Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner durch gefakte Amazon Mail "eingefangen"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 05.06.2015, 16:07   #1
bien2000
 
Trojaner durch gefakte Amazon Mail "eingefangen" - Standard

Trojaner durch gefakte Amazon Mail "eingefangen"



Betriebssystem Windows Vista.

Nach öffnen von gefakter E-Mail (Amazon) Trojaner eingefangen.
Banken haben deshalb online Zugänge gesperrt.
Avira Antivirensoftware installiert.

Alles was durch Avira gefunden und in Quarantäne geschoben wurde gelöscht.

Hijack This brigt folgendes LogFile...
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:40:56, on 05.06.2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16644)
Boot mode: Normal

Running processes:
C:\Windows\starter4g.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\syswow64\svchost.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\syswow64\svchost.exe
C:\Windows\syswow64\svchost.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
C:\Windows\syswow64\svchost.exe
C:\Windows\syswow64\svchost.exe
C:\Users\Standard\Desktop\Trojaner\Tools\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SVPWUTIL] "C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" SVPwUTIL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [cfFncEnabler.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe"
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [absolute_zero] C:\ProgramData\Avira\Antivirus\LOGFILES\dual_band\peak_reverse_voltage.exe
O4 - HKCU\..\RunOnce: [tdd_wlan] C:\ProgramData\NortonInstaller\Logs\01-18-2013-18h20m09s\signal_to_noise_ratio\engineering_economics.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Email-Schutz (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Browser-Schutz (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: TOSHIBA Web Camera Service (camsvc) - TOSHIBA - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: docsis (transmission_gate) - Company 'gora-sah' - C:\Windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\transresistance_amplifier\antenna_interface_standard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WTGService - Unknown owner - C:\Program Files (x86)\XSManager\WTGService.exe
O23 - Service: XS Stick Service - 4G Systems GmbH & Co. KG - C:\Windows\service4g.exe

--
End of file - 13407 bytes
         
--- --- ---
Und jetzt könnt ich echt Hilfe gebrauchen...

Alt 05.06.2015, 16:32   #2
M-K-D-B
/// TB-Ausbilder
 
Trojaner durch gefakte Amazon Mail "eingefangen" - Standard

Trojaner durch gefakte Amazon Mail "eingefangen"






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!




Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:



Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)






Schritt 2
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von TDSS-Killer,
  • die beiden neuen Logdateien von FRST.
__________________


Alt 05.06.2015, 19:00   #3
bien2000
 
Trojaner durch gefakte Amazon Mail "eingefangen" - Standard

Trojaner durch gefakte Amazon Mail "eingefangen"



#
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Standard (administrator) on TOSHIBA on 05-06-2015 19:22:54
Running from C:\Users\Standard\Downloads
Loaded Profiles: Standard (Available Profiles: Standard)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(Company 'gora-sah') C:\Windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\transresistance_amplifier\antenna_interface_standard.exe
() C:\Program Files (x86)\XSManager\WTGService.exe
(4G Systems GmbH & Co. KG) C:\Windows\service4g.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Toshiba Europe GmbH) C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [225792 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [487264 2009-03-06] (TOSHIBA Corporation)
HKLM\...\Run: [TPCHWMsg] => C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe [613232 2009-04-15] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1128448 2009-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [96144 2009-03-04] (Toshiba Europe GmbH)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [573952 2009-03-31] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [236544 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-30] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7574048 2009-03-30] (Realtek Semiconductor)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [238592 2009-03-29] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2008-11-21] (TOSHIBA)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-04-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [NDSTray.exe] => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [299008 2009-05-12] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [422400 2007-04-16] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-08-12] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [cfFncEnabler.exe] => C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe [16384 2009-03-24] (Toshiba Corporation)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1122304 2008-11-12] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\...\Run: [absolute_zero] => C:\ProgramData\Avira\Antivirus\LOGFILES\dual_band\peak_reverse_voltage.exe [226304 2007-08-14] (Kerio Technologies)
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\...\RunOnce: [tdd_wlan] => C:\ProgramData\NortonInstaller\Logs\01-18-2013-18h20m09s\signal_to_noise_ratio\open_collector.exe [208384 2011-06-30] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe [927920 2015-04-16] (Adobe Systems Incorporated)
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\...\MountPoints2: {0fd01427-9eff-11df-962b-806e6f6e6963} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\Vertriebsportal.exe
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\...\MountPoints2: {1b798213-0816-11e4-8f86-001e65ac95c0} - D:\autorun.exe
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\...\MountPoints2: {45716d60-ee3b-11de-bda4-806e6f6e6963} - setupSNK.exe
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\...\MountPoints2: {f513ffbf-acc6-11de-b179-001e65ac95c0} - D:\.\Vado\Vado.exe
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-06-05]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-06-05]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
SearchScopes: HKLM -> DefaultScope {1B03DF2C-D1D1-46FE-A639-330F679CC9EB} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG;
SearchScopes: HKLM -> {1B03DF2C-D1D1-46FE-A639-330F679CC9EB} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG;
SearchScopes: HKU\S-1-5-21-4018626186-3194338725-3947389847-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2012-10-02] (Skype Technologies S.A.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-10-02] (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-06-30] (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-4018626186-3194338725-3947389847-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2012-10-02] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-10-02] (Skype Technologies S.A.)
Winsock: Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2015-05-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2015-05-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2015-05-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2015-05-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2015-05-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2015-05-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2015-05-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2015-05-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2015-05-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2015-05-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2015-05-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2015-05-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2015-05-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2015-05-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2015-05-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2015-05-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2015-05-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2015-05-12] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\kuvl55p3.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files (x86)\Picasa2\npPicasa2.dll [2008-08-21] (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4018626186-3194338725-3947389847-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Standard\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-04] (Citrix Online)
FF user.js: detected! => C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\kuvl55p3.default\user.js [2012-03-14]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\kuvl55p3.default\Extensions\de_DE@dicts.j3e.de [2015-02-28]
FF Extension: Flagfox - C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\kuvl55p3.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(67) [2012-01-09]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\kuvl55p3.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-10-29]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-22]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-01-27]

Chrome: 
=======
CHR Profile: C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-28]
CHR Extension: (Skype Click to Call) - C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-28]
CHR Extension: (Google Wallet) - C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-28]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-10-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [825856 2015-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1186040 2015-05-22] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 camsvc; C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
R2 ConfigFree Gadget Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [36864 2009-03-06] (TOSHIBA CORPORATION) [File not signed]
R2 TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2009-03-30] (TOSHIBA Corporation)
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [135168 2007-11-21] (TOSHIBA Corporation) [File not signed]
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [242176 2009-04-24] (TOSHIBA Corporation) [File not signed]
R2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [84480 2009-03-17] (TOSHIBA Corporation) [File not signed]
R2 transmission_gate; C:\Windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\transresistance_amplifier\antenna_interface_standard.exe [166400 2014-06-13] (Company 'gora-sah') [File not signed]
S2 ultra_high_frequency; C:\Windows\assembly\GAC\AxInterop.MSComctlLib\2.0.0.0__90ba9c70f846762e\buck_switcher\human_body_model.exe [214064 2014-01-28] (Lucersoft) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)
R2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [304592 2009-06-22] ()
R2 XS Stick Service; C:\Windows\service4g.exe [145680 2010-03-19] (4G Systems GmbH & Co. KG)
S2 Crypkey License; crypserv.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-02] (Avira Operations GmbH & Co. KG)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2014-07-10] (Mobile Connector)
S3 cmnsusbser; C:\Windows\SysWOW64\DRIVERS\cmnsusbser.sys [117888 2008-10-31] (Mobile Connector)
S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [296448 2005-06-14] (Aladdin Knowledge Systems Ltd.) [File not signed]
S2 Hardlock; C:\Windows\SysWOW64\drivers\hardlock.sys [665600 2010-01-28] (Aladdin Knowledge Systems) [File not signed]
R0 LPCFilter; C:\Windows\SysWOW64\DRIVERS\LPCFilter.sys [32040 2008-05-07] (COMPAL ELECTRONIC INC.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 NetworkX; \SystemRoot\system32\ckldrv.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-05 19:22 - 2015-06-05 19:23 - 00028314 _____ C:\Users\Standard\Downloads\FRST.txt
2015-06-05 19:22 - 2015-06-05 19:23 - 00000000 ____D C:\FRST
2015-06-05 19:22 - 2015-06-05 19:22 - 02108928 _____ (Farbar) C:\Users\Standard\Downloads\FRST64.exe
2015-06-05 08:43 - 2015-06-05 08:44 - 00274296 _____ C:\Windows\Minidump\Mini060515-01.dmp
2015-06-04 09:15 - 2015-06-04 09:15 - 00274296 _____ C:\Windows\Minidump\Mini060415-01.dmp
2015-05-31 11:40 - 2015-06-05 19:16 - 00000676 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-4018626186-3194338725-3947389847-1000.job
2015-05-31 11:40 - 2015-05-31 11:40 - 00003620 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-4018626186-3194338725-3947389847-1000
2015-05-29 15:47 - 2015-06-05 08:43 - 575290871 _____ C:\Windows\MEMORY.DMP
2015-05-29 15:47 - 2015-05-29 15:47 - 00274296 _____ C:\Windows\Minidump\Mini052915-01.dmp
2015-05-28 17:50 - 2015-05-28 17:50 - 00065890 _____ C:\Users\Standard\Desktop\AVSCAN-20150528-144035-52E11BA9.LOG
2015-05-28 16:34 - 2015-05-28 16:34 - 00000085 _____ C:\Windows\wininit.ini
2015-05-28 15:48 - 2015-05-28 15:48 - 01126608 _____ (Adobe Systems Incorporated) C:\Users\Standard\Downloads\reader10_de_ga_install.exe
2015-05-28 15:45 - 2015-05-28 15:45 - 00001927 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2015-05-28 15:45 - 2015-05-28 15:45 - 00001804 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-28 15:45 - 2015-05-28 15:45 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-05-28 15:34 - 2015-05-28 15:35 - 50629792 _____ (Adobe Systems Incorporated) C:\Users\Standard\Downloads\AcroRdrDC1500720033_de_DE (1).exe
2015-05-28 15:26 - 2015-05-28 15:26 - 00002022 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-28 15:26 - 2015-05-28 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-28 15:24 - 2015-05-28 15:24 - 43518032 _____ (Google Inc.) C:\Users\Standard\Downloads\ChromeStandaloneSetup.exe
2015-05-28 15:21 - 2015-05-28 15:22 - 50629792 _____ (Adobe Systems Incorporated) C:\Users\Standard\Downloads\AcroRdrDC1500720033_de_DE.exe
2015-05-28 14:26 - 2015-06-05 18:00 - 00000474 _____ C:\Windows\Tasks\ParetoLogic Registration3.job
2015-05-28 14:26 - 2015-05-28 14:26 - 00003144 _____ C:\Windows\System32\Tasks\ParetoLogic Registration3
2015-05-28 14:26 - 2015-05-28 14:26 - 00000000 ____D C:\Users\Standard\AppData\Roaming\ParetoLogic
2015-05-28 14:26 - 2015-05-28 14:26 - 00000000 ____D C:\Users\Standard\AppData\Roaming\DriverCure
2015-05-28 11:33 - 2015-06-05 08:44 - 00000500 _____ C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2015-05-28 11:33 - 2015-05-28 15:57 - 00000000 ____D C:\ProgramData\ParetoLogic
2015-05-28 11:33 - 2015-05-28 14:34 - 00000448 _____ C:\Windows\Tasks\ParetoLogic Update Version3.job
2015-05-28 11:33 - 2015-05-28 11:33 - 00003268 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3
2015-05-28 11:33 - 2015-05-28 11:33 - 00002932 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3 Startup Task
2015-05-28 11:23 - 2015-05-30 16:53 - 00000000 ____D C:\ProgramData\Adobe
2015-05-28 10:17 - 2015-05-28 10:17 - 00010190 _____ C:\Users\Standard\Documents\cc_20150528_101715.reg
2015-05-28 08:27 - 2015-05-29 10:12 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-05-28 08:27 - 2015-05-29 10:12 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-05-28 08:27 - 2015-05-28 08:27 - 00001235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-05-28 08:27 - 2015-05-28 08:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-05-28 08:22 - 2015-05-28 08:22 - 00000000 ____D C:\Users\Standard\Desktop\Trojaner
2015-05-22 11:54 - 2015-05-27 09:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-05-22 11:39 - 2015-06-05 09:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-15 10:36 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-05-15 10:36 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-05-15 10:36 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-05-15 10:36 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-05-15 10:36 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-05-15 10:36 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-05-15 10:36 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-05-15 10:36 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-15 10:36 - 2015-04-18 02:16 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-05-15 10:36 - 2015-04-18 02:16 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-05-15 10:36 - 2015-04-18 02:16 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-05-15 10:36 - 2015-04-18 02:16 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-05-15 10:36 - 2015-04-18 01:45 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-15 10:36 - 2015-04-18 01:44 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-05-15 10:36 - 2015-04-18 01:35 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-15 10:36 - 2015-04-18 01:33 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-15 10:36 - 2015-04-18 01:33 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-15 10:36 - 2015-04-18 01:30 - 02793472 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-15 10:10 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-15 10:10 - 2015-04-30 17:41 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-15 09:57 - 2015-04-11 01:33 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-15 09:57 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
2015-05-15 09:55 - 2015-04-30 15:14 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 09:55 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 19:03 - 2015-04-10 02:10 - 17881088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-14 19:03 - 2015-04-10 01:55 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-14 19:03 - 2015-04-10 01:53 - 10935808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-14 19:03 - 2015-04-10 01:52 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-14 19:03 - 2015-04-10 01:48 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-14 19:03 - 2015-04-10 01:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-14 19:03 - 2015-04-10 01:46 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-14 19:03 - 2015-04-10 01:46 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-14 19:03 - 2015-04-10 01:46 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-14 19:03 - 2015-04-10 01:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-14 19:03 - 2015-04-10 01:46 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-14 19:03 - 2015-04-10 01:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-14 19:03 - 2015-04-10 01:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-14 19:03 - 2015-04-10 01:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-14 19:03 - 2015-04-10 01:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-14 19:03 - 2015-04-10 01:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-14 19:03 - 2015-04-10 01:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-14 19:03 - 2015-04-10 01:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-14 19:03 - 2015-04-10 01:45 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-14 19:03 - 2015-04-10 01:45 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-14 19:03 - 2015-04-10 01:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-14 19:03 - 2015-04-10 01:45 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-14 19:03 - 2015-04-10 01:14 - 12379136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-14 19:03 - 2015-04-10 01:10 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-14 19:03 - 2015-04-10 01:08 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-14 19:03 - 2015-04-10 01:08 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-14 19:03 - 2015-04-10 01:05 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-14 19:03 - 2015-04-10 01:05 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-14 19:03 - 2015-04-10 01:04 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-14 19:03 - 2015-04-10 01:04 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-14 19:03 - 2015-04-10 01:04 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-14 19:03 - 2015-04-10 01:04 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-05-14 19:03 - 2015-04-10 01:04 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-14 19:03 - 2015-04-10 01:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-14 19:03 - 2015-04-10 01:03 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-14 19:03 - 2015-04-10 01:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-14 19:03 - 2015-04-10 01:03 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-14 19:03 - 2015-04-10 01:03 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-14 19:03 - 2015-04-10 01:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-14 19:03 - 2015-04-10 01:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-14 19:03 - 2015-04-10 01:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-14 19:03 - 2015-04-10 01:03 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-05-14 19:03 - 2015-04-10 01:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-05-14 19:03 - 2015-04-10 01:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-05-13 13:51 - 2015-05-20 09:48 - 00000000 ____D C:\ProgramData\ubao
2015-05-12 14:05 - 2015-05-12 14:25 - 00003240 _____ C:\Windows\setupact.log
2015-05-12 14:05 - 2015-05-12 14:05 - 00000000 _____ C:\Windows\setuperr.log
2015-05-12 13:54 - 2015-05-29 10:12 - 00460268 _____ C:\Windows\PFRO.log
2015-05-12 13:44 - 2015-05-12 13:44 - 00015208 _____ C:\Users\Standard\Documents\cc_20150512_134403.reg
2015-05-12 13:39 - 2015-05-12 13:39 - 00001047 _____ C:\Users\Public\Desktop\Avira.lnk
2015-05-12 13:36 - 2015-05-12 13:39 - 00000000 ____D C:\ProgramData\Package Cache
2015-05-12 13:12 - 2015-05-12 13:12 - 05248848 _____ (Piriform Ltd) C:\Users\Standard\Downloads\ccsetup505_slim.exe
2015-05-12 13:05 - 2015-05-19 09:09 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Avira
2015-05-12 13:04 - 2015-05-22 11:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-12 13:03 - 2015-05-22 11:13 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-12 13:03 - 2015-05-22 11:13 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-12 13:03 - 2015-05-19 09:07 - 00000000 ____D C:\ProgramData\Avira
2015-05-12 13:03 - 2015-05-12 13:39 - 00000000 ____D C:\Program Files (x86)\Avira
2015-05-12 13:03 - 2014-07-02 13:06 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-05 19:21 - 2013-02-19 16:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-05 19:12 - 2015-03-04 12:02 - 00000580 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4018626186-3194338725-3947389847-1000.job
2015-06-05 18:44 - 2006-11-02 17:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-05 18:44 - 2006-11-02 17:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-05 18:43 - 2010-01-27 11:41 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-05 18:12 - 2009-09-25 14:46 - 01092838 _____ C:\Windows\WindowsUpdate.log
2015-06-05 08:44 - 2010-01-27 11:41 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-05 08:44 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-05 08:43 - 2009-12-21 18:19 - 00000000 ____D C:\Windows\Minidump
2015-06-04 09:36 - 2006-11-02 17:42 - 00032510 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-04 09:20 - 2012-10-16 15:41 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Skype
2015-05-31 11:47 - 2009-09-28 16:32 - 00013312 _____ C:\Users\Standard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-31 11:40 - 2015-03-04 12:02 - 00003524 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4018626186-3194338725-3947389847-1000
2015-05-28 15:58 - 2010-01-22 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radar 9
2015-05-28 15:50 - 2010-02-14 18:31 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Adobe
2015-05-28 15:46 - 2010-04-01 21:13 - 00000000 ____D C:\Users\Standard\AppData\Local\Adobe
2015-05-28 15:25 - 2009-06-05 17:25 - 00000000 ____D C:\Program Files (x86)\Google
2015-05-28 14:28 - 2012-05-15 10:24 - 00001913 _____ C:\Users\Public\Desktop\ViewNX 2.lnk
2015-05-28 14:28 - 2006-11-02 17:36 - 00001807 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
2015-05-28 14:28 - 2006-11-02 17:36 - 00001758 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-05-28 14:28 - 2006-11-02 17:35 - 00001712 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
2015-05-28 14:28 - 2006-11-02 17:34 - 00001723 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
2015-05-28 08:25 - 2012-01-25 13:21 - 00000680 _____ C:\Users\Standard\AppData\Local\d3d9caps.dat
2015-05-27 11:17 - 2012-05-09 09:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-20 08:38 - 2010-01-27 11:41 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-20 08:38 - 2010-01-27 11:41 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-19 08:50 - 2006-11-02 17:21 - 00331896 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-15 10:37 - 2006-11-02 17:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2015-05-15 10:37 - 2006-11-02 17:07 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-15 10:34 - 2008-01-21 13:10 - 01469650 _____ C:\Windows\system32\PerfStringBackup.INI
2015-05-15 10:34 - 2008-01-21 13:09 - 00628992 _____ C:\Windows\system32\perfh007.dat
2015-05-15 10:34 - 2008-01-21 13:09 - 00126704 _____ C:\Windows\system32\perfc007.dat
2015-05-15 10:20 - 2015-05-02 18:19 - 00000000 ____D C:\Windows\system32\MRT
2015-05-15 10:20 - 2009-06-05 17:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-15 10:13 - 2006-11-02 14:35 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-05-15 04:37 - 2006-11-02 17:07 - 00000000 ____D C:\Windows\ShellNew
2015-05-15 04:37 - 2006-11-02 14:33 - 69468160 _____ C:\Windows\system32\config\software_previous
2015-05-15 04:37 - 2006-11-02 14:33 - 20709376 _____ C:\Windows\system32\config\system_previous
2015-05-15 04:36 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\system32\spool
2015-05-15 04:36 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\system32\Msdtc
2015-05-15 04:36 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\registration
2015-05-15 04:32 - 2006-11-02 14:33 - 61341696 _____ C:\Windows\system32\config\components_previous
2015-05-15 04:32 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\sam_previous
2015-05-14 19:38 - 2014-05-09 22:19 - 00001954 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-05-14 19:38 - 2014-05-09 22:19 - 00001952 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-05-14 19:38 - 2014-05-09 22:19 - 00001942 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-05-14 19:38 - 2014-05-09 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-14 18:39 - 2009-09-25 15:19 - 00000000 ____D C:\Users\Standard
2015-05-14 11:19 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\security_previous
2015-05-14 11:19 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\default_previous
2015-05-12 14:59 - 2015-04-30 18:43 - 00000000 ___HD C:\Users\Standard\AppData\Local\Rent_warn
2015-05-12 14:12 - 2013-01-18 18:56 - 00000000 ____D C:\Windows\pss
2015-05-12 14:05 - 2010-09-03 16:15 - 00001460 _____ C:\Users\Standard\AppData\Local\d3d9caps64.dat
2015-05-12 13:22 - 2012-02-08 15:48 - 00000000 ___RD C:\Users\Standard\Dropbox
2015-05-12 13:22 - 2012-02-08 15:44 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Dropbox
2015-05-12 13:21 - 2012-02-08 15:48 - 00000933 _____ C:\Users\Standard\Desktop\Dropbox.lnk
2015-05-12 13:21 - 2012-02-08 15:45 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-12 13:16 - 2013-01-18 18:44 - 00000775 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-05-12 13:16 - 2013-01-18 18:44 - 00000000 ____D C:\Program Files\CCleaner

