24 21:18 - 2013-10-24 21:18 - 50053120 _____ () C:\Program Files (x86)\GUTF19F.tmp
2014-01-10 19:50 - 2014-01-10 19:52 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2011-04-13 04:48 - 2010-07-07 01:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2011-08-11 18:18 - 2011-08-11 18:20 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-08-11 18:17 - 2011-08-11 18:18 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll
C:\Users\Va\AppData\Local\Temp\_is9211.exe
C:\Users\Va\AppData\Local\Temp\_isBE10.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-28 21:55

==================== End of log ============================

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by Administrator at 2015-05-28 22:57:11
Running from F:\
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-533800774-2781401254-862098746-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-533800774-2781401254-862098746-501 - Limited - Disabled)
Va (S-1-5-21-533800774-2781401254-862098746-1001 - Limited - Enabled) => C:\Users\Va

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Design Premium (HKLM-x32\...\{02698606-3A21-489D-9D2A-75C9E8D3E5BD}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{E17025A7-39B6-375E-8F1E-20637D19549C}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.27 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0010 - ASUS)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Complemento Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.41.0 - International GeoGebra Institute)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 分享元件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6403 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Search and Replace (HKLM-x32\...\{26453017-2C54-574B-7597-9EA6652686A6}) (Version:  - "") <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{8150221C-8F7E-4997-AD4E-AFDEE7F4B410}) (Version: 3.0.21 - ASUS)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Компаньон Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
מסייע Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

28-05-2015 22:02:22 Geplanter Prüfpunkt

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18C88628-D204-4C08-8843-FC9C4CB67F50} - System32\Tasks\DriverMgr => C:\Users\Va\AppData\Roaming\jellylam\rinti.exe
Task: {1ED7DB9C-9C9E-403A-8E88-D09EC3827B95} - System32\Tasks\Opera scheduled Autoupdate 1429045976 => C:\Program Files (x86)\Opera\launcher.exe
Task: {3784E8E7-FBBC-48C9-B9AE-70952BC1AF51} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {3F28BADE-562D-461D-AD2D-FCE062CA8124} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {56F6D449-E585-438C-8A51-E64B9230733C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001UA => C:\Users\Va\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20] (Facebook Inc.)
Task: {5E7710C1-4240-4B66-ADAC-D2C7B8DCEDF6} - System32\Tasks\Winsta Update => C:\Users\Va\AppData\Roaming\Winsta\Winsta.exe
Task: {6B9B662E-6011-4EB7-9083-5716BFBBEDE4} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {727A5C42-AD25-48B6-BBC6-74F4DC93E0D7} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {9C70175E-20CF-4B61-BCC6-37D01DF88636} - System32\Tasks\keepup => C:\Users\Va\AppData\Roaming\jellylam\rinti.exe
Task: {BDD2569C-506C-4570-921A-144F215CF5CC} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2012-02-16] (ASUSTek Computer Inc.)
Task: {BE1B5CC3-1DD1-4857-B50C-E391162850A6} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {C7F92DC1-6EE9-43D7-95AC-812DD896364C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {CD261114-0A77-4821-BF44-202A1628E6D9} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {D4D32529-B039-4D5E-871A-DB6AD6F8AA06} - System32\Tasks\{F1E2C16D-7C1B-447B-89AF-DBE53988F55C} => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
Task: {E8C2F878-1D4C-4360-8446-67CEF041D04C} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {ED8BBEC9-7191-4B92-B1FD-65A54AEBFE91} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001Core => C:\Users\Va\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20] (Facebook Inc.)
Task: {F2BD4C9B-69AC-43FC-A620-B7C58FF2355E} - System32\Tasks\AdobeAAMUpdater-1.0-VANESSA-Va => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {F7A0A87A-1FD8-41EA-9942-FA91F2662CA5} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001Core.job => C:\Users\Va\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001UA.job => C:\Users\Va\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2011-07-13 19:23 - 2011-07-13 19:23 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-04-14 16:55 - 2015-04-14 16:55 - 00034304 _____ () C:\ProgramData\Application Hosting\Application Hosting.exe
2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2011-06-10 19:49 - 2011-06-10 19:49 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5D458568
AlternateDataStreams: C:\ProgramData\Temp:981884E7
AlternateDataStreams: C:\ProgramData\Temp:D20FFA63
AlternateDataStreams: C:\Users\Va\Documents\boot:$WIMMOUNTDATA