==================== Files in the root of some directories =======

2012-05-15 10:24 - 2012-05-15 10:24 - 0000268 ___RH () C:\Users\Standard\AppData\Roaming\Libraries
2012-05-15 10:25 - 2012-05-15 10:25 - 0000268 ___RH () C:\Users\Standard\AppData\Roaming\Licenses
2012-05-15 10:24 - 2012-05-15 10:24 - 0000268 ___RH () C:\Users\Standard\AppData\Roaming\Light Machine
2009-10-21 18:37 - 2009-10-21 18:37 - 0000000 _____ () C:\Users\Standard\AppData\Roaming\wklnhst.dat
2012-01-25 13:21 - 2015-05-28 08:25 - 0000680 _____ () C:\Users\Standard\AppData\Local\d3d9caps.dat
2010-09-03 16:15 - 2015-05-12 14:05 - 0001460 _____ () C:\Users\Standard\AppData\Local\d3d9caps64.dat
2009-09-28 16:32 - 2015-05-31 11:47 - 0013312 _____ () C:\Users\Standard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-02-01 15:58 - 2010-02-01 15:59 - 0421538 _____ () C:\Users\Standard\AppData\Local\dd_vcredistMSI0B4F.txt
2012-02-10 10:52 - 2012-02-10 10:53 - 0433634 _____ () C:\Users\Standard\AppData\Local\dd_vcredistMSI2D1A.txt
2012-02-10 10:53 - 2012-02-10 10:54 - 0435850 _____ () C:\Users\Standard\AppData\Local\dd_vcredistMSI2DE1.txt
2010-02-01 15:58 - 2010-02-01 15:59 - 0011474 _____ () C:\Users\Standard\AppData\Local\dd_vcredistUI0B4F.txt
2012-02-10 10:52 - 2012-02-10 10:53 - 0011616 _____ () C:\Users\Standard\AppData\Local\dd_vcredistUI2D1A.txt
2012-02-10 10:53 - 2012-02-10 10:54 - 0011632 _____ () C:\Users\Standard\AppData\Local\dd_vcredistUI2DE1.txt
2011-12-29 22:28 - 2011-12-29 22:28 - 0000000 _____ () C:\Users\Standard\AppData\Local\{B20DAE09-5B49-4912-9AEA-0D430ED36FB1}
2012-05-15 10:24 - 2012-05-15 10:24 - 0000268 ___RH () C:\ProgramData\Logs
2012-05-15 10:25 - 2012-05-15 10:25 - 0000268 ___RH () C:\ProgramData\MAS
2012-05-15 10:24 - 2012-05-15 10:24 - 0000268 ___RH () C:\ProgramData\MIDI Configurations
2012-05-15 10:24 - 2012-05-15 10:24 - 0000012 ___RH () C:\ProgramData\Nature
2012-05-15 10:25 - 2012-05-15 10:25 - 0000012 ___RH () C:\ProgramData\NetServices
2012-05-15 10:24 - 2012-05-15 10:24 - 0000012 ___RH () C:\ProgramData\Organic
2012-05-15 10:25 - 2012-05-15 10:25 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2012-05-15 10:24 - 2015-04-03 18:20 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2012-05-15 10:24 - 2013-01-06 15:09 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT

Some files in TEMP:
====================
C:\Users\Standard\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-05 08:52

==================== End of log ============================
         
--- --- ---
#

#Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Standard at 2015-06-05 19:23:48
Running from C:\Users\Standard\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4018626186-3194338725-3947389847-500 - Administrator - Disabled)
Gast (S-1-5-21-4018626186-3194338725-3947389847-501 - Limited - Disabled)
Standard (S-1-5-21-4018626186-3194338725-3947389847-1000 - Administrator - Enabled) => C:\Users\Standard

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3SwitcheD LITE (HKLM-x32\...\3SwitcheD LITE) (Version: 1.0.0.0 - Reality Pump)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.102.302.104 - ALPS ELECTRIC CO., LTD.)
ANNO 1503 GOLD (HKLM-x32\...\{DB833EF9-A198-49BE-970A-BD46F30BFBB4}) (Version: 1.05.00 - )
ArcSoft Panorama Maker 6 (HKLM-x32\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{190A60F1-2FEE-0A11-7D37-D8607809CC39}) (Version: 3.0.723.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Brother MFL-Pro Suite (HKLM-x32\...\{004B8D14-7E3A-490A-ABB3-753535E169E3}) (Version: 1.00 - Brother Industries, Ltd.)
ccc-core-static (x32 Version: 2009.0421.2132.36832 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
ChickenShoot (HKLM-x32\...\ChickenShoot) (Version: 1.0.1.0 - ToonTraxx)
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
DVAG Online-System (HKLM-x32\...\DVAG Online System) (Version: 1.2 - Deutsche Vermögensberatung AG)
Encyclopaedia Homeopathica (HKLM-x32\...\{17DFC892-17D0-4D28-9684-E0634B0471DE}) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GoToMeeting 7.2.0.2759 (HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\...\GoToMeeting) (Version: 7.2.0.2759 - CitrixOnline)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
Jewels of Atlantis (HKLM-x32\...\JOA_is1) (Version:  - City Interactive)
Luxor HD (HKLM-x32\...\Luxor HD) (Version: 1.1.0.0 - MumboJumbo)
Micam 1.4 (HKLM-x32\...\Micam-1.4_is1) (Version:  - Marien van Westen)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
myphotobook 3.65 (HKLM-x32\...\myphotobook) (Version: 3.65 - myphotobook)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.3.1 - Nikon)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Picasa 2 (HKLM-x32\...\Picasa2) (Version: 2.0 - Google, Inc.)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.3 - Nikon)
PlayReady PC runtime (HKLM\...\{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}) (Version: 1 - Microsoft Corporation)
Radar 9 (HKLM-x32\...\Radar 9) (Version:  - )
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0004 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5821 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20132 - Realtek Semiconductor Corp.)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Skins (x32 Version: 2009.0421.2132.36832 - ATI) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.14563 - TeamViewer)
Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.08 - TOSHIBA)
TOSHIBA Benutzerhandbücher (HKLM-x32\...\{1C971EE3-B4C4-4367-9676-57549919C6CE}) (Version: 7.40 - TOSHIBA)
TOSHIBA ConfigFree (HKLM-x32\...\{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}) (Version: 7.4.9 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.00.1.04-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.0.3.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.0.5.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.3C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.0.64.1 - TOSHIBA Corporation)
Toshiba Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.06.0000 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.3.2.64 - TOSHIBA Corporation)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 for x64 - TOSHIBA)
TOSHIBA Recovery Disk Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0017 - TOSHIBA)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.9.1.12 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.0.26 - TOSHIBA)
TOSHIBA Supervisorkennwort (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.3C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.8.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.0.1.8 - TOSHIBA Corporation)
TRORDCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.6 - TOSHIBA)
TRORDCLauncher (x32 Version: 1.0.0.6 - TOSHIBA) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
USB Video/Audio Driver (HKLM-x32\...\InstallShield_{4D6FC0A8-37D6-45FE-A5D0-67A995AA082C}) (Version: 1.00.0000 - Ihr Firmenname)
USB Video/Audio Driver (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden
Utility Common Driver (x32 Version: 1.0.50.22C - TOSHIBA) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.3.1 - Nikon)
WildTangent-Spiele (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.71 - WildTangent)
XSManager (HKLM-x32\...\XSManager) (Version: 3.0 - XSManager)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4018626186-3194338725-3947389847-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Standard\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018626186-3194338725-3947389847-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Standard\AppData\Local\Citrix\GoToMeeting\1669\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-4018626186-3194338725-3947389847-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018626186-3194338725-3947389847-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018626186-3194338725-3947389847-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018626186-3194338725-3947389847-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018626186-3194338725-3947389847-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018626186-3194338725-3947389847-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018626186-3194338725-3947389847-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018626186-3194338725-3947389847-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018626186-3194338725-3947389847-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

31-05-2015 11:04:34 Windows-Sicherung
31-05-2015 12:00:04 Windows-Sicherung
01-06-2015 21:13:38 Geplanter Prüfpunkt
01-06-2015 23:01:17 Windows-Sicherung
03-06-2015 08:00:58 Windows-Sicherung
04-06-2015 09:26:08 Windows-Sicherung
05-06-2015 08:24:32 Windows-Sicherung
05-06-2015 12:00:29 Windows-Sicherung

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 14:34 - 2006-09-18 23:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {237BD26C-51C1-4686-8CFF-364B6F6464A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {2748E5F3-8B8A-4F3E-A2B3-220EBE6F298A} - System32\Tasks\{F22A86C4-4D49-4FF9-90FA-4329A476338A} => pcalua.exe -a C:\Windows\IsUn0407.exe -c -fC:\Windows\DeIsL1.isu
Task: {4C6BD89A-311A-4F23-AECC-9726115B238B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {614A202C-7A5C-4FAD-B797-5AA47B4D417E} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {7F63A11B-8FFE-44E9-8F4D-EF610DDAF9FD} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08] ()
Task: {803BE084-E0BE-44EF-B2E1-D7F4D52849D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {947A6FC7-E2BC-4AF5-BE65-266767AA2BDA} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08] ()
Task: {9480AE2F-F67A-436C-AF41-83FD14EB5859} - System32\Tasks\G2MUpdateTask-S-1-5-21-4018626186-3194338725-3947389847-1000 => C:\Users\Standard\AppData\Local\Citrix\GoToMeeting\2759\g2mupdate.exe [2015-05-31] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {A22B38EE-2616-43F8-8084-16975A29B700} - System32\Tasks\G2MUploadTask-S-1-5-21-4018626186-3194338725-3947389847-1000 => C:\Users\Standard\AppData\Local\Citrix\GoToMeeting\2759\g2mupload.exe [2015-05-31] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {BF444824-C1F8-48B3-9B4A-4B2669080DA1} - System32\Tasks\{17A9840A-A75B-40FF-B411-515D74D93B16} => pcalua.exe -a F:\setup.exe -d F:\
Task: {D0B5BE99-47FE-469A-BA98-FAA78CFB23A1} - System32\Tasks\Norton Security Scan for Standard => C:\Program Files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe
Task: {E4B985CC-9B86-417E-BA3C-D6F9CCAC51E3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)
Task: {FB9D40A7-294B-442F-8A5F-8833D785814F} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Standard => C:\Program Files (x86)\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4018626186-3194338725-3947389847-1000.job => C:\Users\Standard\AppData\Local\Citrix\GoToMeeting\2759\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-4018626186-3194338725-3947389847-1000.job => C:\Users\Standard\AppData\Local\Citrix\GoToMeeting\2759\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Registration3.job => C:\Windows\system32\rundll32.exeGC:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe

==================== Loaded Modules (Whitelisted) ==============

2009-09-25 14:49 - 2009-04-21 22:06 - 00120320 _____ () C:\Windows\system32\atitmm64.dll
2011-12-17 18:36 - 2005-04-22 14:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2009-04-24 11:39 - 2009-04-24 11:39 - 00549376 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2014-07-10 11:43 - 2009-06-22 15:21 - 00304592 ____N () C:\Program Files (x86)\XSManager\WTGService.exe
2009-02-10 12:32 - 2009-02-10 12:32 - 00076288 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2009-09-25 14:51 - 2009-09-25 14:51 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-11-25 10:19 - 2008-11-25 10:19 - 01193472 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Implementation\64\wbocx.ocx
2009-01-30 10:41 - 2009-01-30 10:41 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-09-25 14:51 - 2009-09-25 14:51 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-04-08 21:53 - 2015-04-08 21:53 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2011-12-17 18:34 - 2008-12-25 13:36 - 00139264 ____N () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-04-16 09:22 - 2015-04-16 09:22 - 16863920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:19170FB7

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Standard\Pictures\Sommer 2012\154.JPG
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Standard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Standard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: absolute_electrode_potential => C:\ProgramData\Adobe\Reader\9.5\ARM\10507\ieee802_11a\maxwells_equations.exe
MSCONFIG\startupreg: automatic_meter_reading => C:\ProgramData\Adobe\Reader\9.2\ARM(37)\schottky_barrier_diode\analog_fan_controller.exe
MSCONFIG\startupreg: base_transceiver_station => C:\ProgramData\Adobe\Reader\9.5\ARM\12915\pulse_code_modulation\transmission_gate.exe
MSCONFIG\startupreg: biology => C:\ProgramData\Adobe\Reader\9.5\ARM\12767\scattering_parameters\high_bit_rate_digital.exe
MSCONFIG\startupreg: biophysics => C:\ProgramData\Adobe\Reader\9.5\ARM\14213\dc_dc_converter\yield.exe
MSCONFIG\startupreg: bottom-weekend => C:\Users\Standard\AppData\Local\Temp\Bottom-command\bottom-post.exe
MSCONFIG\startupreg: brown_and_sharpe_wire => C:\ProgramData\Adobe\Reader\9.5\ARM\13677\deepcover\bit_error_rate.exe
MSCONFIG\startupreg: compensation => C:\ProgramData\Adobe\Reader\9.5\ARM\12214\high_z\interleave.exe
MSCONFIG\startupreg: contact_bounce => C:\ProgramData\Adobe\Reader\9.5\ARM\1402\utility_frequency\signal_to_noise_ratio.exe
MSCONFIG\startupreg: cow_live => C:\Users\Standard\AppData\Local\Temp\Cow_string\cow-layer.exe
MSCONFIG\startupreg: crossover => C:\ProgramData\Adobe\Reader\9.5\ARM\10207\lvpecl\lever.exe
MSCONFIG\startupreg: current_sensing => C:\ProgramData\Adobe\Reader\9.5\ARM\11460\displacement_fluid\linear_elasticity.exe
MSCONFIG\startupreg: degrees_of_freedom => C:\ProgramData\Adobe\Reader\9.5\ARM\10190\weighted_mean\wcdma_fdd.exe
MSCONFIG\startupreg: digital_to_analog_converter => C:\ProgramData\Adobe\Reader\9.5\ARM\12056\dc_dc\indefinite_integral.exe
MSCONFIG\startupreg: keyboard_video_mouse => C:\ProgramData\Adobe\Reader\9.5\ARM\14178\switched_cap\plasma_physics.exe
MSCONFIG\startupreg: max_hold_step_mv => C:\ProgramData\Adobe\Reader\9.5\ARM\11411\image_frequency\frequency_synthesizer.exe
MSCONFIG\startupreg: meal-chain => C:\Users\Standard\AppData\Local\Temp\Meal_imagine\meal-alarm.exe
MSCONFIG\startupreg: mesfet => C:\ProgramData\Adobe\Reader\9.5\ARM\13830\click\intermediate_frequency.exe
MSCONFIG\startupreg: noxious_fumes => C:\ProgramData\Adobe\Reader\9.5\ARM\1121\handover\digital_log_pot.exe
MSCONFIG\startupreg: opamp => C:\ProgramData\Adobe\Reader\9.5\ARM\13021\solid_mechanics\pc_board.exe
MSCONFIG\startupreg: optical_network_unit => C:\ProgramData\Adobe\Reader\9.5\ARM\12056\computer_aided_manufacturing\esbga.exe
MSCONFIG\startupreg: phase_equilibrium => C:\ProgramData\Adobe\Reader\9.5\ARM\13753\ieee_802_11g\physical_quantity.exe
MSCONFIG\startupreg: physical_chemistry => C:\ProgramData\Adobe\Reader\9.5\ARM\1402\push_pull\gravitational_potential.exe
MSCONFIG\startupreg: powerline => C:\ProgramData\Adobe\Reader\9.5\ARM\11460\iec_connector\ohms_law.exe
MSCONFIG\startupreg: pressure_cooker_test => C:\ProgramData\Adobe\Reader\9.5\ARM\11119\powercap\coefficient_of_performance.exe
MSCONFIG\startupreg: rent_building => C:\Users\Standard\AppData\Local\Rent_warn\rent-ought.exe
MSCONFIG\startupreg: secure_digital => C:\ProgramData\Adobe\Acrobat\9.0\Replicate\Security\computer_aided_engineering\ripple_rejection.exe
MSCONFIG\startupreg: spurious_free => C:\ProgramData\Adobe\Reader\9.5\ARM\13173\environmental_engineering\logarithmic_potentiometer.exe
MSCONFIG\startupreg: starter4g => C:\Windows\starter4g.exe
MSCONFIG\startupreg: system-spirit => C:\Users\Standard\AppData\Local\Temp\System-pleased\system_say.exe
MSCONFIG\startupreg: tdd_wcdma => C:\ProgramData\Adobe\Reader\9.5\ARM\12214\base_station\small_form_factor_plug.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: thermtrip => C:\ProgramData\Adobe\Reader\9.5\ARM\12161\electromagnetic_interface\wcdma.exe
MSCONFIG\startupreg: TOSHIBA Online Product Information => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
MSCONFIG\startupreg: TWebCamera => "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
MSCONFIG\startupreg: window-plant => C:\Users\Standard\AppData\Local\Temp\Window_site\window-find.exe
MSCONFIG\startupreg: yttrium_iron_garnet => C:\ProgramData\Adobe\Reader\9.5\ARM\11195\boiling_point\henrys_law.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [TCP Query User{5DF11954-A977-435D-B5C1-7F8E0B9E9E04}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{8DF77E80-095F-4BB5-B992-C37F1693BE75}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [TCP Query User{9A2B7626-9619-4CA3-B045-A519BCB829E9}D:\jre\bin\java.exe] => (Block) D:\jre\bin\java.exe
FirewallRules: [UDP Query User{C7CBD133-FD41-4739-BC2A-0D05494137E9}D:\jre\bin\java.exe] => (Block) D:\jre\bin\java.exe
FirewallRules: [{5D0FA802-20E7-48A1-832F-9B72D9017026}] => (Allow) LPort=80
FirewallRules: [{EF02009B-9B15-4F61-B7E1-CDA34E2CA1E4}] => (Allow) LPort=80
FirewallRules: [{6161BC6A-B508-47FB-89C4-726C1A1ADA28}] => (Allow) LPort=80
FirewallRules: [TCP Query User{58FB213F-D776-4A34-84C9-11DE23E10085}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Block) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{D7256998-B9AC-4F1D-B892-1B3C385A5513}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Block) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{D244CA66-62A4-4F84-BD81-2E286E02105E}] => (Allow) C:\Program Files (x86)\Brother\Brmfl08i\FAXRX.exe
FirewallRules: [{C45432E6-F848-4AF7-ADEA-48397A213DBA}] => (Allow) C:\Program Files (x86)\Brother\Brmfl08i\FAXRX.exe
FirewallRules: [{BD74DAFE-A65C-4E23-8F62-822CE6828F11}] => (Allow) LPort=54925
FirewallRules: [{3227269D-FC36-43EA-9073-FC1D362E601C}] => (Allow) C:\Users\Standard\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2541D446-70AB-487E-B506-1F66581E6B05}] => (Allow) C:\Users\Standard\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{02DF306F-F683-48BF-8620-F5CDCB8456AC}] => (Allow) C:\Program Files (x86)\ToonTraxx\ChickenShoot\Kurka.exe
FirewallRules: [{5413866F-FE97-4906-A26B-4C2E6ABA2017}] => (Allow) C:\Program Files (x86)\ToonTraxx\ChickenShoot\Kurka.exe
FirewallRules: [{E6D2DCBB-8D03-4B8C-87F5-BAFB717545DE}] => (Allow) C:\Program Files (x86)\Reality Pump\3SwitcheD LITE\3SwitcheD_LITE.exe
FirewallRules: [{8DF15048-3C5C-4980-834D-E12FFBF7F848}] => (Allow) C:\Program Files (x86)\Reality Pump\3SwitcheD LITE\3SwitcheD_LITE.exe
FirewallRules: [{378C554B-69FD-4293-BF8D-E6A73079124C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{3BD5CA6F-B8B6-4472-B847-8A1F9D3A73EA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{E54A3D81-6155-4B92-9EDC-77A8BBFC4B61}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{135FF641-F39B-44C2-B15A-2E3A33D47AEE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{DC2B85D3-B3DF-4206-80A0-36C1FAA19142}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{186C8C87-F069-46F7-8DC0-0CC5C2ABAD0F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1C0096DF-F30C-42CE-AB19-854A352A32B4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{EDF87716-46A7-4E1A-ADAC-E062DE06BA26}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{2D34F15A-21E5-4857-AD6A-C7E8B3E6F346}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{1D1D4814-29F2-4B6B-88D3-10F58F492865}C:\users\standard\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\standard\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{F09719FF-9B51-4EB3-AD4C-1A25E325C56B}C:\users\standard\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\standard\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{71FCDA98-EAB1-4A34-ABF2-833C64AC1271}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/05/2015 08:48:08 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\STANDARD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\SKYPEICON.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/05/2015 08:48:08 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\STANDARD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\SKYPEICON.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/05/2015 08:48:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\STANDARD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\SKYPE.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/05/2015 08:48:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\STANDARD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\SKYPE.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/05/2015 08:48:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\STANDARD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\PLUS.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/05/2015 08:48:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\STANDARD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\PLUS.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/05/2015 08:48:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\STANDARD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\PICTURE.JPG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/05/2015 08:48:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\STANDARD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\PICTURE.JPG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/05/2015 08:48:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\STANDARD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\MSDEFAULTPICTURE.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/05/2015 08:48:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\STANDARD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\MSDEFAULTPICTURE.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)


System errors:
=============
Error: (06/05/2015 08:46:18 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: NetworkX

Error: (06/05/2015 08:45:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Hardlock%%577

Error: (06/05/2015 08:45:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Crypkey License%%2

Error: (06/05/2015 08:43:58 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 05.06.2015 um 08:41:44 unerwartet heruntergefahren.

Error: (06/05/2015 08:16:52 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: NetworkX

Error: (06/05/2015 08:15:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Hardlock%%577

Error: (06/05/2015 08:15:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Crypkey License%%2

Error: (06/04/2015 09:17:55 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: NetworkX

Error: (06/04/2015 09:17:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Hardlock%%577

Error: (06/04/2015 09:17:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Crypkey License%%2


Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-06-05 08:44:21.708
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-06-05 08:44:21.302
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-06-05 08:14:27.035
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-06-05 08:14:26.583
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-06-04 09:15:56.320
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-06-04 09:15:55.962
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-06-04 09:05:55.508
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-06-04 09:05:54.993
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-06-03 20:06:15.622
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-06-03 20:06:15.247
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 65%
Total physical RAM: 4059.93 MB
Available physical RAM: 1412.61 MB
Total Pagefile: 8325.16 MB
Available Pagefile: 3499.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:116.44 GB) (Free:29.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:114.98 GB) (Free:90.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 7878FC96)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=115 GB) - (Type=07 NTFS)

==================== End of log ============================
         
--- --- ---
#
__________________

Alt 05.06.2015, 19:10   #4
bien2000
 
Trojaner durch gefakte Amazon Mail "eingefangen" - Standard

TDSS mit richtigen Einstellungen



#20:03:33.0062 0x76b4 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
20:03:37.0735 0x76b4 ============================================================
20:03:37.0735 0x76b4 Current date / time: 2015/06/05 20:03:37.0735
20:03:37.0735 0x76b4 SystemInfo:
20:03:37.0735 0x76b4
20:03:37.0735 0x76b4 OS Version: 6.0.6002 ServicePack: 2.0
20:03:37.0735 0x76b4 Product type: Workstation
20:03:37.0735 0x76b4 ComputerName: TOSHIBA
20:03:37.0735 0x76b4 UserName: Standard
20:03:37.0735 0x76b4 Windows directory: C:\Windows
20:03:37.0735 0x76b4 System windows directory: C:\Windows
20:03:37.0735 0x76b4 Running under WOW64
20:03:37.0735 0x76b4 Processor architecture: Intel x64
20:03:37.0735 0x76b4 Number of processors: 2
20:03:37.0735 0x76b4 Page size: 0x1000
20:03:37.0735 0x76b4 Boot type: Normal boot
20:03:37.0735 0x76b4 ============================================================
20:03:38.0043 0x76b4 System UUID: {41F344C0-4F8B-45CB-A7B3-25D5C27062F4}
20:03:38.0669 0x76b4 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:03:38.0683 0x76b4 ============================================================
20:03:38.0683 0x76b4 \Device\Harddisk0\DR0:
20:03:38.0683 0x76b4 MBR partitions:
20:03:38.0683 0x76b4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xE8E2800
20:03:38.0683 0x76b4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xEBD1000, BlocksNum 0xE5F4800
20:03:38.0683 0x76b4 ============================================================
20:03:38.0717 0x76b4 C: <-> \Device\Harddisk0\DR0\Partition1
20:03:38.0755 0x76b4 E: <-> \Device\Harddisk0\DR0\Partition2
20:03:38.0755 0x76b4 ============================================================
20:03:38.0755 0x76b4 Initialize success
20:03:38.0755 0x76b4 ============================================================
20:05:42.0043 0x6c50 ============================================================
20:05:42.0043 0x6c50 Scan started
20:05:42.0043 0x6c50 Mode: Manual; SigCheck; TDLFS;
20:05:42.0043 0x6c50 ============================================================
20:05:42.0043 0x6c50 KSN ping started
20:05:44.0401 0x6c50 KSN ping finished: true
20:05:45.0399 0x6c50 ================ Scan system memory ========================
20:05:45.0399 0x6c50 System memory - ok
20:05:45.0400 0x6c50 ================ Scan services =============================
20:05:45.0572 0x6c50 [ EB2290ED2AFEA6D9C9773B818F2C1EA3, 7CC151FD71E0F32C106A6699B54E9C18CC43859A98B5A891646DD7FAEF9FFC54 ] 45636398 C:\Windows\system32\drivers\78466241.sys
20:05:45.0642 0x6c50 [ 1965AAFFAB07E3FB03C77F81BEBA3547, 351A1EBB1B95C8E03ED125C8F997DEE810B4DF36AD290E7685FC01963B522BFC ] ACPI C:\Windows\system32\drivers\acpi.sys
20:05:45.0756 0x6c50 ACPI - ok
20:05:45.0877 0x6c50 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A, F419E159D3E428A3929A1A983142E7B0783D3F104EE9587585418E51011E4B8F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:05:45.0891 0x6c50 AdobeARMservice - ok
20:05:46.0002 0x6c50 [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:05:46.0023 0x6c50 AdobeFlashPlayerUpdateSvc - ok
20:05:46.0087 0x6c50 [ F14215E37CF124104575073F782111D2, 7F624F7F0FE9909C07AB2E4C74727686FDA9DF33778A9CBBE35027D6579E4F71 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:05:46.0117 0x6c50 adp94xx - ok
20:05:46.0177 0x6c50 [ 7D05A75E3066861A6610F7EE04FF085C, 406F2CE539C306BA60C233FBCDB029153588F0499BBE91E66FC915E5C5D7D2A5 ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:05:46.0207 0x6c50 adpahci - ok
20:05:46.0229 0x6c50 [ 820A201FE08A0C345B3BEDBC30E1A77C, 3170B308724CAA0AD50B74D045C837C48BD6A3A11ABA222670BEA82192A861BF ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
20:05:46.0246 0x6c50 adpu160m - ok
20:05:46.0273 0x6c50 [ 9B4AB6854559DC168FBB4C24FC52E794, 83CD75DE0A16AE66586837565ECA8B98BA9309519139C4C2032474B8DDF5A1AD ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:05:46.0293 0x6c50 adpu320 - ok
20:05:46.0323 0x6c50 [ 0F421175574BFE0BF2F4D8E910A253BB, CEABE3A4F546EB6ACA079931AB532DC88FF757DEEF6F434991802220328A9CD6 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:05:46.0397 0x6c50 AeLookupSvc - ok
20:05:46.0480 0x6c50 [ E58A17E945593544C707423F9772EEA0, FC17AFF979354EB89DCA307BF07C52B84629AF540D4C6A32DD537695CA654205 ] AFD C:\Windows\system32\drivers\afd.sys
20:05:46.0523 0x6c50 AFD - ok
20:05:46.0576 0x6c50 [ F6F6793B7F17B550ECFDBD3B229173F7, 7EB12A9372B7966440E39F1B567A43C21231D67DDFAA9C1DECC7E68627F82346 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:05:46.0597 0x6c50 agp440 - ok
20:05:46.0639 0x6c50 [ 222CB641B4B8A1D1126F8033F9FD6A00, 8C7FD4BF87DC00893B99E64344C0E6A3F321DAD9BE60A99763629260E7C6312C ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:05:46.0656 0x6c50 aic78xx - ok
20:05:46.0706 0x6c50 [ 5922F4F59B7868F3D74BBBBEB7B825A3, 71504BC8B596F540BF059059670BC0C138D8759C1DD9F99F1EC368FD5C53F573 ] ALG C:\Windows\System32\alg.exe
20:05:46.0788 0x6c50 ALG - ok
20:05:46.0836 0x6c50 [ 157D0898D4B73F075CE9FA26B482DF98, 84C3E163D7393FD306842F155C88A50B7D8AE88B59586F9014DB76B749CC33D5 ] aliide C:\Windows\system32\drivers\aliide.sys
20:05:46.0851 0x6c50 aliide - ok
20:05:46.0900 0x6c50 [ C5EF0A376CE36979409774A5B9DC7903, 1832427B7F95D83114344E5B1F665C2DE09867720CADA4C059F99C6CA2912492 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:05:46.0940 0x6c50 AMD External Events Utility - ok
20:05:46.0965 0x6c50 [ 970FA5059E61E30D25307B99903E991E, CFB241803A63EA3469B2596462A42DDCA813B3ACF96E56BB34F5979BB34DDC32 ] amdide C:\Windows\system32\drivers\amdide.sys
20:05:46.0980 0x6c50 amdide - ok
20:05:47.0016 0x6c50 [ CDC3632A3A5EA4DBB83E46076A3165A1, 40BE3451A3F29CD3352360FF72165C54237E44D01006390805D493B0D06F51DB ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:05:47.0055 0x6c50 AmdK8 - ok
20:05:47.0180 0x6c50 [ 4428DC966DD5D0659AA7CA913D1D7652, 267D0F64354A105A2A64AB41607E3EB22CF8B448D2EBEC62C31829F03736836D ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
20:05:47.0223 0x6c50 AntiVirMailService - ok
20:05:47.0303 0x6c50 [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:05:47.0352 0x6c50 AntiVirSchedulerService - ok
20:05:47.0389 0x6c50 [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:05:47.0415 0x6c50 AntiVirService - ok
20:05:47.0497 0x6c50 [ 266C0506DF8BA3990E12885E64EE4420, 60995CFE54B8594179BEAB06C4498CBF997B0C85147E5DD747CE238C89F6979D ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
20:05:47.0558 0x6c50 AntiVirWebService - ok
20:05:47.0650 0x6c50 [ 19B93A45C4428419E60FE840014407E7, 36E55DDF0091A8662D34BA151FB74DCCD6CFB8FFB9C6CE403042B5519F6512C0 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
20:05:47.0673 0x6c50 ApfiltrService - ok
20:05:47.0721 0x6c50 [ 7C8ECAAD76EA1D076A450C8303D9BD98, 90904B2BE380A51BDCEDADA530214CE5321C06456E10F5985B40E3282902BEF6 ] Appinfo C:\Windows\System32\appinfo.dll
20:05:47.0755 0x6c50 Appinfo - ok
20:05:47.0785 0x6c50 [ BA8417D4765F3988FF921F30F630E303, 876A8F34E578020DD9EDD64F7F77A0A3B4592EC568830B500D7EA844D3159C72 ] arc C:\Windows\system32\drivers\arc.sys
20:05:47.0801 0x6c50 arc - ok
20:05:47.0839 0x6c50 [ 9D41C435619733B34CC16A511E644B11, DEFFBBB5ECE33B7DF949DF979188AF3B6674E7580FC069397AB756EA84E24822 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:05:47.0856 0x6c50 arcsas - ok
20:05:47.0887 0x6c50 [ 22D13FF3DAFEC2A80634752B1EAA2DE6, 503F7E5F1B14D3F7AEAB0982E812B19DABE38FD4104D93922F50F0B2D19BECFB ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:05:47.0924 0x6c50 AsyncMac - ok
20:05:47.0953 0x6c50 [ B388797CAAB36D523840347CC6A39B96, E63FB05F2D98F7B419C17EDAA09EC45A18F6B620D3C88384BBE4F50FB08C6CBE ] atapi C:\Windows\system32\drivers\atapi.sys
20:05:47.0967 0x6c50 atapi - ok
20:05:48.0241 0x6c50 [ C28928BECD9D35248C2A6CB18032CACC, 83DBC9EBC87E139BED7B0AFB10C5FCA82B6A24B0F7E51B04B54F8570D9752C65 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:05:48.0522 0x6c50 atikmdag - ok
20:05:48.0637 0x6c50 [ 4FCE8096191D260028FB6585A4159D6F, FCCB53A93CE69C8A21B61A4DE678AB3A59A55828BCA655D5E5AB6B08CE6FB412 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:05:48.0685 0x6c50 AudioEndpointBuilder - ok
20:05:48.0756 0x6c50 [ 4FCE8096191D260028FB6585A4159D6F, FCCB53A93CE69C8A21B61A4DE678AB3A59A55828BCA655D5E5AB6B08CE6FB412 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:05:48.0789 0x6c50 AudioSrv - ok
20:05:48.0838 0x6c50 [ 43B6D229C7DBA9F0FC0FC0C318DB5350, F5A525DBD71FC4A323E92839C6D27F323FB304B7E9FFA35E89E9B419570AA4C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:05:48.0855 0x6c50 avgntflt - ok
20:05:48.0893 0x6c50 [ 626D1BAD7A1975A8FEE8876A8AD0EEA7, 59772746A2DF3B7E8D021756B8A64569AC8468CA1C802EB594494224354F1E60 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:05:48.0910 0x6c50 avipbb - ok
20:05:48.0979 0x6c50 [ 0D32033DCB359FD98B4C3513EF849FE6, 5870D67526BC29D888DAF8DBAB04B1E97ED5C7C51484ED400A5E65D0EB61576A ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
20:05:48.0995 0x6c50 Avira.OE.ServiceHost - ok
20:05:49.0020 0x6c50 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:05:49.0043 0x6c50 avkmgr - ok
20:05:49.0118 0x6c50 [ FFB96C2589FFA60473EAD78B39FBDE29, 6A2792753E2CB580672B3107C0DBB9D26B6DAA14B37D5EC314BD0E304197E03E ] BFE C:\Windows\System32\bfe.dll
20:05:49.0190 0x6c50 BFE - ok
20:05:49.0279 0x6c50 [ 6D316F4859634071CC25C4FD4589AD2C, 73F69AC9E505F3B11A3CCFF8571930229A9058E672CD008A4BF26C0189564EAE ] BITS C:\Windows\System32\qmgr.dll
20:05:49.0350 0x6c50 BITS - ok
20:05:49.0393 0x6c50 [ 79FEEB40056683F8F61398D81DDA65D2, 5EA3016194F71A2A2177C2B5129E82738EC621ACAD269809F4C131B72CFEB6C6 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
20:05:49.0431 0x6c50 blbdrive - ok
20:05:49.0470 0x6c50 [ 2348447A80920B2493A9B582A23E81E1, 50F9242B7104607E633ABAF4E0A213C1C1226BF81F7FB4E216A9E878247B868C ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:05:49.0501 0x6c50 bowser - ok
20:05:49.0535 0x6c50 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
20:05:49.0569 0x6c50 BrFiltLo - ok
20:05:49.0593 0x6c50 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
20:05:49.0621 0x6c50 BrFiltUp - ok
20:05:49.0659 0x6c50 [ A1B39DE453433B115B4EA69EE0343816, 61441E7E9D5259A5987DBD3FC8D4E3221A57F42C7CC0F94DB48E80EEF96CA5D4 ] Browser C:\Windows\System32\browser.dll
20:05:49.0707 0x6c50 Browser - ok
20:05:49.0728 0x6c50 [ F0F0BA4D815BE446AA6A4583CA3BCA9B, E0A5DB5A0C7D6AF93ED45F34D2597F77982DFF41E4FDAC827FE5D80323ADED60 ] Brserid C:\Windows\system32\drivers\brserid.sys
20:05:49.0787 0x6c50 Brserid - ok
20:05:49.0800 0x6c50 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
20:05:49.0858 0x6c50 BrSerWdm - ok
20:05:49.0879 0x6c50 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
20:05:49.0935 0x6c50 BrUsbMdm - ok
20:05:49.0956 0x6c50 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
20:05:50.0013 0x6c50 BrUsbSer - ok
20:05:50.0050 0x6c50 [ E0777B34E05F8A82A21856EFC900C29F, A7ACE3C65D1773C50ACD98A13B3ADBDD2A6052D7F5D124CB6EE6E7C22151A424 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:05:50.0108 0x6c50 BTHMODEM - ok
20:05:50.0181 0x6c50 [ F1140ED3A1E1D6824A63F27AFD9EEF32, AF40AA352857A4161B500C404B88DEBD41E0A06640393B57CD5FD14E325BBE97 ] camsvc C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
20:05:50.0194 0x6c50 camsvc - ok
20:05:50.0207 0x6c50 [ B4D787DB8D30793A4D4DF9FEED18F136, 2A956F7DCFE61E556F30BDA6D45592A05533541D6ED321C251C1C05F6CEA6DDC ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:05:50.0252 0x6c50 cdfs - ok
20:05:50.0297 0x6c50 [ C025AA69BE3D0D25C7A2E746EF6F94FC, F4754B23CC256ADF92FDD42A9BA80F1ACB74834A58FCBEA2C52650FAFC7F9483 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:05:50.0326 0x6c50 cdrom - ok
20:05:50.0374 0x6c50 [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] CertPropSvc C:\Windows\System32\certprop.dll
20:05:50.0403 0x6c50 CertPropSvc - ok
20:05:50.0445 0x6c50 [ 02EA568D498BBDD4BA55BF3FCE34D456, 5A418B156CBB48D14E0F6B6AE6E03B8CD97AABE838F260757014479566C63F17 ] circlass C:\Windows\system32\drivers\circlass.sys
20:05:50.0485 0x6c50 circlass - ok
20:05:50.0534 0x6c50 [ D44BA2F707838E0FEF35BCEC5CBD9D60, A9E85E801B0B08F7E5AD6206C61F36E42B4A99878D8AA66EAD8B4E667E50D813 ] CLFS C:\Windows\system32\CLFS.sys
20:05:50.0561 0x6c50 CLFS - ok
20:05:50.0640 0x6c50 [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:05:50.0656 0x6c50 clr_optimization_v2.0.50727_32 - ok
20:05:50.0705 0x6c50 [ 753049933D5326D835F4FCACDF4AD5E3, 715BEE09C19BCBCAD2A93E4725DB3A1FDD8E2FEFFF6E0C3D2F98FC607FED5D3A ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:05:50.0722 0x6c50 clr_optimization_v2.0.50727_64 - ok
20:05:50.0790 0x6c50 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:05:50.0806 0x6c50 clr_optimization_v4.0.30319_32 - ok
20:05:50.0844 0x6c50 [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:05:50.0859 0x6c50 clr_optimization_v4.0.30319_64 - ok
20:05:50.0896 0x6c50 [ B52D9A14CE4101577900A364BA86F3DF, A8AA928DDF5FE3861973D4EA03A5B700E99138236F1E8FF594293B9705BF470C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:05:50.0935 0x6c50 CmBatt - ok