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-533800774-2781401254-862098746-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{50D76052-134E-46DB-AF8E-63827F883C0F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}] => (Allow) LPort=2869
FirewallRules: [{B827E1C7-5A7A-484C-9653-2FE388A8B888}] => (Allow) LPort=1900
FirewallRules: [{25BDD843-A815-48A8-A216-66D065687049}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}] => (Allow) LPort=5353
FirewallRules: [{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}] => (Allow) LPort=8182
FirewallRules: [{D937DAF1-0E89-4549-8ADF-0103B21110E9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{90B9A9CB-6E84-40C9-8639-F26816E9C8D9}] => (Allow) C:\Users\Va\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{1AE4FF3B-5152-4233-AE6C-83F30FCA38F0}] => (Allow) C:\Users\Va\AppData\Local\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2015 10:52:14 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/28/2015 10:42:08 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/28/2015 09:26:00 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/28/2015 08:58:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8bfa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005107c
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3

Error: (05/28/2015 08:41:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8bfa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005107c
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (05/28/2015 06:41:43 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/28/2015 06:31:26 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/28/2015 06:02:20 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/28/2015 05:52:05 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/27/2015 11:02:21 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig


System errors:
=============
Error: (05/28/2015 10:52:09 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 114.16.0.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/28/2015 10:52:09 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.197.2716.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/28/2015 10:52:09 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.197.2716.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/28/2015 10:52:09 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.197.2716.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/28/2015 10:52:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (05/28/2015 10:52:01 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (05/28/2015 10:45:01 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/28/2015 10:43:52 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 114.16.0.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/28/2015 10:43:52 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.197.2716.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/28/2015 10:43:52 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.197.2716.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608


Microsoft Office:
=========================
Error: (05/28/2015 10:52:14 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/28/2015 10:42:08 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/28/2015 09:26:00 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/28/2015 08:58:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7601.175674d672ee4ntdll.dll6.1.7601.18839553e8bfac0000005000000000005107c

Error: (05/28/2015 08:41:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18839553e8bfac0000005000000000005107c

Error: (05/28/2015 06:41:43 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/28/2015 06:31:26 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/28/2015 06:02:20 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/28/2015 05:52:05 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/27/2015 11:02:21 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig


CodeIntegrity Errors:
===================================
  Date: 2013-10-01 19:40:42.127
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:40:40.772
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:40:39.098
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:40:36.341
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:34:30.914
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:34:28.174
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:34:25.610
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:34:23.200
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:33:58.163
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:33:55.433
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD E-350 Processor
Percentage of memory in use: 30%
Total physical RAM: 3691.71 MB
Available physical RAM: 2576.95 MB
Total Pagefile: 7381.64 MB
Available Pagefile: 6118.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:128.18 GB) (Free:59.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:144.91 GB) (Free:142.43 GB) NTFS
Drive f: (VERBATIM) (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 0CD9B3F5)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=128.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144.9 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 0C55F312)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)

==================== End of log ============================

M-K-D-B · 29.05.2015, 20:12

Servus,

sofern es möglich ist, sollst du natürlich alle Programme auf den infizierten PC laden (direkt auf den Desktop) und von dort starten.

Auch so mit FRST:

Zitat:

Running from F:\

Alle Tools zukünftig auf den Desktop des infizierten Laptops laden und von dort starten, immer mit Internetverbindung.

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

armer tor · 29.05.2015, 23:27

Hallo Matthias,

hat leider etwas gedauert bis ich alles auf dem Laptop hatte. Der Scan ist zwei mal gelaufen, weil beim ersten Durchgang was gefunden wurde. Hab dann laut Anleitung CleanUp gemacht und ein zweites Mal gescannt. Jetzt ohne Befund. Hier das Logfile.

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.05.29.06
  rootkit: v2015.05.24.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17801
Administrator :: VANESSA [administrator]

29.05.2015 22:59:10
mbar-log-2015-05-29 (22-59-10).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 397591
Time elapsed: 40 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

M-K-D-B · 30.05.2015, 08:02

Servus,

ja und wo ist die Logdatei mit dem Fund?