20:05:50.0955 0x6c50 [ E5D5499A1C50A54B5161296B6AFE6192, 20A8A0478918063A9EE81565F21F4ACCAA7B6A8B2E9E084099879D85574BAB3E ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:05:50.0968 0x6c50 cmdide - ok
20:05:51.0022 0x6c50 [ 2B3B8CBEA1BA1BCE5700607FBDB31034, 39F12CE67E1789C96326297B9431830C83CBF5CA5B6B7D7BCC0666776980FBE2 ] cmnsusbser C:\Windows\system32\DRIVERS\cmnsusbser.sys
20:05:51.0057 0x6c50 cmnsusbser - ok
20:05:51.0067 0x6c50 [ 7FB8AD01DB0EABE60C8A861531A8F431, E19353C686B07A0DBBA92CFCC88AB9B6BEBAF389416B78F4470BA673E7CD73C3 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:05:51.0082 0x6c50 Compbatt - ok
20:05:51.0088 0x6c50 COMSysApp - ok
20:05:51.0162 0x6c50 [ BCF2C3177E4777E3793310BAC0244C1A, 574E47D17DC513DA23532FA02D155DE5FB4B177771B1CF25775E9B7A35B0DF01 ] ConfigFree Gadget Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
20:05:51.0169 0x6c50 ConfigFree Gadget Service - detected UnsignedFile.Multi.Generic ( 1 )
20:05:53.0525 0x6c50 Detect skipped due to KSN trusted
20:05:53.0525 0x6c50 ConfigFree Gadget Service - ok
20:05:53.0563 0x6c50 [ CAB0EEAF5295FC96DDD3E19DCE27E131, 87BCAC18D920153322D325AA5B93BB0B447577D67261FDCC01C5B60643CEA792 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
20:05:53.0585 0x6c50 ConfigFree Service - ok
20:05:53.0610 0x6c50 [ A8585B6412253803CE8EFCBD6D6DC15C, C3906B080D3BB06CB976FD98C62CBA97DAE74970A5559D51EF5111D773949322 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:05:53.0627 0x6c50 crcdisk - ok
20:05:53.0642 0x6c50 Crypkey License - ok
20:05:53.0699 0x6c50 [ 5AAC48EAF8EACF247DB44FB61B900D89, D20FCD5C71CA18F284D3DFD0CED37F6888A296E76B7B0563F2F4668CF90FE752 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:05:53.0750 0x6c50 CryptSvc - ok
20:05:53.0812 0x6c50 [ B1C55A95006D621D04FE4A23F86C0A54, 41AE30A454FC3051AFC316A3BD61D96A27E6E4C3B94955F2026549027C1EA9BE ] DCamUSBEMPIA C:\Windows\system32\DRIVERS\emDevice64.sys
20:05:53.0850 0x6c50 DCamUSBEMPIA - ok
20:05:53.0928 0x6c50 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] DcomLaunch C:\Windows\system32\rpcss.dll
20:05:53.0991 0x6c50 DcomLaunch - ok
20:05:54.0037 0x6c50 [ 8B722BA35205C71E7951CDC4CDBADE19, 39720A60DFD0532F7E1A1976240E9828559BF9E0C6D1CFBF4D911965BFD94158 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:05:54.0066 0x6c50 DfsC - ok
20:05:54.0230 0x6c50 [ C647F468F7DE343DF8C143655C5557D4, E2D35FE49C408B952D8FE0C7EF70D42798229D30B89CEF9858BAC9F4F9E98EF2 ] DFSR C:\Windows\system32\DFSR.exe
20:05:54.0444 0x6c50 DFSR - ok
20:05:54.0528 0x6c50 [ 3ED0321127CE70ACDAABBF77E157C2A7, 10973BD0AEF9597A4EA0A4947BDE922F9168F33D6ED97BFFEE6176AADAD78980 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
20:05:54.0578 0x6c50 Dhcp - ok
20:05:54.0623 0x6c50 [ B0107E40ECDB5FA692EBF832F295D905, 76466BB9E4F12436ECCCB9D89EB20762B4785F82F02591B51A735A590E248264 ] disk C:\Windows\system32\drivers\disk.sys
20:05:54.0641 0x6c50 disk - ok
20:05:54.0695 0x6c50 [ 06230F1B721494A6DF8D47FD395BB1B0, F6CA8270740E01D9CE2FE8E34BC067C7EDC15BA610F461860E1D17D135C8A379 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:05:54.0715 0x6c50 Dnscache - ok
20:05:54.0755 0x6c50 [ 1A7156DD1E850E9914E5E991E3225B94, 99FF0C7125B01FCB0B92DC44756AE8FAA486F2E7F38DC6204F7EFE5918F8480A ] dot3svc C:\Windows\System32\dot3svc.dll
20:05:54.0790 0x6c50 dot3svc - ok
20:05:54.0828 0x6c50 [ 1583B39790DB3EAEC7EDB0CB0140C708, F94F9AE7054A38602CD25D4E10FE7C7B574BD9ED8440C3FDAA7275A1D1E663E7 ] DPS C:\Windows\system32\dps.dll
20:05:54.0875 0x6c50 DPS - ok
20:05:54.0909 0x6c50 [ F1A78A98CFC2EE02144C6BEC945447E6, D2E2AA13BE6319F967002476A5D3CF09B1B44350576DD8E1C1C531854F53B488 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:05:54.0939 0x6c50 drmkaud - ok
20:05:55.0005 0x6c50 [ 362CCEF305F45829316D62D3410F2062, 35033749E9B6B5AFC9C8C305F4AA1597E9776D465E7BBC24A20E836B7BEF0D73 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:05:55.0054 0x6c50 DXGKrnl - ok
20:05:55.0093 0x6c50 [ 264CEE7B031A9D6C827F3D0CB031F2FE, 50CAD28A73D29E7E04A45330146CF713BA17101215955009121E36D43CD5C536 ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
20:05:55.0136 0x6c50 E1G60 - ok
20:05:55.0177 0x6c50 [ C2303883FD9BE49DC36A6400643002EA, F062D1D6D503CF5195BDE8C1DC75B541F559CB8175ADABCDB7690E9F1CA3EA4E ] EapHost C:\Windows\System32\eapsvc.dll
20:05:55.0220 0x6c50 EapHost - ok
20:05:55.0268 0x6c50 [ 5F94962BE5A62DB6E447FF6470C4F48A, D00F9B3315DE8610BBE93FFD3CA3E2CF5B10697C518FC25FA4274CC6894D022B ] Ecache C:\Windows\system32\drivers\ecache.sys
20:05:55.0290 0x6c50 Ecache - ok
20:05:55.0341 0x6c50 [ 33510BE001CCDB5A01FCC88F4DD8DFC7, 58766C86EE63B4D6FD7DA8E8119165E601D10C0787BBF08A8D6EF6CA91ABC6A7 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:05:55.0398 0x6c50 ehRecvr - ok
20:05:55.0463 0x6c50 [ 1ABC6436B0EDAA3D496D9C827F92820D, 700BEF8CC38D75C8003A4208D2AF7A45F752A1BC88F7ECD28BDC38F773BB861F ] ehSched C:\Windows\ehome\ehsched.exe
20:05:55.0482 0x6c50 ehSched - ok
20:05:55.0511 0x6c50 [ 08F48CB2CD4019AFB0456869B49CD76F, EC6814160A17F1774FD8FF346395EFD23C411CB6DF7D6CD64248E36DBEC41EBE ] ehstart C:\Windows\ehome\ehstart.dll
20:05:55.0528 0x6c50 ehstart - ok
20:05:55.0566 0x6c50 [ C4636D6E10469404AB5308D9FD45ED07, 367D958D19F672395462206F27C1E138386C2F37B0FA77546F4217CF16D05C84 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:05:55.0613 0x6c50 elxstor - ok
20:05:55.0659 0x6c50 [ 44B36639872491344A460F3FFCF90B71, EDA6D77B364F6B0AD7DA2CC2514F2976ACD4041029F3183641067F2F1FFCC8EF ] emAudio C:\Windows\system32\drivers\emAudio64.sys
20:05:55.0683 0x6c50 emAudio - ok
20:05:55.0735 0x6c50 [ A9B18B63A4FD6BAAB83326706D857FAB, 7721CC67C0F8CE3060D0EB35A10E4ADC1E3CB470C0797B17D606060C270F96D7 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
20:05:55.0770 0x6c50 EMDMgmt - ok
20:05:55.0817 0x6c50 [ BC3A58E938BB277E46BF4B3003B01ABD, 2BB054E632A96951DAB25B3BE8541AEC1B97A7739FC8D0E34BE8B9295600C8FC ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:05:55.0858 0x6c50 ErrDev - ok
20:05:55.0944 0x6c50 [ E12F22B73F153DECE721CD45EC05B4AF, 41887EEF4BB024329B4079AD50FC5FB705F0EB8BAF6C93A8242DC2A73D3AFD86 ] EventSystem C:\Windows\system32\es.dll
20:05:55.0992 0x6c50 EventSystem - ok
20:05:56.0030 0x6c50 [ 486844F47B6636044A42454614ED4523, 3E24E78584B199C0FAA59613EEB7DF67B3B878B277A0130C7A3FF608C130BA2F ] exfat C:\Windows\system32\drivers\exfat.sys
20:05:56.0060 0x6c50 exfat - ok
20:05:56.0088 0x6c50 [ 1E34B436811CCA4A2783C0BC7A0BEB2E, 7C9496100DEA53FBADDA8B1EFF9F943FD13E75601A039632887A35F190C1F799 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:05:56.0125 0x6c50 fastfat - ok
20:05:56.0157 0x6c50 [ 81B79B6DF71FA1D2C6D688D830616E39, 62F8BC0DB918A49B10A5BE1724A2E2F17FA7D8208D5D86822FACB2DCD97B3591 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:05:56.0196 0x6c50 fdc - ok
20:05:56.0224 0x6c50 [ BB9267ACACD8B7533DD936C34A0CBA5E, 32DE6E10ABA540D62F0D8AE30DE8769D7BF29E547838BEBE67C04183CC0B32C7 ] fdPHost C:\Windows\system32\fdPHost.dll
20:05:56.0266 0x6c50 fdPHost - ok
20:05:56.0279 0x6c50 [ 300C80931EABBE1DB7591C516EFE8D0F, F031DA96B06B6FA8E0AD56D5E10E5A5882765C3FF258A4DE06A47EC34829FF04 ] FDResPub C:\Windows\system32\fdrespub.dll
20:05:56.0345 0x6c50 FDResPub - ok
20:05:56.0366 0x6c50 [ 457B7D1D533E4BD62A99AED9C7BB4C59, 3933907DE163F8D3A81ED25169B693D723296C437C7C990BFE9DEFD60F7635FD ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:05:56.0382 0x6c50 FileInfo - ok
20:05:56.0404 0x6c50 [ D421327FD6EFCCAF884A54C58E1B0D7F, C2F3B72EA36BA8B74A30E128C088307CA768FDBE232BFA216CD78B0F9B7AF18A ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:05:56.0444 0x6c50 Filetrace - ok
20:05:56.0480 0x6c50 [ 73FBB50C4D92ADC30A9D57A269489A0B, 10DBC65126EEA820B829521C882A4AFE3BCD86ED53C703703DF2149A0220E10F ] FiltUSBEMPIA C:\Windows\system32\DRIVERS\emFilter64.sys
20:05:56.0492 0x6c50 FiltUSBEMPIA - ok
20:05:56.0518 0x6c50 [ 230923EA2B80F79B0F88D90F87B87EBD, 1F3287970FEC73011F3B675C447BF0CA35416490D4740C6960595B091181059C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:05:56.0555 0x6c50 flpydisk - ok
20:05:56.0600 0x6c50 [ E3041BC26D6930D61F42AEDB79C91720, 3556C033BB78445EC8B2F98A82455914764AFC70CBFF634DDBD3539885A1E457 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:05:56.0622 0x6c50 FltMgr - ok
20:05:56.0691 0x6c50 [ 141C91F7D7F26730921B2A4FC93C2114, EFD3BF5557684C22FB2104676E669DC5624433A6895E3F9FB28114C116E82CA2 ] FontCache C:\Windows\system32\FntCache.dll
20:05:56.0771 0x6c50 FontCache - ok
20:05:56.0882 0x6c50 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E, B21CA5F14BDB6CFD97A24C28BB2AD0D704C46058F13B01FF4203514FE8B92591 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:05:56.0901 0x6c50 FontCache3.0.0.0 - ok
20:05:56.0936 0x6c50 [ 5779B86CD8B32519FBECB136394D946A, 68A395CD2287D22CB5C8CFE5A3006A61AC0C3FDAADF166C93240FF83C0315DCF ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:05:56.0953 0x6c50 Fs_Rec - ok
20:05:56.0985 0x6c50 [ C8E416668D3DC2BE3D4FE4C79224997F, 7DBC8E7687179A649638F606C9584F2E8EC2065762997CDF151F9BB99FA8D535 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:05:57.0001 0x6c50 gagp30kx - ok
20:05:57.0077 0x6c50 [ 54FD6B2F163782914F1205D51FEDD3EF, 8FA2257A7D5E73AAD19919906CFDDB8AC05D480311F6994A4188C5823C7CF625 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
20:05:57.0094 0x6c50 GameConsoleService - ok
20:05:57.0154 0x6c50 [ A0E1B575BA8F504968CD40C0FAEB2384, F64A24A5A93F4E757882E97C65DA612F07A87F4DDD2E10C1AB0250AFA03BCEF1 ] gpsvc C:\Windows\System32\gpsvc.dll
20:05:57.0212 0x6c50 gpsvc - ok
20:05:57.0354 0x6c50 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:05:57.0369 0x6c50 gupdate - ok
20:05:57.0409 0x6c50 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:05:57.0427 0x6c50 gupdatem - ok
20:05:57.0486 0x6c50 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:05:57.0503 0x6c50 gusvc - ok
20:05:57.0548 0x6c50 [ 091582DA724F54830012E3FAAF2F1D1A, B7EB5697C924C90BF70C64F71EBA004925C2948323E1B16E58FF2F71432AAFB1 ] Hardlock C:\Windows\system32\drivers\hardlock.sys
20:05:57.0569 0x6c50 Hardlock - detected UnsignedFile.Multi.Generic ( 1 )
20:05:59.0932 0x6c50 Detect skipped due to KSN trusted
20:05:59.0932 0x6c50 Hardlock - ok
20:06:00.0044 0x6c50 [ 68E732382B32417FF61FD663259B4B09, 10C5365AEAC46DF4F5F6A8F96D15141B4709851D4752613233E57EB20CE16446 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:06:00.0083 0x6c50 HdAudAddService - ok
20:06:00.0148 0x6c50 [ F942C5820205F2FB453243EDFEC82A3D, 17A6A3DCF884FB524C93F2477D97E9F2B8E547709F8F2AEA93BEEA322B62E914 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:06:00.0222 0x6c50 HDAudBus - ok
20:06:00.0253 0x6c50 [ B4881C84A180E75B8C25DC1D726C375F, C0BEDBF43EFB0DD442A1D7985EA4A7493671648954B7D1840E30FB2FC46589A4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:06:00.0310 0x6c50 HidBth - ok
20:06:00.0324 0x6c50 [ 4E77A77E2C986E8F88F996BB3E1AD829, 1748676EB038A145405080B829DF4156C2596691BE5C67FD8269BE8D9351B400 ] HidIr C:\Windows\system32\drivers\hidir.sys
20:06:00.0380 0x6c50 HidIr - ok
20:06:00.0417 0x6c50 [ 59361D38A297755D46A540E450202B2A, ED97800A3FF9B90EC58BC5122C42B53F46D9C157EFE488481E8677ED7058E33D ] hidserv C:\Windows\system32\hidserv.dll
20:06:00.0445 0x6c50 hidserv - ok
20:06:00.0492 0x6c50 [ 443BDD2D30BB4F00795C797E2CF99EDF, BCE1A241AE5CCE3E1C65CCF07ECB4305C7106F2EFFD51F2C519EB00026B474C4 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:06:00.0527 0x6c50 HidUsb - ok
20:06:00.0554 0x6c50 [ B12F367EA39C0795FD57E31242CE1A5A, 498439FE4D1217211EB6C1AC35CDA5D59F3AE8F06AF5E41EE9FDB0DC559FBE27 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:06:00.0593 0x6c50 hkmsvc - ok
20:06:00.0644 0x6c50 [ D7109A1E6BD2DFDBCBA72A6BC626A13B, 6141B6645F4152A326ECA8AD0DD04CB38C9EDA395BDF6FF260AB17CB86FC4C87 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
20:06:00.0661 0x6c50 HpCISSs - ok
20:06:00.0721 0x6c50 [ 098F1E4E5C9CB5B0063A959063631610, 36B02A738413E4745978E3E90D9CE8ABC08376BEE411008A4312A752CB4A2E13 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:06:00.0788 0x6c50 HTTP - ok
20:06:00.0809 0x6c50 [ DA94C854CEA5FAC549D4E1F6E88349E8, 10BEB47DB90F55BD1792C2041E49ED13E4E52BCC11BE6599F6DA8D91B79CC8D1 ] i2omp C:\Windows\system32\drivers\i2omp.sys
20:06:00.0824 0x6c50 i2omp - ok
20:06:00.0857 0x6c50 [ CBB597659A2713CE0C9CC20C88C7591F, A2BAC75F7247D871842A32EAA7594D338E728D1BFEAEA3C1FCDBF65F007BC06A ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:06:00.0889 0x6c50 i8042prt - ok
20:06:00.0949 0x6c50 [ 1ADAA4F16073FD0C7270F451FD024E97, A42F8DACBECC75FF841ED960DE8C52F4B9C6279727397BE4FBA314D07A547546 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:06:00.0976 0x6c50 iaStor - ok
20:06:01.0018 0x6c50 [ 3E3BF3627D886736D0B4E90054F929F6, 95A138B65DC9133E92F53A529C7AD897D8823EFAED343756549FDF6C8C749CD0 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
20:06:01.0041 0x6c50 iaStorV - ok
20:06:01.0115 0x6c50 [ A9AA69F749AC1D318151E77372CC83DB, 2A50A4D6ED22F5F6CB5DC56A639D904AD71E511DC744A6F6C3D1D4D39756AF31 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:06:01.0185 0x6c50 idsvc - ok
20:06:01.0205 0x6c50 [ 8C3951AD2FE886EF76C7B5027C3125D3, 85CF7231756E02BD9E5F4378F3FC794394A072B8028F27827F83ACE9EE554499 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:06:01.0218 0x6c50 iirsp - ok
20:06:01.0267 0x6c50 [ 0401A380C88754B2399F8043AC9B2BF9, BFF3B53FAFAE6622AA9F74BAA4A3D522C06E2D732B88916766603B9FE8D0D77F ] IKEEXT C:\Windows\System32\ikeext.dll
20:06:01.0302 0x6c50 IKEEXT - ok
20:06:01.0451 0x6c50 [ 627C6B352718E59DF08F02C536E2E0ED, 7E921CF87B9BF265677A3712A534101F99118537C440432A48D1A042A30406C2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:06:01.0555 0x6c50 IntcAzAudAddService - ok
20:06:01.0588 0x6c50 [ DF797A12176F11B2D301C5B234BB200E, 384343636B21CA7EDF28EFD1B6728EAB1508CA49CE48FF3DC0D91DB843C0C73E ] intelide C:\Windows\system32\drivers\intelide.sys
20:06:01.0604 0x6c50 intelide - ok
20:06:01.0628 0x6c50 [ BFD84AF32FA1BAD6231C4585CB469630, 33E0842F2D0879B02C115301174FCB19ED3AAF7B1B8E6284839CE16DE56476EA ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:06:01.0673 0x6c50 intelppm - ok
20:06:01.0713 0x6c50 [ 5624BC1BC5EEB49C0AB76A8114F05EA3, BD5AA534D8A923AF4D205EEC6DA55A3DC5F915E5F3223BF23F24C09824FA90B6 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:06:01.0756 0x6c50 IPBusEnum - ok
20:06:01.0791 0x6c50 [ D8AABC341311E4780D6FCE8C73C0AD81, 141E8032A934777567E6DAC35FB1C77C40D9B6EE477F17F872F35833A8F57F72 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:06:01.0823 0x6c50 IpFilterDriver - ok
20:06:01.0873 0x6c50 [ BF0DBFA9792C5C14FA00F61C75116C1B, 24C14DCAF57013F1C238E3C123279737420A714EB29CB69239C9838C9A269A59 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:06:01.0911 0x6c50 iphlpsvc - ok
20:06:01.0917 0x6c50 IpInIp - ok
20:06:01.0960 0x6c50 [ 9C2EE2E6E5A7203BFAE15C299475EC67, E51628ECAB9CCCBCE02801C5E71406487A280765FEE318D14B0C227141B87658 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
20:06:02.0000 0x6c50 IPMIDRV - ok
20:06:02.0028 0x6c50 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE, C29D7F392116BB09F7047A90702331F200DACFB3C94E7F912932971E0B7F0413 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
20:06:02.0070 0x6c50 IPNAT - ok
20:06:02.0097 0x6c50 [ 8C42CA155343A2F11D29FECA67FAA88D, 699F06D25C5F270CE1194F4D350CB0BE22C6AB609EECF35D066C034AC380BEE3 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:06:02.0135 0x6c50 IRENUM - ok
20:06:02.0197 0x6c50 [ 0672BFCEDC6FC468A2B0500D81437F4F, A0322B569C309F258684AFECCD52924A33F363186261730469245B7FA357C645 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:06:02.0211 0x6c50 isapnp - ok
20:06:02.0260 0x6c50 [ E4FDF99599F27EC25D2CF6D754243520, 9139E708EE30F10652C9A458BD58B0343A3C05E84CD3E71FA0B0E4123503CF7B ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:06:02.0280 0x6c50 iScsiPrt - ok
20:06:02.0304 0x6c50 [ 63C766CDC609FF8206CB447A65ABBA4A, D9CA006FA852C95E90E8A0837E296FCBFD76246DA8AFDE563863D5F95BDFEC52 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
20:06:02.0319 0x6c50 iteatapi - ok
20:06:02.0354 0x6c50 [ 1281FE73B17664631D12F643CBEA3F59, B27571A0348CDF81DC102A61712CBA9A4AF7AC0015A7702B0DE73AD4E4646853 ] iteraid C:\Windows\system32\drivers\iteraid.sys
20:06:02.0370 0x6c50 iteraid - ok
20:06:02.0403 0x6c50 [ 423696F3BA6472DD17699209B933BC26, 00C2EAA1A8E9D422D178B7678598743234930C1858D76C632F079EF789BB56C3 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:06:02.0418 0x6c50 kbdclass - ok
20:06:02.0452 0x6c50 [ DBDF75D51464FBC47D0104EC3D572C05, E392EE961E734620245874C7700D56621A1A990C45DF5CE0B7D270BA708F255E ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:06:02.0481 0x6c50 kbdhid - ok
20:06:02.0519 0x6c50 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] KeyIso C:\Windows\system32\lsass.exe
20:06:02.0547 0x6c50 KeyIso - ok
20:06:02.0605 0x6c50 [ 12A76FE3D133B0D5BEBD7CB19E8B4E07, 4147DB35D51427ABA1BBA9DEF44DF26697B3A17063990528C049980D4BF836CD ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:06:02.0650 0x6c50 KSecDD - ok
20:06:02.0686 0x6c50 [ 1D419CF43DB29396ECD7113D129D94EB, 21ECCE9D17F055C7B5066110864E10C99291CE50B389C545371333904CE2DBB5 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:06:02.0729 0x6c50 ksthunk - ok
20:06:02.0780 0x6c50 [ 1FAF6926F3416D3DA05C5B265491BDAE, 3989E18522691CC3820092033E00ED39D08861DFB369AA0DFFF4B379E48EA1F0 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:06:02.0848 0x6c50 KtmRm - ok
20:06:02.0908 0x6c50 [ 50C7A3CB427E9BB5ED0708A669956AB5, 3DAD1C01AE58FE2C6134283B19118E2F3C884DDFFBAE4A46B7B5E4FB1A2567A1 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:06:02.0935 0x6c50 LanmanServer - ok
20:06:02.0969 0x6c50 [ CAF86FC1388BE1E470F1A7B43E348ADB, 9E9AE0B617D1031E8462524802A2D997AE7C944A7D00D403FF903145A7FEB761 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:06:03.0007 0x6c50 LanmanWorkstation - ok
20:06:03.0031 0x6c50 [ 96ECE2659B6654C10A0C310AE3A6D02C, 3322E87B9F64C3ACBCB634F2390AAB212FA7695383BF01F0092A803871BF19B2 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:06:03.0069 0x6c50 lltdio - ok
20:06:03.0120 0x6c50 [ 961CCBD0B1CCB5675D64976FAE37D092, 258378BE76A13E4368C9587E6A22727721E4B267B0D26D3D3E333B3B2A5A0611 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:06:03.0167 0x6c50 lltdsvc - ok
20:06:03.0191 0x6c50 [ A47F8080CACC23C91FE823AD19AA5612, 161575406D158D6D5C9220F1E82C0CC19108C74ADC35C509BAF9B0C414EFD8EE ] lmhosts C:\Windows\System32\lmhsvc.dll
20:06:03.0229 0x6c50 lmhosts - ok
20:06:03.0264 0x6c50 [ 9C551A9121639A9779862CB8A6CABF03, 08E53FF4E8B2630BCA0F697B92F3BF02734E22A8B7E7A5A311002DCB614E70B9 ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
20:06:03.0276 0x6c50 LPCFilter - ok
20:06:03.0307 0x6c50 [ ACBE1AF32D3123E330A07BFBC5EC4A9B, 0E17E4DD30B5AF8F269EF8EA003836C9E16273262A050B9BE3ED802DD3AC9319 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:06:03.0325 0x6c50 LSI_FC - ok
20:06:03.0339 0x6c50 [ 799FFB2FC4729FA46D2157C0065B3525, AB462A34D061C113DA12641C45159A58D0AEA1C440233D061A20DF99586CFA93 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:06:03.0356 0x6c50 LSI_SAS - ok
20:06:03.0395 0x6c50 [ F445FF1DAAD8A226366BFAF42551226B, 92B63E15363F1EAE8A54D4E74ED21669D0A9FE99C654671556C58456228278B1 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:06:03.0411 0x6c50 LSI_SCSI - ok
20:06:03.0435 0x6c50 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E, 2EB22DD418D4934BDD22C5DB49D5D06178EC0419AB5CC28DD544CA91823987B0 ] luafv C:\Windows\system32\drivers\luafv.sys
20:06:03.0479 0x6c50 luafv - ok
20:06:03.0502 0x6c50 [ 6DA30C0DE0CC8525E89D612C5063CAC1, E992FE10680B4B532ECF46CDC6B423F7B2E378A3FAA8681505219F4B45D9B91C ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:06:03.0520 0x6c50 Mcx2Svc - ok
20:06:03.0547 0x6c50 [ 5C5CD6AACED32FB26C3FB34B3DCF972F, 34A66C21FA79800D3CDE933CFA71343218F94D67AAE763EA0B53AC49060CB6D0 ] megasas C:\Windows\system32\drivers\megasas.sys
20:06:03.0562 0x6c50 megasas - ok
20:06:03.0609 0x6c50 [ 859BC2436B076C77C159ED694ACFE8F8, 4AEA57A8B9EACEC1B8DED3ECC95621C56E6D65CFE2DA9F07DAF7C7BAD132B624 ] MegaSR C:\Windows\system32\drivers\megasr.sys
20:06:03.0637 0x6c50 MegaSR - ok
20:06:03.0659 0x6c50 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] MMCSS C:\Windows\system32\mmcss.dll
20:06:03.0696 0x6c50 MMCSS - ok
20:06:03.0722 0x6c50 [ 59848D5CC74606F0EE7557983BB73C2E, EA6ACF0619DE1E4272AEDC69F2E66E29DA499E8E8094243C9EF735FD8369229D ] Modem C:\Windows\system32\drivers\modem.sys
20:06:03.0759 0x6c50 Modem - ok
20:06:03.0766 0x6c50 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5, 357811D1B8F70828F6432879F59DAB916FBB55673B3473D879382DE33CFB3FAF ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:06:03.0804 0x6c50 monitor - ok
20:06:03.0843 0x6c50 [ 9367304E5E412B120CF5F4EA14E4E4F1, F87EBACEE27A50E6610FDCB4BD3001C35A99FEE6D63D643FF2CBF0D484CD082C ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:06:03.0865 0x6c50 mouclass - ok
20:06:03.0894 0x6c50 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69, B77E4A7511923E7BD35A177A40B4E461AC9CB050D6F0575D4799DEF85DA6DA38 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:06:03.0939 0x6c50 mouhid - ok
20:06:03.0960 0x6c50 [ 11BC9B1E8801B01F7F6ADB9EAD30019B, 1BAF820C0AB1B70A114E767B2155A58BF86CD0D9CF582813C1635A86BE3A7A05 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
20:06:03.0976 0x6c50 MountMgr - ok
20:06:04.0046 0x6c50 [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:06:04.0063 0x6c50 MozillaMaintenance - ok
20:06:04.0109 0x6c50 [ F8276EB8698142884498A528DFEA8478, C0FF504F721F1D00F42CFE783D4F32C6728518F64646F5C5C11BA3A4824815BB ] mpio C:\Windows\system32\drivers\mpio.sys
20:06:04.0125 0x6c50 mpio - ok
20:06:04.0150 0x6c50 [ C92B9ABDB65A5991E00C28F13491DBA2, D1233381A9E4262F0AB396BBDB7DE402D4370805E11EB8A118C846F6E9474098 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:06:04.0182 0x6c50 mpsdrv - ok
20:06:04.0240 0x6c50 [ 897E3BAF68BA406A61682AE39C83900C, 13F61D5C22BED061BE7C2669CCCAA2BAD4A0CE83800DF57A50306DE0A476FC27 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:06:04.0293 0x6c50 MpsSvc - ok
20:06:04.0308 0x6c50 [ 3C200630A89EF2C0864D515B7A75802E, AA4A312E7A28FCE7A944747BADB809CAAD3D67899EBBE663D473621DB25B140A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
20:06:04.0321 0x6c50 Mraid35x - ok
20:06:04.0360 0x6c50 [ F0142D3C0505B1B6DB8591A49C005C16, 3C773A2F8D8CE359B81AE6F4112EACBB0582169E4A09CD610E3DCE6DCF9403AF ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:06:04.0387 0x6c50 MRxDAV - ok
20:06:04.0430 0x6c50 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B, 9F157AAA1A793EF7E52817E4126B774C17FFA0036DADCF10A024FDC068F94F67 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:06:04.0460 0x6c50 mrxsmb - ok
20:06:04.0529 0x6c50 [ 3B929A60C833FC615FD97FBA82BC7632, 40EEBEB43F42A1A37FAA529E0C21984426F90C1EEFE1EF9BB2F696164595F91D ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:06:04.0553 0x6c50 mrxsmb10 - ok
20:06:04.0569 0x6c50 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3, 197F70E24D2BBDEC35C2D5BC442267ACC4C5AE3FD5BB30A0928976BE9758C942 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:06:04.0587 0x6c50 mrxsmb20 - ok
20:06:04.0643 0x6c50 [ E7E3E515D1D33A2A372D7FCE2BBEF5D9, 65FDFA5920FF981BEE99350763CB2F589FFD5DAC723277592DB37A17FA95972D ] msahci C:\Windows\system32\drivers\msahci.sys
20:06:04.0658 0x6c50 msahci - ok
20:06:04.0694 0x6c50 [ 264BBB4AAF312A485F0E44B65A6B7202, 1DF36540C77D5D885B6C2EE91F0446864D8E6D6CFED87A9ED0765E76FE05E102 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:06:04.0711 0x6c50 msdsm - ok
20:06:04.0736 0x6c50 [ 7EC02CE772F068ED0BEAFA3DA341A9BC, 3B5B4EA0BF1D1E57F4DF74A569304A5EE41821F5E2F352760B8C9CA82C6D8292 ] MSDTC C:\Windows\System32\msdtc.exe
20:06:04.0776 0x6c50 MSDTC - ok
20:06:04.0799 0x6c50 [ 704F59BFC4512D2BB0146AEC31B10A7C, F7712944DDC192C47953D577BE31B79B4D11217305B1C3D0DCA31B1518CB8DCB ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:06:04.0839 0x6c50 Msfs - ok
20:06:04.0892 0x6c50 [ 00EBC952961664780D43DCA157E79B27, 4F8F5718D8574A128E0F6CD54C9BE59A93A7638A5689A8FF68D0C81D3E67808F ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:06:04.0907 0x6c50 msisadrv - ok
20:06:04.0935 0x6c50 [ 366B0C1F4478B519C181E37D43DCDA32, A98E2BC397FAD7D90653F55AC283CACAE7465D7F10A198D715046B1D896AF246 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:06:04.0977 0x6c50 MSiSCSI - ok
20:06:04.0983 0x6c50 msiserver - ok
20:06:05.0024 0x6c50 [ 0EA73E498F53B96D83DBFCA074AD4CF8, E3DDE34FCFF272E06CD8DA836F8D79E2515885715D4A7CD7BF8D97D7A4E0E781 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:06:05.0062 0x6c50 MSKSSRV - ok
20:06:05.0084 0x6c50 [ 52E59B7E992A58E740AA63F57EDBAE8B, A89F607B330BA1F42CA9FF01EF289BBD088350CF376568E58CB9865F1DA6CD72 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:06:05.0135 0x6c50 MSPCLOCK - ok
20:06:05.0145 0x6c50 [ 49084A75BAE043AE02D5B44D02991BB2, 4CD2692D191035CE9D18F4D21F054FF8C3F9CF2734464EA33EAB480A28AD447F ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:06:05.0184 0x6c50 MSPQM - ok
20:06:05.0239 0x6c50 [ DC6CCF440CDEDE4293DB41C37A5060A5, 768D08A67508E1CE69B67642A5E5A639C0DD1E93C956C56ECC5A56B0E502C953 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:06:05.0262 0x6c50 MsRPC - ok
20:06:05.0310 0x6c50 [ 855796E59DF77EA93AF46F20155BF55B, 75DFCEE16A9D94EDF74295B9686D92552817E8A00958917CB0E17089EDCF6A97 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:06:05.0324 0x6c50 mssmbios - ok
20:06:05.0362 0x6c50 [ 86D632D75D05D5B7C7C043FA3564AE86, 96911FBC106B91E76598EE110B5147D4C55E42C9194E857F866B6B395E78D2CB ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:06:05.0415 0x6c50 MSTEE - ok
20:06:05.0456 0x6c50 [ 0CC49F78D8ACA0877D885F149084E543, 984DDCB52F0DFC1B26C6504FE500E8D9C2CA7F79ED34608AE9866A0915B8BA67 ] Mup C:\Windows\system32\Drivers\mup.sys
20:06:05.0472 0x6c50 Mup - ok
20:06:05.0517 0x6c50 [ A5B10C845E7538C60C0F5D87A57CB3F5, 2B4E16702591C59BC2CA2B99DBB504BAB4F4EF0835B0D9C7453D340CBF0BDF16 ] napagent C:\Windows\system32\qagentRT.dll
20:06:05.0560 0x6c50 napagent - ok
20:06:05.0604 0x6c50 [ 2007B826C4ACD94AE32232B41F0842B9, 6267D165C3C8C5F83194890A6DBF71226D4B891AECD1D06F7AEB5D738C3DC9CA ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:06:05.0625 0x6c50 NativeWifiP - ok
20:06:05.0689 0x6c50 [ 65950E07329FCEE8E6516B17C8D0ABB6, 4429D9FF9B6E376D28D8FA4906B7554DF566EC23E455E3166C496B579622F204 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:06:05.0730 0x6c50 NDIS - ok
20:06:05.0752 0x6c50 [ 64DF698A425478E321981431AC171334, C43177CB60F5D58E1FF7A31E9BE5DA7D92C4B25235867DD65BADC069EDF023F3 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:06:05.0788 0x6c50 NdisTapi - ok
20:06:05.0805 0x6c50 [ 8BAA43196D7B5BB972C9A6B2BBF61A19, 8AFFB26F6E8CF67F562818BBFE12FB448E4FCDF9B68858B625681565DE30DDC1 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:06:05.0843 0x6c50 Ndisuio - ok
20:06:05.0891 0x6c50 [ F8158771905260982CE724076419EF19, B86FFA790A30ED614A11C87F4D738C913EFC0924DC14750D544001D4E9556071 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:06:05.0923 0x6c50 NdisWan - ok
20:06:05.0945 0x6c50 [ 9CB77ED7CB72850253E973A2D6AFDF49, C3C15B317A7F7AE68B7BC62343962C47F075240F252727811DB4BEE443F9103F ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:06:05.0991 0x6c50 NDProxy - ok
20:06:06.0014 0x6c50 [ A499294F5029A7862ADC115BDA7371CE, 6BE0AAFE4EB59E056A929D6C1A009D8DFD547025481108CEFB12E5D6F86DBE14 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:06:06.0053 0x6c50 NetBIOS - ok
20:06:06.0096 0x6c50 [ FC2C792EBDDC8E28DF939D6A92C83D61, 9EDF8B56E2B47C31457074DA371B604E5F7EB2B3B5CD4688CBEEDD5B266D119B ] netbt C:\Windows\system32\DRIVERS\netbt.sys
20:06:06.0132 0x6c50 netbt - ok
20:06:06.0151 0x6c50 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] Netlogon C:\Windows\system32\lsass.exe
20:06:06.0168 0x6c50 Netlogon - ok
20:06:06.0211 0x6c50 [ 9B63B29DEFC0F3115A559D2597BF5D75, 297319D3F2E97CB34464EA59D8FD96AC2B8B1A4F2AEE666937F16A041128021F ] Netman C:\Windows\System32\netman.dll
20:06:06.0262 0x6c50 Netman - ok
20:06:06.0286 0x6c50 [ 7846D0136CC2B264926A73047BA7688A, 6F56CC1B17095C378D98B58A92F9EDA2D009529DDB6F60E815D85C7606C8EDC0 ] netprofm C:\Windows\System32\netprofm.dll
20:06:06.0334 0x6c50 netprofm - ok
20:06:06.0373 0x6c50 [ 212569FFEA5500E38CD2A7B5212F7831, 71CB5278A682FD4FADA92D0F13D5D58801AEDF82A60AFF7FFC9071BE0370FCC1 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:06:06.0406 0x6c50 NetTcpPortSharing - ok
20:06:06.0615 0x6c50 [ 2BDCB7B7917380794C9D87AC2153CE33, F190B59DDEAE676589D197CF31942EF891CAACA3033353416BC08FEA665F01AA ] NETw5v64 C:\Windows\system32\DRIVERS\NETw5v64.sys
20:06:06.0869 0x6c50 NETw5v64 - ok
20:06:06.0899 0x6c50 NetworkX - ok
20:06:06.0929 0x6c50 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7, 8D7DE921E14BAF09D7E2704CFB2FB1C8A78A46DAF86CDF7A347C5D113A8C110B ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:06:06.0956 0x6c50 nfrd960 - ok
20:06:07.0004 0x6c50 [ 9DC33E66BB7E6470BFE8AA9EF5FBED43, 23E583B264BBD7933E3A000F00D646ABE526D1068C41BC24CF93739529FCA339 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:06:07.0033 0x6c50 NlaSvc - ok
20:06:07.0072 0x6c50 [ B298874F8E0EA93F06EC40AA8D146478, 275D769E5EFD3153985DAF84C5B22B9D65428E09AB41099901ABDD03B3A2625D ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:06:07.0101 0x6c50 Npfs - ok
20:06:07.0154 0x6c50 [ ACB62BAA1C319B17752553DF3026EEEB, 5A309DF390A097245250BB64AD5F8575BECA601E0A122DDCB494C67D3D9EA089 ] nsi C:\Windows\system32\nsisvc.dll
20:06:07.0193 0x6c50 nsi - ok
20:06:07.0225 0x6c50 [ 1523AF19EE8B030BA682F7A53537EAEB, B000630CE4B562D39B5EE4148409B2E01D8924D33D27607B24ADC901357E7AA5 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:06:07.0265 0x6c50 nsiproxy - ok
20:06:07.0354 0x6c50 [ 2ACCAA3C3C55370A32F17B3595E1A217, 8539A293A5E1EBA2CC0FA9E999099D3B6B035D41069398AE17D737BBE4D9FEA8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:06:07.0487 0x6c50 Ntfs - ok
20:06:07.0527 0x6c50 [ DD5D684975352B85B52E3FD5347C20CB, BB03C50D5178643550C024130E20FD9A023AE110B3C85A2D6E18FB8DBB3A12E4 ] Null C:\Windows\system32\drivers\Null.sys