Soll ich mir da jetzt was ausdenken?

armer tor · 30.05.2015, 10:05

Sorry, da hab ich wohl was falsch verstanden. Ich dachte du brauchst nur die letzte.
Hier der Fund.

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.05.29.06
  rootkit: v2015.05.24.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17801
Administrator :: VANESSA [administrator]

29.05.2015 22:09:31
mbar-log-2015-05-29 (22-09-31).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 397680
Time elapsed: 39 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\WOW6432NODE\Smartbar (Adware.SmartBar) -> Delete on reboot. [adbda8f1a5e50a2cc7d4f7ccdd272ad6]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

M-K-D-B · 30.05.2015, 15:56

Servus,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

armer tor · 30.05.2015, 23:19

Hallo

Code:

ATTFilter

ComboFix 15-05-28.01 - Administrator 31.05.2015   0:00.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3692.2338 [GMT 2:00]
ausgeführt von:: c:\users\Administrator\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Cache
c:\windows\SysWow64\Cache\26c630d098e22dd5.fb
c:\windows\SysWow64\Cache\272512937d9e61a4.fb
c:\windows\SysWow64\Cache\287204568329e189.fb
c:\windows\SysWow64\Cache\28bc8f716fd76a47.fb
c:\windows\SysWow64\Cache\31a0997e9a5b5eb3.fb
c:\windows\SysWow64\Cache\32c84fe32bb74d60.fb
c:\windows\SysWow64\Cache\3917078cb68ec657.fb
c:\windows\SysWow64\Cache\590ba23ce359fd0c.fb
c:\windows\SysWow64\Cache\610289e025a3ee9a.fb
c:\windows\SysWow64\Cache\64257be65fc97822.fb
c:\windows\SysWow64\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\SysWow64\Cache\6d03dad1035885d3.fb
c:\windows\SysWow64\Cache\95f567698be8a182.fb
c:\windows\SysWow64\Cache\ad10a52aff5e038d.fb
c:\windows\SysWow64\Cache\c1fa887b03019701.fb
c:\windows\SysWow64\Cache\c4d28dca2e7648be.fb
c:\windows\SysWow64\Cache\d201ef9910cd39de.fb
c:\windows\SysWow64\Cache\d2e94710a5708128.fb
c:\windows\SysWow64\Cache\d79b9dfe81484ec4.fb
c:\windows\SysWow64\Cache\f998975c9cc711ee.fb
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-04-28 bis 2015-05-30  ))))))))))))))))))))))))))))))
.
.
2015-05-30 22:11 . 2015-05-30 22:11	--------	d-----w-	c:\users\Va\AppData\Local\temp
2015-05-30 22:11 . 2015-05-30 22:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-05-29 22:10 . 2015-04-16 13:23	44088	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2015-05-29 22:10 . 2015-04-16 13:23	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2015-05-29 22:10 . 2015-04-16 13:23	152744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2015-05-29 22:10 . 2015-04-16 13:23	132120	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-05-29 22:10 . 2015-05-29 22:10	--------	d-----w-	c:\programdata\Avira
2015-05-29 22:10 . 2015-05-29 22:10	--------	d-----w-	c:\program files (x86)\Avira
2015-05-29 20:09 . 2015-05-29 21:39	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-05-28 18:34 . 2015-05-30 10:07	--------	d-----w-	C:\FRST
2015-05-19 22:23 . 2015-05-29 20:58	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-19 22:23 . 2015-05-29 20:58	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-05-19 22:23 . 2015-05-19 22:23	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2015-05-19 22:23 . 2015-05-19 22:23	--------	d-----w-	c:\programdata\Malwarebytes
2015-05-19 22:23 . 2015-04-14 07:37	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-05-19 22:23 . 2015-04-14 07:37	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-05-19 21:32 . 2015-05-27 20:32	--------	d-----w-	c:\program files (x86)\VS Revo Group
2015-05-19 21:19 . 2015-05-19 21:24	--------	d-----w-	C:\AdwCleaner
2015-05-19 15:07 . 2015-05-28 18:31	--------	d-----w-	c:\users\Administrator
2015-05-14 22:33 . 2015-05-01 13:17	124112	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 22:33 . 2015-05-01 13:16	102608	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 16:17 . 2015-04-21 15:27	2352128	----a-w-	c:\windows\system32\wininet.dll
2015-05-14 16:17 . 2015-04-21 17:14	950784	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2015-05-14 16:17 . 2015-04-21 16:50	417792	----a-w-	c:\windows\system32\html.iec
2015-05-14 16:17 . 2015-04-21 15:08	382976	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2015-05-14 16:17 . 2015-04-22 02:28	293072	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2015-05-14 16:17 . 2015-04-21 16:48	88064	----a-w-	c:\windows\system32\MshtmlDac.dll
2015-05-14 16:17 . 2015-04-21 16:09	199680	----a-w-	c:\windows\system32\msrating.dll