20:06:07.0564 0x6c50 Null - ok
20:06:07.0597 0x6c50 [ 2C040B7ADA5B06F6FACADAC8514AA034, EF32F7C411090230ED1D95B2D01E8464DCC89D72EFD94BBC8DF6856D00B1A783 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:06:07.0614 0x6c50 nvraid - ok
20:06:07.0629 0x6c50 [ F7EA0FE82842D05EDA3EFDD376DBFDBA, 0ED0543A5331C0D8BBFD1BE3174482ED1B3EE70CA41CE8CE5C81977C37B3D129 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:06:07.0646 0x6c50 nvstor - ok
20:06:07.0670 0x6c50 [ 19067CA93075EF4823E3938A686F532F, 81339372E90CE9E2594461146A82B62452CF9DB3FF53381D30F6922059EDCF99 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:06:07.0687 0x6c50 nv_agp - ok
20:06:07.0695 0x6c50 NwlnkFlt - ok
20:06:07.0707 0x6c50 NwlnkFwd - ok
20:06:07.0800 0x6c50 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:06:07.0829 0x6c50 odserv - ok
20:06:07.0880 0x6c50 [ 7B58953E2F263421FDBB09A192712A85, 50F2E667BDD477514BC5B9513E3E8837F4964CFE96ADE849ED6DBE1D7BEA4928 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:06:07.0939 0x6c50 ohci1394 - ok
20:06:07.0978 0x6c50 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:06:07.0997 0x6c50 ose - ok
20:06:08.0063 0x6c50 [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] p2pimsvc C:\Windows\system32\p2psvc.dll
20:06:08.0140 0x6c50 p2pimsvc - ok
20:06:08.0185 0x6c50 [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] p2psvc C:\Windows\system32\p2psvc.dll
20:06:08.0276 0x6c50 p2psvc - ok
20:06:08.0314 0x6c50 [ AECD57F94C887F58919F307C35498EA0, CD8E8B54A445EF0DC485D5F221588875C98328596F64EE03B2D8BD0B860504FB ] Parport C:\Windows\system32\drivers\parport.sys
20:06:08.0390 0x6c50 Parport - ok
20:06:08.0426 0x6c50 [ B43751085E2ABE389DA466BC62A4B987, 167CB6B18B6B7B74A229A976833E1FBE6D51C9C0EB8A23C92FC2465B692DF383 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:06:08.0442 0x6c50 partmgr - ok
20:06:08.0475 0x6c50 [ 9AB157B374192FF276C1628FBDBA2B0E, E63E2EE1ABEEC5234F4F1318757EDB4A7567057B1DF1A2414C8698D47062B6AC ] PcaSvc C:\Windows\System32\pcasvc.dll
20:06:08.0494 0x6c50 PcaSvc - ok
20:06:08.0515 0x6c50 [ 47AB1E0FC9D0E12BB53BA246E3A0906D, 82B452D614B535FAD3AFEEA06DFBBF8F7C5031563A2558CFA04F9B94C76E45DF ] pci C:\Windows\system32\drivers\pci.sys
20:06:08.0537 0x6c50 pci - ok
20:06:08.0563 0x6c50 [ 8D618C829034479985A9ED56106CC732, 9F3773A5184064092920FA2C88CCF5BFE44C63573B443E67230C4F596B7884C2 ] pciide C:\Windows\system32\DRIVERS\pciide.sys
20:06:08.0576 0x6c50 pciide - ok
20:06:08.0607 0x6c50 [ 037661F3D7C507C9993B7010CEEE6288, A7B415675B14FD755D0167BBA458A902AA9ABFC4343A1B887289D31DE8A55285 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:06:08.0625 0x6c50 pcmcia - ok
20:06:08.0664 0x6c50 [ 58865916F53592A61549B04941BFD80D, 3511AF2EFD06636E144C36ECA8C7AA1A33C269EDB10A6D879AA25D9E11359AA9 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:06:08.0747 0x6c50 PEAUTH - ok
20:06:08.0821 0x6c50 [ 0ED8727EA0172860F47258456C06CAEA, 3CDAA1044E412EC4303CEABD36A8C7BADA2D6C6692E09B8FE440709E3F4F0166 ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:06:08.0858 0x6c50 PerfHost - ok
20:06:08.0903 0x6c50 [ 2C3BA65F8CA712730050C29104E093F9, 9F352B6380BBB5340FD5230196F129AF47E2E837E6C8B4CA3656EFB38424F25F ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
20:06:08.0916 0x6c50 PGEffect - ok
20:06:09.0004 0x6c50 [ E9E68C1A0F25CF4A7AC966EEA74EE89E, 6C6903A856C29AD690FDA1B74ADB2222C3453FBE2B364245FA61D53C77C586C0 ] pla C:\Windows\system32\pla.dll
20:06:09.0090 0x6c50 pla - ok
20:06:09.0138 0x6c50 [ FE6B0F59215C9FD9F9D26539C58C8B82, 52CF8BE31A28430226D117EB80974AEAE5EA07F39DE881164232D44BF67FF752 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:06:09.0176 0x6c50 PlugPlay - ok
20:06:09.0218 0x6c50 [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
20:06:09.0281 0x6c50 PNRPAutoReg - ok
20:06:09.0333 0x6c50 [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] PNRPsvc C:\Windows\system32\p2psvc.dll
20:06:09.0400 0x6c50 PNRPsvc - ok
20:06:09.0475 0x6c50 [ 89A5560671C2D8B4A4B51F3E1AA069D8, 07DEE5D73DDE09F954E2E13BB5603F0033829B6199C81A7C1709D94AB92B351E ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:06:09.0522 0x6c50 PolicyAgent - ok
20:06:09.0569 0x6c50 [ 23386E9952025F5F21C368971E2E7301, F7241C1799A8AA0E9106B101B841670304DC695FD8D290C690CE0ED5C13BC514 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:06:09.0601 0x6c50 PptpMiniport - ok
20:06:09.0628 0x6c50 [ 5080E59ECEE0BC923F14018803AA7A01, 2E201511821AECCF056962399AFA3533ED765A3E7FD30E7B38A6D13837367E69 ] Processor C:\Windows\system32\drivers\processr.sys
20:06:09.0667 0x6c50 Processor - ok
20:06:09.0695 0x6c50 [ EF321BEED9CF3DF60EBA29A1D618AD8A, FE277119BCC9938054DFA670844B31E4F66C19EBC6E59E747F99C38F76A433BD ] ProfSvc C:\Windows\system32\profsvc.dll
20:06:09.0731 0x6c50 ProfSvc - ok
20:06:09.0749 0x6c50 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:06:09.0776 0x6c50 ProtectedStorage - ok
20:06:09.0818 0x6c50 [ C5AB7F0809392D0DA027F4A2A81BFA31, B5BC9712AD93661A77AF4D67DB5F05C58A93CF7CDD6F7BA20568C0A9F4630321 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
20:06:09.0850 0x6c50 PSched - ok
20:06:09.0923 0x6c50 [ 0B83F4E681062F3839BE2EC1D98FD94A, 47E1B8014C59981693F5544872AF00383528AAEF0C6FE9AE8C45A6359EFB067D ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:06:09.0983 0x6c50 ql2300 - ok
20:06:10.0012 0x6c50 [ E1C80F8D4D1E39EF9595809C1369BF2A, 5C18F8366049C690FC8AA4A992AA0765A6607F72E0EF889A5F3757E59FB1C143 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:06:10.0028 0x6c50 ql40xx - ok
20:06:10.0069 0x6c50 [ 90574842C3DA781E279061A3EFF91F07, F87DE7355DAA4FACF2126A0427C08BAAD9E647E0B02EE5447746BE969B28DA8D ] QWAVE C:\Windows\system32\qwave.dll
20:06:10.0096 0x6c50 QWAVE - ok
20:06:10.0109 0x6c50 [ E8D76EDAB77EC9C634C27B8EAC33ADC5, 171A3C5D5C3C5845C3BF9A4BCD88E744B025C910AC2F528D0E7D66F173FF0BED ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:06:10.0130 0x6c50 QWAVEdrv - ok
20:06:10.0192 0x6c50 [ ED4E69C31EF566266BE13638EBE9DA56, BF47F5955BF271E509136677A0ABD37F490066111A76E621257A0F297D8DE8CC ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
20:06:10.0226 0x6c50 RapiMgr - ok
20:06:10.0241 0x6c50 [ 1013B3B663A56D3DDD784F581C1BD005, 36B83F234C2D6A6112BC8B5EF0AB5075EE98AC0BED702C37E4C1C3D17EB49956 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:06:10.0281 0x6c50 RasAcd - ok
20:06:10.0324 0x6c50 [ B2AE18F847D07F0044404DDF7CB04497, 24B1D5E1D0621160640264656E3D447C611DEE1B0EE308971EF85F0AC3D9F7DD ] RasAuto C:\Windows\System32\rasauto.dll
20:06:10.0365 0x6c50 RasAuto - ok
20:06:10.0409 0x6c50 [ AC7BC4D42A7E558718DFDEC599BBFC2C, E059EB9472FDDB73AF09FFEBA58D8284AFCDAB1516E0C5759980E60C892F8126 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:06:10.0441 0x6c50 Rasl2tp - ok
20:06:10.0488 0x6c50 [ 3AD83E4046C43BE510DE681588ACB8AF, C5445A23F35395B3EA3974C0D5E314E23D900C694D31F7B7A83FE9027D95A91C ] RasMan C:\Windows\System32\rasmans.dll
20:06:10.0543 0x6c50 RasMan - ok
20:06:10.0572 0x6c50 [ 4517FBF8B42524AFE4EDE1DE102AAE3E, F01C8A773A637B66192BD16DDE467CAECC6E62853DBDB507FF3FC67B4B388988 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:06:10.0606 0x6c50 RasPppoe - ok
20:06:10.0647 0x6c50 [ C6A593B51F34C33E5474539544072527, 8182C1D15CDC164363D3DD355197160167A00BA9FA833AA444317D06344EF7CE ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:06:10.0666 0x6c50 RasSstp - ok
20:06:10.0706 0x6c50 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1, 07B89F701594F680F50A885B923521763A6131104CEE63D422E1C359C23AE2F6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:06:10.0745 0x6c50 rdbss - ok
20:06:10.0773 0x6c50 [ 603900CC05F6BE65CCBF373800AF3716, 83B010D51D1087673CF15FD0A992FD91CC910A073FEA9A8F20F6124B6E5489F2 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:06:10.0812 0x6c50 RDPCDD - ok
20:06:10.0846 0x6c50 [ C045D1FB111C28DF0D1BE8D4BDA22C06, 572986C93B982387EE94797A1EDE1C6C444B0F1078AC8201099452BFA021458F ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
20:06:10.0893 0x6c50 rdpdr - ok
20:06:10.0902 0x6c50 [ CAB9421DAF3D97B33D0D055858E2C3AB, 66C353CD310A91FAB0D0871ACCE71110595B63536560D0331DA70B1E33AC45BE ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:06:10.0940 0x6c50 RDPENCDD - ok
20:06:10.0969 0x6c50 [ AE4BD9E1C33D351D8E607FC81F15160C, AD785CA72B7C6EB9F94B2E797C758C0F804DB26EE056DDC6D4F85BB562A02EA4 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:06:11.0019 0x6c50 RDPWD - ok
20:06:11.0052 0x6c50 [ C612B9557DA73F70D41F8A6FBC8E5344, D7D11F202066F848FBD3F26D9FF915C7F3D68F30631393B2049F3AC5A40FD108 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:06:11.0091 0x6c50 RemoteAccess - ok
20:06:11.0136 0x6c50 [ 44B9D8EC2F3EF3A0EFB00857AF70D861, A45D8024A242456A73337C91663A3E1633BF163234CDFD5DF86840F31FFFE84D ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:06:11.0171 0x6c50 RemoteRegistry - ok
20:06:11.0194 0x6c50 [ F46C457840D4B7A4DAAFEE739CE04102, 94E946036240B3BAFF17C4A49745E29E492ABBC7BE5110741B212DF4D7F45B84 ] RpcLocator C:\Windows\system32\locator.exe
20:06:11.0211 0x6c50 RpcLocator - ok
20:06:11.0250 0x6c50 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] RpcSs C:\Windows\system32\rpcss.dll
20:06:11.0308 0x6c50 RpcSs - ok
20:06:11.0330 0x6c50 [ 22A9CB08B1A6707C1550C6BF099AAE73, 46A9D40A03DC0B6C93274C0C1CDB132B2339E76E77CAB0F12AEDAD4C31822B91 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:06:11.0371 0x6c50 rspndr - ok
20:06:11.0399 0x6c50 [ 3E800D0DD24C5CFE61A1D71A3F6FEAB9, 7827F101407D658BF68529D3648CFB19110599E5254DA0A3B960AE0B0679E797 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
20:06:11.0460 0x6c50 RTL8169 - ok
20:06:11.0518 0x6c50 [ 23DAE458EDE953F3F0FF193CAC7B2D84, 5964607A8F3049D46D9D6707243C09CE3AB40E8020BED5CB99ABCFE33E043C88 ] RTSTOR C:\Windows\system32\drivers\RTSTOR64.SYS
20:06:11.0547 0x6c50 RTSTOR - ok
20:06:11.0565 0x6c50 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] SamSs C:\Windows\system32\lsass.exe
20:06:11.0580 0x6c50 SamSs - ok
20:06:11.0602 0x6c50 [ CD9C693589C60AD59BBBCFB0E524E01B, F9EBD4FF4C712A563B1120D123012E41105D31402BE45D6F8C8DA71155D64ECB ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:06:11.0617 0x6c50 sbp2port - ok
20:06:11.0636 0x6c50 [ EECBBF7D76300E5558D316983961FFC1, 33E8237C9A39CEB1F0F4FB7D0466959121CF707899F43B17D6DDD92EBA398815 ] ScanUSBEMPIA C:\Windows\system32\DRIVERS\emScan64.sys
20:06:11.0665 0x6c50 ScanUSBEMPIA - ok
20:06:11.0706 0x6c50 [ FD1CDCF108D5EF3366F00D18B70FB89B, 5BCE3A9D5DC0B6937A734264C5B8DE0E6B8F77A869A118F94D57E662AAB28FE2 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:06:11.0751 0x6c50 SCardSvr - ok
20:06:11.0823 0x6c50 [ 0F838C811AD295D2A4489B9993096C63, 3DF2F973359249735810CB5AD52E05126A93A1C7D9F6274ACB018A0A125846BD ] Schedule C:\Windows\system32\schedsvc.dll
20:06:11.0876 0x6c50 Schedule - ok
20:06:11.0911 0x6c50 [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:06:11.0949 0x6c50 SCPolicySvc - ok
20:06:12.0003 0x6c50 [ 4FF71B076A7760FE75EA5AE2D0EE0018, DDDBC9530120F8C1AB449076F6F06F74354149B4C458E6682F957628EE795DE8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:06:12.0036 0x6c50 SDRSVC - ok
20:06:12.0073 0x6c50 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:06:12.0138 0x6c50 secdrv - ok
20:06:12.0181 0x6c50 [ 5ACDCBC67FCF894A1815B9F96D704490, FE0247A8BEDB860EBD46A9D49C641D0B9AA24EE34132CDDADC9F5A605238FDA7 ] seclogon C:\Windows\system32\seclogon.dll
20:06:12.0231 0x6c50 seclogon - ok
20:06:12.0257 0x6c50 [ 90973A64B96CD647FF81C79443618EED, 1D3CB7F724B7EADA6443DF07B258EE7FB7FEC92C2A7A9D3C57F6A220EF0DDDC4 ] SENS C:\Windows\System32\sens.dll
20:06:12.0304 0x6c50 SENS - ok
20:06:12.0335 0x6c50 [ F71BFE7AC6C52273B7C82CBF1BB2A222, 8C7F0E426B266DBBFE4BBE3333A33C338209BD8BE0E434A98D0D2CFD78D3F758 ] Serenum C:\Windows\system32\drivers\serenum.sys
20:06:12.0403 0x6c50 Serenum - ok
20:06:12.0429 0x6c50 [ E62FAC91EE288DB29A9696A9D279929C, 9B6A420556532F7F8D55FB6580A592A43BEA579A068B970C741A23DB079ECAD1 ] Serial C:\Windows\system32\drivers\serial.sys
20:06:12.0503 0x6c50 Serial - ok
20:06:12.0517 0x6c50 [ A842F04833684BCEEA7336211BE478DF, 9D964AEA237C44898098AC9C2D043F00C66EDA7D73C381D616737C01A9D0FF45 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:06:12.0554 0x6c50 sermouse - ok
20:06:12.0603 0x6c50 [ A8E4A4407A09F35DCCC3771AF590B0C4, F56ECE42CE81098FCCBCDFBBF006C3FB9EDD29C62F03C4EAE012EE690669481B ] SessionEnv C:\Windows\system32\sessenv.dll
20:06:12.0651 0x6c50 SessionEnv - ok
20:06:12.0679 0x6c50 [ 14D4B4465193A87C127933978E8C4106, A5C3F2F09E9A0715529B05AC1020EF0F432121E129447795257087E0D6A812FC ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:06:12.0737 0x6c50 sffdisk - ok
20:06:12.0759 0x6c50 [ 7073AEE3F82F3D598E3825962AA98AB2, 82A959A0970CBA8CC16D44736ED12158E59E138484F3F53EBDD3A4C02DA3700D ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:06:12.0804 0x6c50 sffp_mmc - ok
20:06:12.0826 0x6c50 [ 35E59EBE4A01A0532ED67975161C7B82, 4F4296B8903FCD06439CC8BF93C703852E523834F09CF9121FDA729A988AF11B ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:06:12.0871 0x6c50 sffp_sd - ok
20:06:12.0904 0x6c50 [ 6B7838C94135768BD455CBDC23E39E5F, 868E054ED546479DEAD7C2834C7AB080820522C16F5B4BEF0F3B279A33ABA9C8 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:06:12.0973 0x6c50 sfloppy - ok
20:06:13.0012 0x6c50 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34, 9659C7B5046DE2C0416A74FDE6F798C3E78D38327CB71BAE49D57A8347A9097D ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:06:13.0068 0x6c50 SharedAccess - ok
20:06:13.0132 0x6c50 [ 56793271ECDEDD350C5ADD305603E963, 7A29407C1C550FF3A6A3544811ABD971E9C760B984A7E64D5A1440C69D6AF483 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:06:13.0178 0x6c50 ShellHWDetection - ok
20:06:13.0202 0x6c50 [ 7A5DE502AEB719D4594C6471060A78B3, E8E16DF8AFFC230FBB1A5938925D464A1BA776184B8C020B37669EE2105DB9F2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
20:06:13.0218 0x6c50 SiSRaid2 - ok
20:06:13.0261 0x6c50 [ 3A2F769FAB9582BC720E11EA1DFB184D, 83EEBCE37E8709FCE15FB44F546C727C56064ED49B73A471EA33480573558419 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:06:13.0277 0x6c50 SiSRaid4 - ok
20:06:13.0491 0x6c50 [ 388AE59FE75F1B959DFA0900923C61BB, 0D47F8B4B4FBE5BF041DBE75B0A14D905E9310FFA6F0160746455B38A349EA54 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:06:13.0658 0x6c50 Skype C2C Service - ok
20:06:13.0748 0x6c50 [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:06:13.0773 0x6c50 SkypeUpdate - ok
20:06:13.0915 0x6c50 [ A9A27A8E257B45A604FDAD4F26FE7241, C5A1056522EE2BA7B70D34E391477A0E9351569CEF28B875172F4B363F6D4177 ] slsvc C:\Windows\system32\SLsvc.exe
20:06:14.0072 0x6c50 slsvc - ok
20:06:14.0130 0x6c50 [ FD74B4B7C2088E390A30C85A896FC3AF, 897F1F89A4DDB356CF6E59EFBC32A2081C0CADE283793DB6879D263F7B2E313F ] SLUINotify C:\Windows\system32\SLUINotify.dll
20:06:14.0163 0x6c50 SLUINotify - ok