2015-05-14 16:17 . 2015-04-21 16:08	1016832	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2015-05-14 16:17 . 2015-04-21 17:14	24971776	----a-w-	c:\windows\system32\mshtml.dll
2015-05-14 14:49 . 2015-05-05 01:29	342016	----a-w-	c:\windows\system32\schannel.dll
2015-05-14 14:49 . 2015-05-05 01:12	248832	----a-w-	c:\windows\SysWow64\schannel.dll
2015-05-14 14:49 . 2015-04-18 03:10	460800	----a-w-	c:\windows\system32\certcli.dll
2015-05-14 14:49 . 2015-04-18 02:56	342016	----a-w-	c:\windows\SysWow64\certcli.dll
2015-05-14 14:49 . 2015-04-13 03:28	328704	----a-w-	c:\windows\system32\services.exe
2015-05-14 14:44 . 2015-04-20 03:17	1647104	----a-w-	c:\windows\system32\DWrite.dll
2015-05-14 14:43 . 2015-01-29 03:19	2543104	----a-w-	c:\windows\system32\wpdshext.dll
2015-05-14 14:43 . 2015-01-29 03:02	2311168	----a-w-	c:\windows\SysWow64\wpdshext.dll
2015-05-14 14:43 . 2015-01-29 03:19	1195008	----a-w-	c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
2015-05-14 14:43 . 2015-02-18 07:06	123904	----a-w-	c:\windows\SysWow64\poqexec.exe
2015-05-14 14:43 . 2015-02-18 07:04	142336	----a-w-	c:\windows\system32\poqexec.exe
2015-05-14 14:43 . 2015-03-04 04:41	342016	----a-w-	c:\windows\system32\apphelp.dll
2015-05-14 14:43 . 2015-03-04 04:10	295936	----a-w-	c:\windows\SysWow64\apphelp.dll
2015-05-14 14:43 . 2015-03-04 04:41	6656	----a-w-	c:\windows\system32\shimeng.dll
2015-05-14 14:43 . 2015-03-04 04:41	72192	----a-w-	c:\windows\system32\aelupsvc.dll
2015-05-14 14:43 . 2015-03-04 04:41	23552	----a-w-	c:\windows\system32\sdbinst.exe
2015-05-14 14:43 . 2015-03-04 04:11	5120	----a-w-	c:\windows\SysWow64\shimeng.dll
2015-05-14 14:43 . 2015-03-04 04:10	20992	----a-w-	c:\windows\SysWow64\sdbinst.exe
2015-05-14 13:14 . 2015-05-14 13:14	--------	d-----w-	c:\program files (x86)\TrimModule
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-27 19:04 . 2015-05-14 14:46	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-04-14 18:08 . 2012-04-11 20:35	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-14 18:08 . 2012-01-02 04:20	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-25 06:21 . 2011-12-30 20:57	122905848	----a-w-	c:\windows\system32\MRT.exe
2015-03-25 03:24 . 2015-04-21 14:48	98304	----a-w-	c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-21 14:48	37376	----a-w-	c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-21 14:48	35328	----a-w-	c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-21 14:48	3298816	----a-w-	c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-21 14:48	2553856	----a-w-	c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-21 14:48	191488	----a-w-	c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-21 14:48	696320	----a-w-	c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-21 14:48	60416	----a-w-	c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-21 14:48	12288	----a-w-	c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-21 14:48	36864	----a-w-	c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-21 14:48	135168	----a-w-	c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-21 14:48	92672	----a-w-	c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-21 14:48	566784	----a-w-	c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-21 14:48	29696	----a-w-	c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-21 14:48	173056	----a-w-	c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-21 14:48	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2015-03-24 21:07 . 2015-03-24 21:07	0	----a-w-	c:\windows\SysWow64\sho50D4.tmp
2015-03-23 03:25 . 2015-04-21 14:48	726528	----a-w-	c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-21 14:48	769536	----a-w-	c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-21 14:48	419840	----a-w-	c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-21 14:48	957952	----a-w-	c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-21 14:48	30720	----a-w-	c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-21 14:48	227328	----a-w-	c:\windows\system32\aepdu.dll
2015-03-23 03:24 . 2015-04-21 14:48	192000	----a-w-	c:\windows\system32\aepic.dll
2015-03-23 03:17 . 2015-04-21 14:48	1111552	----a-w-	c:\windows\system32\aeinv.dll
2015-03-10 03:25 . 2015-04-21 14:44	1882624	----a-w-	c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-21 14:44	2048	----a-w-	c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-21 14:44	1237504	----a-w-	c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-21 14:44	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
2015-03-05 05:12 . 2015-04-21 14:47	404480	----a-w-	c:\windows\system32\gdi32.dll