20:06:14.0192 0x6c50 [ 290B6F6A0EC4FCDFC90F5CB6D7020473, 971888FE760641FF86165B9876E6FC12DBC309C0FED2734C60B9E0EBC078AAE0 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:06:14.0224 0x6c50 Smb - ok
20:06:14.0251 0x6c50 [ F8F47F38909823B1AF28D60B96340CFF, EFD948EE09F22F9F373A98BA6D9BC519FD9244986E4BE7B2BACD92D3C145AD1D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:06:14.0271 0x6c50 SNMPTRAP - ok
20:06:14.0304 0x6c50 [ 386C3C63F00A7040C7EC5E384217E89D, DD8766BCBD77EC6F67979A8B37B943A3A0E5478CE3FB129BF8FCA29B66529721 ] spldr C:\Windows\system32\drivers\spldr.sys
20:06:14.0320 0x6c50 spldr - ok
20:06:14.0365 0x6c50 [ F66FF751E7EFC816D266977939EF5DC3, 689BDD0B442830E162F2F9A8EFBD0E137F518C7F0CD92EDF4A43EFBA188B69F4 ] Spooler C:\Windows\System32\spoolsv.exe
20:06:14.0404 0x6c50 Spooler - ok
20:06:14.0453 0x6c50 [ 880A57FCCB571EBD063D4DD50E93E46D, D46BA584D1C33F17C4156127742FA470AA044C4BCE9E6A209E5B1F3A44C73350 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:06:14.0523 0x6c50 srv - ok
20:06:14.0561 0x6c50 [ A1AD14A6D7A37891FFFECA35EBBB0730, AE00950D330EE4C05F5AA9BC7E63E974766D8E93B607CB3E683C727E8A65049D ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:06:14.0600 0x6c50 srv2 - ok
20:06:14.0631 0x6c50 [ 4BED62F4FA4D8300973F1151F4C4D8A7, 1835895B3E837F8862F7F669DFBDF5EAB627E5656377624474C17E92CF440D2A ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:06:14.0652 0x6c50 srvnet - ok
20:06:14.0689 0x6c50 [ 192C74646EC5725AEF3F80D19FF75F6A, 8F24FF139A46B1F837356B9D682526107D7BADCFA510842FEACB6F06C02D93D9 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:06:14.0740 0x6c50 SSDPSRV - ok
20:06:14.0783 0x6c50 [ 2EE3FA0308E6185BA64A9A7F2E74332B, EC6A15281685E6CDEADABDFD08C4AF980AD3B404C945EB121D7F90AFCA3D6849 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:06:14.0825 0x6c50 SstpSvc - ok
20:06:14.0868 0x6c50 [ 14B4DB4381E4A55F570D8BB699B791D6, 14975F249C59F9D13359FF064433246C46A8A3328ED69A23712649ACAAE9121D ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
20:06:14.0908 0x6c50 StillCam - ok
20:06:14.0986 0x6c50 [ 15825C1FBFB8779992CB65087F316AF5, E9431C016D209A7322C0586F11EEF0AB461AB5822960287BB1D0FBC30183614D ] stisvc C:\Windows\System32\wiaservc.dll
20:06:15.0027 0x6c50 stisvc - ok
20:06:15.0053 0x6c50 [ 8A851CA908B8B974F89C50D2E18D4F0C, 27EA13E50B5B72ABF6C5B7B7D34A7154A12BB27B1C1B2EEFCAA36A96010DB4DC ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:06:15.0066 0x6c50 swenum - ok
20:06:15.0121 0x6c50 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A, 9C3714238571704CEE2AD4F1E15029243E00B494345C41F74EFDF3F0328CC9EA ] swprv C:\Windows\System32\swprv.dll
20:06:15.0192 0x6c50 swprv - ok
20:06:15.0226 0x6c50 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B, 0227EAF144BC35AA4FF2535E8C9974C0609B7634EE45F4166B9F88F79B17BBF1 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
20:06:15.0242 0x6c50 Symc8xx - ok
20:06:15.0260 0x6c50 [ A909667976D3BCCD1DF813FED517D837, 0874DD4C1CA7AE2E519EBB45433BC9F11A574408F5D2F9E23A340CA76512F5CE ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
20:06:15.0274 0x6c50 Sym_hi - ok
20:06:15.0296 0x6c50 [ 36887B56EC2D98B9C362F6AE4DE5B7B0, 7349FABACB633A9EEE3D4E241A5F443C28D23CC87F21EAAB3F1711644AA21D7C ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
20:06:15.0312 0x6c50 Sym_u3 - ok
20:06:15.0367 0x6c50 [ 92D7A8B0F87B036F17D25885937897A6, 6759BAB11E5FBB143BE13DF1611AE5D41D379DF423D881E92E910DF6A37CBA85 ] SysMain C:\Windows\system32\sysmain.dll
20:06:15.0466 0x6c50 SysMain - ok
20:06:15.0493 0x6c50 [ 005CE42567F9113A3BCCB3B20073B029, B1831D71410AD6E7DEB59D26BF6D2D07D2F6112936D6A6FDA57E9296ADA4076D ] TabletInputService C:\Windows\System32\TabSvc.dll
20:06:15.0515 0x6c50 TabletInputService - ok
20:06:15.0554 0x6c50 [ CC2562B4D55E0B6A4758C65407F63B79, C6AD05B345C699A715EC13830D8EA6EE9822F4B713D15B1F29AC044674A0F498 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:06:15.0591 0x6c50 TapiSrv - ok
20:06:15.0652 0x6c50 [ CDBE8D7C1E201B911CDC346D06617FB5, 16D5965E32A109DA38D77F4B6281081569D78371B2F522DE51100967F8776C7A ] TBS C:\Windows\System32\tbssvc.dll
20:06:15.0692 0x6c50 TBS - ok
20:06:15.0773 0x6c50 [ 00F77C4555FFABC21ADDB3160B2F574A, 292D3D9FC923283A25717831C5F1EA3046CB09F4F1B342BB93A506E68B9D4090 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:06:15.0879 0x6c50 Tcpip - ok
20:06:15.0950 0x6c50 [ 00F77C4555FFABC21ADDB3160B2F574A, 292D3D9FC923283A25717831C5F1EA3046CB09F4F1B342BB93A506E68B9D4090 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
20:06:16.0127 0x6c50 Tcpip6 - ok
20:06:16.0184 0x6c50 [ C7E72A4071EE0200E3C075DACFB2B334, 925A68FD021C7957792F31E9D69A31C180BEB878CD93D2C3E2BE463F58011A6C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:06:16.0211 0x6c50 tcpipreg - ok
20:06:16.0238 0x6c50 [ D45586A9FACB2C9708B10E491EF748A6, 04F6A9D8B89DC8C2FAA77D415ACB12C51AA7FF65A2C9F209088232E447878B9C ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
20:06:16.0258 0x6c50 tdcmdpst - ok
20:06:16.0284 0x6c50 [ 1D8BF4AAA5FB7A2761475781DC1195BC, A28E972E9331BAD685D4C786FDE221565E0AD3E222B24B9182B7FA916BFCD9C8 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:06:16.0322 0x6c50 TDPIPE - ok
20:06:16.0345 0x6c50 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1, 42A408E82D4017D27D3B0BBBA02BF4B21DEC060C89849785ED65962D18029B65 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:06:16.0383 0x6c50 TDTCP - ok
20:06:16.0416 0x6c50 [ 458919C8C42E398DC4802178D5FFEE27, E38828411DCE0AE2E2BF0D270FD80E47B46EDE4B44DAFD1DF11F54D427EACEB5 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:06:16.0446 0x6c50 tdx - ok
20:06:16.0599 0x6c50 [ 5E53CF8AD0FD33B35000C113656AB37B, D274DABC4DB03AC5B915F5111FF1218F4F2F9EC93B4A64E426BB7AD27A16C7A1 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
20:06:16.0775 0x6c50 TeamViewer7 - ok
20:06:16.0841 0x6c50 [ 8C19678D22649EC002EF2282EAE92F98, 551E7EBA54C2345F2B7FD7AAA7ADA4C852C94F1B35E6E4BBEF883BAFA34F6262 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:06:16.0857 0x6c50 TermDD - ok
20:06:16.0921 0x6c50 [ 5A67A1108E347FCA6A64B74FFB108BDE, F9EC8932366FF4101C6F059567DDF099D895C90567C3E770DDDC71562434A821 ] TermService C:\Windows\System32\termsrv.dll
20:06:16.0965 0x6c50 TermService - ok
20:06:16.0995 0x6c50 [ 56793271ECDEDD350C5ADD305603E963, 7A29407C1C550FF3A6A3544811ABD971E9C760B984A7E64D5A1440C69D6AF483 ] Themes C:\Windows\system32\shsvcs.dll
20:06:17.0030 0x6c50 Themes - ok
20:06:17.0049 0x6c50 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] THREADORDER C:\Windows\system32\mmcss.dll
20:06:17.0098 0x6c50 THREADORDER - ok
20:06:17.0165 0x6c50 [ FB8448D1B0DA00D70C28ADF9282B31BB, 7342DE5FBCFE6D1B0E916030176A485E8BFD65CD52640807082294D146697DDC ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
20:06:17.0177 0x6c50 TMachInfo - ok
20:06:17.0246 0x6c50 [ 22BC804EFE155F54252F389B0781D7F2, 10E88C4E4CF3170DDD9D778FFBB4FC04C4D0FBC8E7781D4CD79B600564E4022C ] TNaviSrv C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
20:06:17.0260 0x6c50 TNaviSrv - ok
20:06:17.0292 0x6c50 [ 19AF3434564E973BC232BBD629EC2BF6, 1791B3221F83E7E77A773F9635F1D304E06DCAAD5366292A227A2A453A9B196B ] TODDSrv C:\Windows\system32\TODDSrv.exe
20:06:17.0303 0x6c50 TODDSrv - detected UnsignedFile.Multi.Generic ( 1 )
20:06:19.0679 0x6c50 Detect skipped due to KSN trusted
20:06:19.0679 0x6c50 TODDSrv - ok
20:06:19.0831 0x6c50 [ 7810E3A97E004CD2641FD3FC5D2A62CD, 38E5541C48FC2FD826F51268AED15FE1A4F5E075A4767CD7978DE5ED31109E76 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
20:06:19.0877 0x6c50 TosCoSrv - ok
20:06:19.0923 0x6c50 [ 97735D78DA5737EA8428D551FA263EEA, 34BA983558BC0FC8F7DAB5B43710CE42EFC1B01493FDC3455D48B56442B17AF6 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
20:06:19.0937 0x6c50 TOSHIBA eco Utility Service - detected UnsignedFile.Multi.Generic ( 1 )
20:06:22.0289 0x6c50 Detect skipped due to KSN trusted
20:06:22.0289 0x6c50 TOSHIBA eco Utility Service - ok
20:06:22.0315 0x6c50 [ B67C69E2982769355D9FF76DD3B2A0FD, 2EA039FF19648D2F6163ECE88A751B2889DD293F59BA254C59D2F21D4EE81EED ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
20:06:22.0323 0x6c50 TOSHIBA HDD SSD Alert Service - detected UnsignedFile.Multi.Generic ( 1 )
20:06:24.0680 0x6c50 Detect skipped due to KSN trusted
20:06:24.0680 0x6c50 TOSHIBA HDD SSD Alert Service - ok
20:06:24.0779 0x6c50 [ DD50A5DF5F7B29FDB6B5FEA728C43DC3, 93D91A0821D6255DCCBF0466DB7B040801D15FACDE7AD053173E6E4999C61826 ] tos_sps64 C:\Windows\system32\DRIVERS\tos_sps64.sys
20:06:24.0832 0x6c50 tos_sps64 - ok
20:06:24.0910 0x6c50 [ 47DB100934D168232F63AB7331CCF6B5, DBDABCF0D1D7058DC1804BA32E3FC9BBC787A98B0D3CF0C80F2497D80C4E80C7 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
20:06:24.0946 0x6c50 TPCHSrv - ok
20:06:25.0042 0x6c50 [ 5798620110A1E15D57459F0DE7F8863B, EE56A3A5297C907975B0781A408378F922DB1459001354AEFC1DE041F808F6D8 ] transmission_gate C:\Windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\transresistance_amplifier\antenna_interface_standard.exe
20:06:25.0052 0x6c50 transmission_gate - detected UnsignedFile.Multi.Generic ( 1 )
20:06:27.0492 0x6c50 transmission_gate ( UnsignedFile.Multi.Generic ) - warning
20:06:29.0902 0x6c50 [ F4689F05AF472A651A7B1B7B02D200E7, 3D34B8879DBC69013D1A87A3F47B8A622A60B57F2E962E9F5925C5A01F44640F ] TrkWks C:\Windows\System32\trkwks.dll
20:06:29.0981 0x6c50 TrkWks - ok
20:06:30.0040 0x6c50 [ 66328B08EF5A9305D8EDE36B93930369, FD8136BF15AB8D2DB15D011C4F813737D68EED1178462DB8CE40606C16185A30 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:06:30.0079 0x6c50 TrustedInstaller - ok
20:06:30.0105 0x6c50 [ B2388462329ACD17AF50D8701E0C1B18, 959D7B7CCB526367645BAA11C56C88C9AD741EE338BAD6513C54FC7ED43F3AC0 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:06:30.0135 0x6c50 tssecsrv - ok
20:06:30.0171 0x6c50 [ 89EC74A9E602D16A75A4170511029B3C, AACD82A6F5FE31FF1315F5CA69E5EB6BD172DD86610F0641177CCC131B542034 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
20:06:30.0204 0x6c50 tunmp - ok
20:06:30.0259 0x6c50 [ 30A9B3F45AD081BFFC3BCAA9C812B609, 57204F1F72FEFA086FF1D8A14487D56F4DEDD3C50FBB6903E0C4AC749EA720DE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:06:30.0275 0x6c50 tunnel - ok
20:06:30.0310 0x6c50 [ 9A744CC3D804EC38A6C2C65BC3C6FCD8, 28CDF1A8614444F4A7249FB7189B423579CA91D1373138CD3E6C048CE6D2799F ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
20:06:30.0328 0x6c50 TVALZ - ok
20:06:30.0364 0x6c50 [ BE32A8658A0B56474AD4D0BB8AFA8E55, EAF696605FCB7322AEE6EDF6D769DA088D2EF1205C3A206D296AB33F2C8AEF8A ] TVALZFL C:\Windows\system32\DRIVERS\TVALZFL.sys
20:06:30.0376 0x6c50 TVALZFL - ok
20:06:30.0401 0x6c50 [ FEC266EF401966311744BD0F359F7F56, 6EE0223AEFA7A81BEB155FC0CD4421C2BEBCDCBC9663C23064B0445101114BF8 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:06:30.0418 0x6c50 uagp35 - ok
20:06:30.0455 0x6c50 [ FAF2640A2A76ED03D449E443194C4C34, CC2517DCFE6962EB2EDEB93E44CB53B113974C9C69A050E3F36385C8D78E810B ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:06:30.0501 0x6c50 udfs - ok
20:06:30.0528 0x6c50 [ 060507C4113391394478F6953A79EEDC, 5D0AE5F1184165289DC8E8CD493607FCB68512CF90F748E3BFD2250655D784D4 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:06:30.0574 0x6c50 UI0Detect - ok
20:06:30.0597 0x6c50 [ 4EC9447AC3AB462647F60E547208CA00, F304125321B1ECA915EDDBDB6A71EAEF3123DCB5604C9497D72F12E0C1BD5315 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:06:30.0613 0x6c50 uliagpkx - ok
20:06:30.0650 0x6c50 [ 697F0446134CDC8F99E69306184FBBB4, A741882B8FE403E3A5DECED5D4A2254B14AF40ACECD4DAA3D00D71C2205C2C5F ] uliahci C:\Windows\system32\drivers\uliahci.sys
20:06:30.0672 0x6c50 uliahci - ok
20:06:30.0699 0x6c50 [ 31707F09846056651EA2C37858F5DDB0, A619AC4B32EA77AC29458894614870086C4DDB81525ADBCFF1AB8970FC5C257A ] UlSata C:\Windows\system32\drivers\ulsata.sys
20:06:30.0716 0x6c50 UlSata - ok
20:06:30.0740 0x6c50 [ 85E5E43ED5B48C8376281BAB519271B7, DBDA4216553F7C5EA0C579346D0A638E62766D5B8FCB1BFF3149BB37BBF978D3 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
20:06:30.0765 0x6c50 ulsata2 - ok
20:06:30.0876 0x6c50 [ 11E00C740AF777084B99DBADF61DBB1F, 44CCCF04CE95E0134801FA0A66735E67D095001F62CBEAB0440195F400981DFD ] ultra_high_frequency C:\Windows\assembly\GAC\AxInterop.MSComctlLib\2.0.0.0__90ba9c70f846762e\buck_switcher\human_body_model.exe
20:06:30.0894 0x6c50 ultra_high_frequency - detected UnsignedFile.Multi.Generic ( 1 )
20:06:33.0252 0x6c50 ultra_high_frequency ( UnsignedFile.Multi.Generic ) - warning
20:06:35.0685 0x6c50 [ 46E9A994C4FED537DD951F60B86AD3F4, 256F93ED3BD43B50F0D4489164D959F95AB070CC25A80A46355D2B387D336224 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:06:35.0723 0x6c50 umbus - ok
20:06:35.0765 0x6c50 [ 7093799FF80E9DECA0680D2E3535BE60, 1CBFCCA84CB9212176BF5A1D32334BD54E58A2668A4746252738800468AD4AD4 ] upnphost C:\Windows\System32\upnphost.dll
20:06:35.0818 0x6c50 upnphost - ok
20:06:35.0880 0x6c50 [ 858CC93477F9A9383E07861892600FF9, C72B25E7F6AF46AC22F8D2A1FA0345B290AAE642442C8A388EA75944334BB289 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:06:35.0913 0x6c50 usbccgp - ok
20:06:35.0936 0x6c50 [ 9247F7E0B65852C1F6631480984D6ED2, E3360A0EE891B8BADEF5FF53F796C79D6AD218961087F866E451F3B6F278672A ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:06:35.0996 0x6c50 usbcir - ok
20:06:36.0024 0x6c50 [ 82C3790E4E6F35087EF00994C7A72988, 95FA022BDAC65DCD2DA52C8FCC1F2C186B321F4599F40CB90262E24FD10AE16C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:06:36.0041 0x6c50 usbehci - ok
20:06:36.0063 0x6c50 [ BE2EB33AF6EE2E5DA07EB987E0A321F5, 0FCFABA080C553451AE4FAFB54DFE57639251D97DA204C07EC66F469826F3B46 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:06:36.0086 0x6c50 usbhub - ok
20:06:36.0110 0x6c50 [ EBA14EF0C07CEC233F1529C698D0D154, FBA35D53A90FD6C3F91DA5ECE10EF29858CB4CB512AA20548225F83E9FE0A23D ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:06:36.0166 0x6c50 usbohci - ok
20:06:36.0180 0x6c50 [ ACFEE697AF477021BB3EC78C5431FED2, DE529549074E7CA1601D889D62CFF45F00741EB584F9F2091D61527944334C2A ] usbprint C:\Windows\system32\drivers\usbprint.sys
20:06:36.0244 0x6c50 usbprint - ok
20:06:36.0281 0x6c50 [ B854C1558FCA0C269A38663E8B59B581, 08CC36B33FA2281FC88671BE051863AA8CA911446D24596049DB77FB4CB09EA6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:06:36.0312 0x6c50 USBSTOR - ok
20:06:36.0350 0x6c50 [ 308F6DDC052C970D679DA37D8A305279, E0F4C3C8F27E21C186289B115ECAB771777BC7E848F29D683C53C9F936F30848 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:06:36.0367 0x6c50 usbuhci - ok
20:06:36.0430 0x6c50 [ BF7A051DCCBA57C95541135B29CE0FB4, F3570ED5B57CB64A8222164038D53D1C2009013C50CFDE2E6105E8D4F642FEA6 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:06:36.0467 0x6c50 usbvideo - ok
20:06:36.0508 0x6c50 [ C690C8B45DB67DBA284B72D1FD649D2C, 52432616E19ADB450247D8A0FA75265BD74F1FACE6A063830F0E604C8E415CC0 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
20:06:36.0540 0x6c50 usb_rndisx - ok
20:06:36.0576 0x6c50 [ D76E231E4850BB3F88A3D9A78DF191E3, 98CAD31C41AD155EA853DF850D94FA29543C3A7D26262D1B6881281D033CEBAF ] UxSms C:\Windows\System32\uxsms.dll