2015-03-05 04:05 . 2015-04-21 14:47	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2015-03-04 04:55 . 2015-04-21 14:35	367552	----a-w-	c:\windows\system32\clfs.sys
2015-03-04 04:41 . 2015-04-21 14:35	79360	----a-w-	c:\windows\system32\clfsw32.dll
2015-03-04 04:41 . 2015-05-14 14:43	309248	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41 . 2015-05-14 14:43	103424	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10 . 2015-04-21 14:35	58880	----a-w-	c:\windows\SysWow64\clfsw32.dll
2015-03-04 04:10 . 2015-05-14 14:43	470528	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-14 14:43	2178560	----a-w-	c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-14 14:43	2560	----a-w-	c:\windows\apppatch\AcRes.dll
2015-03-03 13:17 . 2012-02-07 02:40	295552	------w-	c:\windows\system32\MpSigStub.exe
2013-10-24 19:18 . 2013-10-24 19:18	50053120	----a-w-	c:\program files (x86)\GUTF19F.tmp
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-06-10 2255360]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-13 336384]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"avgnt"="c:\program files (x86)\Avira\Antivirus\avgnt.exe" [2015-04-16 728312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "c:\programdata\Nuance\PDF Reader\Ereg\Ereg.ini"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\Antivirus\avmailc7.exe;c:\program files (x86)\Avira\Antivirus\avmailc7.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\Antivirus\avwebg7.exe;c:\program files (x86)\Avira\Antivirus\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 JetDrive WindowsClosingService;JetDrive WindowsClosingService;c:\windows\System32\WindowsClosingService;c:\windows\SYSNATIVE\WindowsClosingService [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 cpuz134;cpuz134;c:\users\Va\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Va\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 jetdrive;jddrv;c:\windows\system32\DRIVERS\jddrv.sys;c:\windows\SYSNATIVE\DRIVERS\jddrv.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\Antivirus\sched.exe;c:\program files (x86)\Avira\Antivirus\sched.exe [x]
S2 Application Hosting;Application Hosting service;c:\programdata\Application Hosting\Application Hosting.exe;c:\programdata\Application Hosting\Application Hosting.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 18:08]
.
2015-05-27 c:\windows\Tasks\ASUS SmartLogon Console Sensor.job
- c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe [2012-02-16 14:01]
.
2015-05-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001Core.job
- c:\users\Va\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-24 00:00]
.
2015-05-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001UA.job
- c:\users\Va\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-24 00:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-11 2226280]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.11.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dq67a9fw.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
c:\users\Va\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk - c:\programdata\{98781c85-f0a2-8c2e-9878-81c85f0a7217}\hqghumeaylnlf.exe /startup
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-shopperz - c:\program files\shopperz\wrex.exe
HKLM-Run-shopperz64 - c:\program files\shopperz\wrex64.exe
AddRemove-{26453017-2C54-574B-7597-9EA6652686A6} - c:\program files (x86)\Search and Replace\Search and Replace.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\JetDrive WindowsClosingService]
"ImagePath"="c:\windows\System32\WindowsClosingService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-533800774-2781401254-862098746-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2c,93,b4,e8,d2,04,70,4a,ad,b9,52,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2c,93,b4,e8,d2,04,70,4a,ad,b9,52,\
.
[HKEY_USERS\S-1-5-21-533800774-2781401254-862098746-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-533800774-2781401254-862098746-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-533800774-2781401254-862098746-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-533800774-2781401254-862098746-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-533800774-2781401254-862098746-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-05-31  00:15:29
ComboFix-quarantined-files.txt  2015-05-30 22:15
.
Vor Suchlauf: 10 Verzeichnis(se), 62.294.679.552 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 62.161.842.176 Bytes frei
.
- - End Of File - - 0638716AB3A4F000463A8EC218D1E79F
A36C5E4F47E84449FF07ED3517B43A31

Beste Grüße, und bis hierhin schon mal super vielen dank für deine hilfe und Bemühungen

M-K-D-B · 31.05.2015, 08:30

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4
Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.

Starte die sc-cleaner.exe mit einem Doppelclick.
Bestätige die Meldung Shortcut Cleaner Finished am Ende des Suchlaufs mit Ok.
Eine Logdatei wird sich öffnen (sc-cleaner.txt).
Poste mir den Inhalt mit deiner nächsten Antwort.

Schritt 5

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die Logdatei von JRT,
die Logdatei von Shortcut-Cleaner,
die beiden neuen Logdateien von FRST.

armer tor · 31.05.2015, 11:43

Schönen Sonntag,

hier erst mal die Logdatei von AdwCleaner

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v4.204 - Bericht erstellt 19/05/2015 um 23:22:59
# Aktualisiert 12/05/2015 von Xplode
# Datenbank : 2015-05-12.2 [Lokal]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Administrator - VANESSA
# Gestarted von : F:\adwcleaner_4.204.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : cherimoya
[#] Dienst Gelöscht : csrcc
[#] Dienst Gelöscht : LPTSystemUpdater
[#] Dienst Gelöscht : RGMUpdater
[#] Dienst Gelöscht : shopperz Updater
[#] Dienst Gelöscht : wbsvc
[#] Dienst Gelöscht : WindowsMangerProtect
[#] Dienst Gelöscht : 70F4EEDB-1367-4b4f-8247-3133551A7415
[#] Dienst Gelöscht : f0e9047b

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\IHProtectUpDate
Ordner Gelöscht : C:\ProgramData\LolliScan
Ordner Gelöscht : C:\ProgramData\InstallSightSDK
Ordner Gelöscht : C:\ProgramData\1335771459000654144
Ordner Gelöscht : C:\ProgramData\558a289c000022f5
Ordner Gelöscht : C:\ProgramData\{3f7e16d4-de44-0a41-3f7e-e16d4de45b53}
Ordner Gelöscht : C:\ProgramData\{98781c85-f0a2-8c2e-9878-81c85f0a7217}
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
Ordner Gelöscht : C:\Program Files (x86)\Advanced System Protector
Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\LPT
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\Perion
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\Systweak Support Dock
Ordner Gelöscht : C:\Program Files (x86)\Yontoo
Ordner Gelöscht : C:\Program Files (x86)\XTab
Ordner Gelöscht : C:\Program Files (x86)\GUPlayer
Ordner Gelöscht : C:\Program Files (x86)\Search and Replace
Ordner Gelöscht : C:\Program Files (x86)\re-markit
Ordner Gelöscht : C:\Program Files (x86)\Plus-HD-5.5
Ordner Gelöscht : C:\Program Files (x86)\gmsd_de_419
Ordner Gelöscht : C:\Program Files\IB Updater
Ordner Gelöscht : C:\Program Files\SupraSavings
Ordner Gelöscht : C:\Program Files\shopperz
Ordner Gelöscht : C:\Program Files\WebBar
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\WebBar
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\gmsd_de_419
Ordner Gelöscht : C:\Users\Administrator\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Ordner Gelöscht : C:\Users\Va\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Va\AppData\Local\lollipop
Ordner Gelöscht : C:\Users\Va\AppData\Local\LPT
Ordner Gelöscht : C:\Users\Va\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Va\AppData\Local\Smartbar
Ordner Gelöscht : C:\Users\Va\AppData\Local\RGMService
Ordner Gelöscht : C:\Users\Va\AppData\Local\WebBar
Ordner Gelöscht : C:\Users\Va\AppData\Local\gmsd_de_419
Ordner Gelöscht : C:\Users\Va\AppData\LocalLow\incredibar.com
Ordner Gelöscht : C:\Users\Va\AppData\LocalLow\Smartbar
Ordner Gelöscht : C:\Users\Va\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Ordner Gelöscht : C:\Users\Va\AppData\Roaming\newnext.me
Ordner Gelöscht : C:\Users\Va\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Va\AppData\Roaming\mystartsearch
Ordner Gelöscht : C:\Users\Va\AppData\Roaming\Convertor
Ordner Gelöscht : C:\Users\Va\AppData\Roaming\pdfie
Ordner Gelöscht : C:\Users\Va\AppData\Roaming\WinKit
Ordner Gelöscht : C:\Users\Va\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Ordner Gelöscht : C:\Users\Va\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer
Ordner Gelöscht : C:\Users\Va\Documents\Mobogenie
Datei Gelöscht : C:\Program Files (x86)\mozilla firefox\dbghelp.dll
Datei Gelöscht : C:\Program Files (x86)\prefs.js
Datei Gelöscht : C:\Windows\Reimage.ini
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Windows\System32\sasnative64.exe
Datei Gelöscht : C:\Windows\System32\drivers\cherimoya.sys
Datei Gelöscht : C:\Users\Va\daemonprocess.txt
Datei Gelöscht : C:\Users\Va\AppData\LocalLow\SkwConfig.bin

***** [ Geplante Tasks ] *****

Task Gelöscht : Advanced System Protector_startup
Task Gelöscht : Convertor
Task Gelöscht : gtaUpt
Task Gelöscht : Optimizer Pro Schedule
Task Gelöscht : WebBarLaunchTask
Task Gelöscht : WebBarUpdateTask
Task Gelöscht : WinKit

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_de_419]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{f0e9047b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0049060.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0049060.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0049060.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0049060.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CF50C82-4C4B-43E9-B1B2-15CB1BD0C193}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455905560}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466906660}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B5C4833B-847B-49CD-8EBE-CDD9B43C882F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{05a30db2-1d4d-4b6e-8307-4374babccea7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1d9e1f3d-e2ef-432e-a8ea-eebf21419c78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{509e6558-f4b2-4ff7-9ce0-2160232ef0e5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65862ad0-27bd-4711-96e0-33b64615f506}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fefa351f-77c4-47c4-b1b5-8c85c2411a1f}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455905560}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466906660}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{05a30db2-1d4d-4b6e-8307-4374babccea7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1d9e1f3d-e2ef-432e-a8ea-eebf21419c78}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{509e6558-f4b2-4ff7-9ce0-2160232ef0e5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65862ad0-27bd-4711-96e0-33b64615f506}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fefa351f-77c4-47c4-b1b5-8c85c2411a1f}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\nationzoomSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab
Schlüssel Gelöscht : HKLM\SOFTWARE\supWPM
Schlüssel Gelöscht : HKLM\SOFTWARE\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\mystartsearchSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\shopperz
Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Schlüssel Gelöscht : HKLM\SOFTWARE\Plus-HD-5.5
Schlüssel Gelöscht : HKU\.DEFAULT\Software\AVG Secure Search
Schlüssel Gelöscht : HKU\.DEFAULT\Software\IM
Schlüssel Gelöscht : HKU\.DEFAULT\Software\ImInstaller
Schlüssel Gelöscht : HKU\.DEFAULT\Software\SweetIM
Schlüssel Gelöscht : HKU\.DEFAULT\Software\WNLT
Schlüssel Gelöscht : HKU\.DEFAULT\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{877D0E59-6CBD-43C6-966F-1F4BA343AEEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78B72F2B-0468-A7AC-ECEE-02C79EC3EF0B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-5.5
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_de_419_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\IB Updater
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\suprasavings
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\SweetIM
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Reimage
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\shopperz
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\WebBar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0BCE8B0A-1E76-44E5-9909-3CF804D92E4D}_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5081D2D4-1637-404c-B74F-50526718257D}_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17801

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

*************************

AdwCleaner[R0].txt - [21723 Bytes] - [19/05/2015 23:19:16]
AdwCleaner[S0].txt - [19720 Bytes] - [19/05/2015 23:22:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19780  Bytes] ##########

--- --- ---
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v4.205 - Bericht erstellt 31/05/2015 um 12:30:23
# Aktualisiert 21/05/2015 von Xplode
# Datenbank : 2015-05-21.2 [Lokal]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Administrator - VANESSA
# Gestarted von : C:\Users\Administrator\Desktop\AdwCleaner_4.205.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro 3.79
Ordner Gelöscht : C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\Extensions\6b@n.edu
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchengine@gmail.com]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [istart_ffnt@gmail.com]

***** [ Internetbrowser ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v38.0.1 (x86 de)

[f5c4pyvy.default-1405273851257\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/?a=6R8R6YBjbO&i=26&did=10963&loc=skw");
[f5c4pyvy.default-1405273851257\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "mystartsearch");
[f5c4pyvy.default-1405273851257\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/web/favicon.ico");
[f5c4pyvy.default-1405273851257\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "mystartsearch");
[f5c4pyvy.default-1405273851257\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=dspp&ts=1429046043&from=ima&uid=WDCXWD3200BPVT-80ZEST0_WD-WXA1A41H0606H0606&q={searchTerms}");
[f5c4pyvy.default-1405273851257\prefs.js] - Zeile Gelöscht : user_pref("extensions.xpiState", "{\"app-profile\":{\"6b@n.edu\":{\"d\":\"C:\\\\Users\\\\Va\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\f5c4pyvy.default-1405273851257\\\\extensions\\\\6[...]
[f5c4pyvy.default-1405273851257\prefs.js] - Zeile Gelöscht : user_pref("extensions.y1F90VC53qu8SEhy.scode", "(function(){try{if(window.location.href.indexOf(\"qTC6pdg8qdsGqdYEpdw6qdgHrn\")>-1){return;}}catch(e){}try{var d=[[\"www.viracure.com\",\"onesystemcare.[...]
[f5c4pyvy.default-1405273851257\prefs.js] - Zeile Gelöscht : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/?a=6R8R6YBjbO&i=26&did=10963&loc=skw&search=");
[f5c4pyvy.default-1405273851257\prefs.js] - Zeile Gelöscht : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_blackList", "form=CONTLBbabsrc=toolbarbabsrc=tb_ssinvocationType=tb50-ie-aolsoftonic-tbsbox-en-usinvocationType=tb50-ff-aolsoftonic[...]

*************************

AdwCleaner[R0].txt - [25152 Bytes] - [19/05/2015 23:19:16]
AdwCleaner[S0].txt - [23394 Bytes] - [19/05/2015 23:22:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23454  Bytes] ##########

--- --- ---

28.05.2015, 22:00	#6
M-K-D-B /// TB-Ausbilder	WIN7 Suchanfragen werden auf Werbesuchseiten umgeleitet, Laptop bootet extrem langsam Servus, FRST nochmal als Administrator ausführen: Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan. FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt). Poste mir beide Logdateien mit deiner nächsten Antwort.

30.05.2015, 08:02	#10
M-K-D-B /// TB-Ausbilder	WIN7 Suchanfragen werden auf Werbesuchseiten umgeleitet, Laptop bootet extrem langsam Servus, ja und wo ist die Logdatei mit dem Fund? Soll ich mir da jetzt was ausdenken?

WIN7 Suchanfragen werden auf Werbesuchseiten umgeleitet, Laptop bootet extrem langsam

Log-Analyse und Auswertung: WIN7 Suchanfragen werden auf Werbesuchseiten umgeleitet, Laptop bootet extrem langsam