20:06:36.0608 0x6c50 UxSms - ok
20:06:36.0665 0x6c50 [ 294945381DFA7CE58CECF0A9896AF327, 67414C6D79D2826BC86BB37349C9D74DB4B667310CBC1ABFD103E26332AE4A00 ] vds C:\Windows\System32\vds.exe
20:06:36.0734 0x6c50 vds - ok
20:06:36.0788 0x6c50 [ 916B94BCF1E09873FFF2D5FB11767BBC, 072007FED4EF30C4D7AF8628CBEB2AC99EEAD99D7AB533E90E3748E3D4F11C28 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:06:36.0825 0x6c50 vga - ok
20:06:36.0863 0x6c50 [ B83AB16B51FEDA65DD81B8C59D114D63, 97D39AA763037752D87216B83896AFD2AD6DFEBB3BCDCED7A9ABFE5706B804C5 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:06:36.0902 0x6c50 VgaSave - ok
20:06:36.0921 0x6c50 [ 8294B6C3FDB6C33F24E150DE647ECDAA, FEBD9536EF61F700DFD5D9CB815808C8415D5B23590B3CE17B12D84F4670EA4D ] viaide C:\Windows\system32\drivers\viaide.sys
20:06:36.0934 0x6c50 viaide - ok
20:06:36.0984 0x6c50 [ 2B7E885ED951519A12C450D24535DFCA, 249009EBC1D306D51FDFA4A89588462AA2D8B6DF0A20BE250B60DD73200CB7F3 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:06:37.0000 0x6c50 volmgr - ok
20:06:37.0056 0x6c50 [ CEC5AC15277D75D9E5DEC2E1C6EAF877, EA989E257C4409F9AF3B35C4D7ED9134D930FE3733B077C4F3AA5497796F2CB0 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:06:37.0093 0x6c50 volmgrx - ok
20:06:37.0142 0x6c50 [ 582F710097B46140F5A89A19A6573D4B, 6F695B17BF476D027D3012352F3D4DFD0E0815823DA51A136767ECEF6D64A1CA ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:06:37.0165 0x6c50 volsnap - ok
20:06:37.0195 0x6c50 [ A68F455ED2673835209318DD61BFBB0E, 8B2B255E8E2F8B415F7AC0F7F4C423F639DD47737F7CEE0F7C816D9A6893C5F7 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:06:37.0220 0x6c50 vsmraid - ok
20:06:37.0303 0x6c50 [ B75232DAD33BFD95BF6F0A3E6BFF51E1, A8120040F144AD42A39347A615F31BF752634994D4D134E2FAD23FEA9C1D71DF ] VSS C:\Windows\system32\vssvc.exe
20:06:37.0422 0x6c50 VSS - ok
20:06:37.0476 0x6c50 [ F14A7DE2EA41883E250892E1E5230A9A, EBCB74BE26437F6FE84A3B41AD034F451D4BD12CA77D4C7A433DB912E7D31593 ] W32Time C:\Windows\system32\w32time.dll
20:06:37.0551 0x6c50 W32Time - ok
20:06:37.0581 0x6c50 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7, D682FBF78CF987609AF35A019E7C90CBE02800D7DFC272FFDD71D82AA362FA7A ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:06:37.0640 0x6c50 WacomPen - ok
20:06:37.0714 0x6c50 [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
20:06:37.0745 0x6c50 Wanarp - ok
20:06:37.0769 0x6c50 [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:06:37.0800 0x6c50 Wanarpv6 - ok
20:06:37.0859 0x6c50 [ 382A7B0B632EC98DE5F0658DA9DE6159, 97C3B3B78FC7A6716C909CECAC006A37BF54EAAC57A5CCA0F38C85A9B56FA045 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
20:06:37.0902 0x6c50 WcesComm - ok
20:06:37.0957 0x6c50 [ B4E4C37D0AA6100090A53213EE2BF1C1, 67107F542F3C937FA5D9B28BA2EBFE994FFE287F16C0BFCF79AD20B95C13F78B ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:06:37.0998 0x6c50 wcncsvc - ok
20:06:38.0027 0x6c50 [ EA4B369560E986F19D93F45A881484AC, B61411D64901C9CB8C80402CD1E8808F5A0FACA38206C8D584C7C1019F5ADF5A ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:06:38.0062 0x6c50 WcsPlugInService - ok
20:06:38.0092 0x6c50 [ 0C17A0816F65B89E362E682AD5E7266E, 6233213D07B234056A1EC6FE1166A65371645269132B428FF3A29DDC0000301A ] Wd C:\Windows\system32\drivers\wd.sys
20:06:38.0110 0x6c50 Wd - ok
20:06:38.0165 0x6c50 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:06:38.0209 0x6c50 Wdf01000 - ok
20:06:38.0233 0x6c50 [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiServiceHost C:\Windows\system32\wdi.dll
20:06:38.0280 0x6c50 WdiServiceHost - ok
20:06:38.0299 0x6c50 [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiSystemHost C:\Windows\system32\wdi.dll
20:06:38.0338 0x6c50 WdiSystemHost - ok
20:06:38.0380 0x6c50 [ 3E6D05381CF35F75EBB055544A8ED9AC, BEC43932BD6C34406B8850E28178B937BFD9512E49FD9F8C54DA7EE272B478A9 ] WebClient C:\Windows\System32\webclnt.dll
20:06:38.0405 0x6c50 WebClient - ok
20:06:38.0440 0x6c50 [ 8D40BC587993F876658BF9FB0F7D3462, 23748E11F5CCE3D4978D748780283FA5A1154F53FF70D924CB2128FF8A4705F7 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:06:38.0470 0x6c50 Wecsvc - ok
20:06:38.0492 0x6c50 [ 9C980351D7E96288EA0C23AE232BD065, BA627B04C4259716B451F421F5310A69D8DE9407DE496AA0489139125E9DC16A ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:06:38.0526 0x6c50 wercplsupport - ok
20:06:38.0537 0x6c50 [ 66B9ECEBC46683F47EDC06333C075FEF, 35C33596D97DB65DE0A687644E9AD924AD5FCBAFD83FE4D23E7E58EF4BC4CC87 ] WerSvc C:\Windows\System32\WerSvc.dll
20:06:38.0570 0x6c50 WerSvc - ok
20:06:38.0580 0x6c50 WinDefend - ok
20:06:38.0590 0x6c50 WinHttpAutoProxySvc - ok
20:06:38.0653 0x6c50 [ D2E7296ED1BD26D8DB2799770C077A02, B494719C2DEB7B9D2505866868143C4E4F59B88461920AA49BD9F1251B6571B8 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:06:38.0690 0x6c50 Winmgmt - ok
20:06:38.0792 0x6c50 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869, 22D53818F4A4ACE441E121151CFD7CB1EDF5E8303DF9E113C9BB304B418A96EF ] WinRM C:\Windows\system32\WsmSvc.dll
20:06:38.0904 0x6c50 WinRM - ok
20:06:38.0961 0x6c50 [ 7F2F9E48566B2087F2AAAD258CB2A8D4, E6A34DF879F6D9F24C8CE5F131B4A104BCDF8720B0F4C6211FF4C9BD567EFB77 ] winusb C:\Windows\system32\DRIVERS\winusb.sys
20:06:38.0993 0x6c50 winusb - ok
20:06:39.0044 0x6c50 [ EC339C8115E91BAED835957E9A677F16, 3BBE6D4F1731198E8F0CFEE67C4CCA5C31E6968F8E02EF9E029C1847A26F513B ] Wlansvc C:\Windows\System32\wlansvc.dll
20:06:39.0101 0x6c50 Wlansvc - ok
20:06:39.0136 0x6c50 [ E18AEBAAA5A773FE11AA2C70F65320F5, 9E2F6FC0F46D0EEEBF4BC1E3D8800B3D268079ABF8EDDD70CD21B789883D7390 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:06:39.0163 0x6c50 WmiAcpi - ok
20:06:39.0219 0x6c50 [ 21FA389E65A852698B6A1341F36EE02D, 2D60911EAAE26C4CE3DEF4FAD1EDE093F912209AA90741AAA8B93F06B37DF605 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:06:39.0261 0x6c50 wmiApSrv - ok
20:06:39.0293 0x6c50 WMPNetworkSvc - ok
20:06:39.0319 0x6c50 [ CBC156C913F099E6680D1DF9307DB7A8, FD8B227F445679E31048CA41442A978A98F267FED96E22C235F63C72AEEE2AB0 ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:06:39.0351 0x6c50 WPCSvc - ok
20:06:39.0399 0x6c50 [ 490A18B4E4D53DC10879DEAA8E8B70D9, D069D8C22CF78A0970E85C0B9879E08FF19458FAA75AE447BCF9236731F64252 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:06:39.0426 0x6c50 WPDBusEnum - ok
20:06:39.0467 0x6c50 [ 5E2401B3FC1089C90E081291357371A9, 224D378EEBFB721CBC24896CAE01B31DC54B6ED82C19C5B954E96D5E98B83C59 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
20:06:39.0484 0x6c50 WpdUsb - ok
20:06:39.0670 0x6c50 [ B42B9D8ABC18DFBCD6044BC10B3A9B99, FD00756DADD3BFC382FC80D7D1D25592385E647C7EAC318C154E949A51D9DC27 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:06:39.0751 0x6c50 WPFFontCache_v0400 - ok
20:06:39.0799 0x6c50 [ 8A900348370E359B6BFF6A550E4649E1, 3EAD0B951EAF8E940ED6A79FAAAB7D22ACCF3985795F80206A3A07161D319B39 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:06:39.0836 0x6c50 ws2ifsl - ok
20:06:39.0881 0x6c50 [ 9EA3E6D0EF7A5C2B9181961052A4B01A, F39BAF1FC7DD1600C0052C2A6AA3BCBC8CA3DA96D1AC7B42B0F2810D051EE1B0 ] wscsvc C:\Windows\System32\wscsvc.dll
20:06:39.0909 0x6c50 wscsvc - ok
20:06:39.0919 0x6c50 WSearch - ok
20:06:39.0995 0x6c50 [ 67C1BCCCB4B59552BD62827F812A3A8B, 720E1E5FFC99AF803F1257446AE2DA492B494FC8A8B8E73F96B9CA98C3BBCFE6 ] WTGService C:\Program Files (x86)\XSManager\WTGService.exe
20:06:40.0022 0x6c50 WTGService - ok
20:06:40.0137 0x6c50 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
20:06:40.0269 0x6c50 wuauserv - ok
20:06:40.0302 0x6c50 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:06:40.0330 0x6c50 WudfPf - ok
20:06:40.0358 0x6c50 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:06:40.0384 0x6c50 WUDFRd - ok
20:06:40.0412 0x6c50 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:06:40.0431 0x6c50 wudfsvc - ok
20:06:40.0469 0x6c50 [ 1EA18D9ADA8FE282D7B5822F1BD05E8F, 5401FC8E362497DB42813CDAF320F56466B6B955E45F9B7D9FFB1144CFFC78A7 ] XS Stick Service C:\Windows\service4g.exe
20:06:40.0485 0x6c50 XS Stick Service - ok
20:06:40.0528 0x6c50 ================ Scan global ===============================
20:06:40.0552 0x6c50 [ 060DC3A7A9A2626031EB23D90151428D, 4AADA06E83603E9D4894D6CFC8DADB018307B384F438C809D4BC8E22BD937C3B ] C:\Windows\system32\basesrv.dll
20:06:40.0610 0x6c50 [ D665D594B7E11133D29D726BDDC7A5B0, 8EE45E719ACB23F388F2BE7E4311588E90DE7CF50988927CF0FED36DE380FACB ] C:\Windows\system32\winsrv.dll
20:06:40.0676 0x6c50 [ D665D594B7E11133D29D726BDDC7A5B0, 8EE45E719ACB23F388F2BE7E4311588E90DE7CF50988927CF0FED36DE380FACB ] C:\Windows\system32\winsrv.dll
20:06:40.0734 0x6c50 [ E8E05C05FBFEBD47FB7DBF7233F15302, 3099E64022E0E5347F7C8EFAD6D6E577157FC6B49386F3203E5438B38AE1EE36 ] C:\Windows\system32\services.exe
20:06:40.0743 0x6c50 [ Global ] - ok
20:06:40.0744 0x6c50 ================ Scan MBR ==================================
20:06:40.0752 0x6c50 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
20:06:41.0105 0x6c50 \Device\Harddisk0\DR0 - ok
20:06:41.0106 0x6c50 ================ Scan VBR ==================================
20:06:41.0114 0x6c50 [ A866F57A1EB46383B81E8D8BAE0739AD ] \Device\Harddisk0\DR0\Partition1
20:06:41.0162 0x6c50 \Device\Harddisk0\DR0\Partition1 - ok
20:06:41.0177 0x6c50 [ 738F77C32C7B8A1077E399FF6BAA035C ] \Device\Harddisk0\DR0\Partition2
20:06:41.0210 0x6c50 \Device\Harddisk0\DR0\Partition2 - ok
20:06:41.0215 0x6c50 ================ Scan generic autorun ======================
20:06:41.0255 0x6c50 [ 1E7F5900D76DD48BB09AF10091C7365A, 33A1AFE5F2AA7191E8E248B200BD25AD72B477BF8F71251565A5317677EDDE1A ] C:\Windows\WindowsMobile\wmdSync.exe
20:06:41.0285 0x6c50 Windows Mobile-based device management - ok
20:06:41.0286 0x6c50 Windows Defender - ok
20:06:41.0289 0x6c50 TPwrMain - ok
20:06:41.0295 0x6c50 TPCHWMsg - ok
20:06:41.0359 0x6c50 [ F239F658C66FB06B6DE902D6F597E3CF, 3A8CDCBA95010CE594B37A8C7EAB18635D2175D94899003F2B3B62E821942437 ] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
20:06:41.0443 0x6c50 TosSENotify - detected UnsignedFile.Multi.Generic ( 1 )
20:06:43.0799 0x6c50 Detect skipped due to KSN trusted
20:06:43.0799 0x6c50 TosSENotify - ok
20:06:43.0900 0x6c50 [ DFB75217B883F58344DA719C9C7D32F4, 9D7F7FD5187F29A1B48D22EF3EA9E5642B86A33400A0D320754694869D4847EB ] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
20:06:43.0916 0x6c50 Toshiba Registration - ok
20:06:43.0921 0x6c50 SmoothView - ok
20:06:43.0926 0x6c50 SmartFaceVWatcher - ok
20:06:44.0012 0x6c50 [ 6410B6368CEC7EF9D982D90B214DDA20, 296E09F89F4144FAFEFAE4FCFC150902530E135A2797F770C57B388EABD7FC03 ] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
20:06:44.0124 0x6c50 Skytel - ok
20:06:44.0399 0x6c50 [ 5062A411D76AAEF4918A4BBB7FB12E70, A9AD939CFEED6B99F7B91D3BCE16E5F01A73BF00C93F5485753C9371DBAE9DC7 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
20:06:44.0814 0x6c50 RtHDVCpl - ok
20:06:44.0830 0x6c50 HSON - ok
20:06:44.0872 0x6c50 [ 949C387212AFCF45DF86191BDA5E336E, BA4417730F69F3CB44BB46307665728967A5E6DC2EF118F411B3EAC710A16859 ] C:\Program Files\Apoint2K\Apoint.exe
20:06:44.0914 0x6c50 Apoint - ok
20:06:44.0958 0x6c50 [ 81CC023D8EE53F137AEB735717CEA919, 7E2FC912BDEC160B37B459346A778CF62D03A4910D807C9810FDC7FBB9AA1CB2 ] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe
20:06:45.0008 0x6c50 SVPWUTIL - detected UnsignedFile.Multi.Generic ( 1 )
20:06:47.0372 0x6c50 Detect skipped due to KSN trusted
20:06:47.0372 0x6c50 SVPWUTIL - ok
20:06:47.0482 0x6c50 [ 13E7CFE8E269ED15E7FC9C3EBBCB7E2B, 3B64263BA305F094B09B1961621C50CA6F9771F80CAC9F916B18BB0C7753A662 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
20:06:47.0509 0x6c50 SunJavaUpdateSched - ok
20:06:47.0587 0x6c50 [ 9C00C20E9763CB54BFBBD82B7058E5E4, 00CCB43ECC50F4FCBB8B7A4DF86CB4EBC25FFDC9032475AB0A28B9962CB37CF0 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
20:06:47.0606 0x6c50 StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
20:06:49.0966 0x6c50 Detect skipped due to KSN trusted
20:06:49.0966 0x6c50 StartCCC - ok
20:06:50.0068 0x6c50 [ 846965AE55A2662B1576C0F392DD1D6E, 0ADE383991FDC5A49DD15A27CB52CF75ABF518F0335E92003C0FF75DB417BBDC ] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
20:06:50.0088 0x6c50 SSBkgdUpdate - ok
20:06:50.0123 0x6c50 [ A4A66195EB0ECD574A32AAA92DC0A7BD, 4E30D565917158316A541BB29D73BF5F3A01DAB1240363276DE0C5D59B2BFFFE ] C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe
20:06:50.0166 0x6c50 PPort11reminder - ok
20:06:50.0188 0x6c50 [ 27249F2A900032F3C2DFAB8DE8F16399, 88F85055FC6A6C3872A9A3697F92E26EEB51655F5D53F49EE22768829839808A ] C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
20:06:50.0201 0x6c50 PaperPort PTD - ok
20:06:50.0259 0x6c50 [ 1AA5F0A2E3E65A9F6B35C19A7C9D7762, AB08124D101C4FE8B6D4A6056783D2EAD5C049BE39A3DE772E008CD43E36F443 ] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe
20:06:50.0310 0x6c50 Nikon Message Center 2 - detected UnsignedFile.Multi.Generic ( 1 )
20:06:52.0671 0x6c50 Detect skipped due to KSN trusted
20:06:52.0671 0x6c50 Nikon Message Center 2 - ok
20:06:52.0720 0x6c50 [ E09B922FB422AEFD1493E0657669BD8B, F0692307530C3F20E95D762A674366E6B7BB702EB445666995630EE7D1B18BEB ] C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
20:06:52.0738 0x6c50 NDSTray.exe - detected UnsignedFile.Multi.Generic ( 1 )
20:06:55.0088 0x6c50 Detect skipped due to KSN trusted
20:06:55.0088 0x6c50 NDSTray.exe - ok
20:06:55.0159 0x6c50 [ C5B2679B0AE204FDD0415199B7AFEF20, A488839697F72F5E914DC87077F196F355E4AA85A5AC9C555D67BB47CC198750 ] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
20:06:55.0172 0x6c50 KeNotify - ok
20:06:55.0208 0x6c50 [ BE72C212B14FC8F872A70C6C311D0529, 9C6A8060FD4505925894D8FD08EFCDE16BEEAAC70264519135B261C026333CAA ] C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe
20:06:55.0220 0x6c50 IndexSearch - ok
20:06:55.0277 0x6c50 [ 9A0E769CB3AC06B5EF443CFB6228B137, 4DD34F8E034E7E3A800F6CBA80B16AA81B2300FE8ECFD542FED3C242F954993A ] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe
20:06:55.0314 0x6c50 HWSetup - detected UnsignedFile.Multi.Generic ( 1 )
20:06:57.0674 0x6c50 Detect skipped due to KSN trusted
20:06:57.0674 0x6c50 HWSetup - ok
20:06:57.0721 0x6c50 [ 3779C261A13DAC62B409858FB8E92EDC, CC8691626D45EA19A58FAD7B09B838BABB644E2F5ED6CB8E23A9233BC166B70A ] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe
20:06:57.0731 0x6c50 ControlCenter3 - detected UnsignedFile.Multi.Generic ( 1 )
20:07:00.0084 0x6c50 Detect skipped due to KSN trusted
20:07:00.0084 0x6c50 ControlCenter3 - ok
20:07:00.0159 0x6c50 [ 68120B7C3FF8A3664341D0536C0C3198, F7118E542A3ECAE6B29ADFBA88F2ADE4BCD3270D61993EDF6C340676B66003FD ] C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe
20:07:00.0167 0x6c50 cfFncEnabler.exe - detected UnsignedFile.Multi.Generic ( 1 )
20:07:02.0541 0x6c50 Detect skipped due to KSN trusted
20:07:02.0541 0x6c50 cfFncEnabler.exe - ok
20:07:02.0644 0x6c50 [ ACEDE59715B81820EC39A2DB70828152, 110F14BE75307239C5CBD7E528E77E857D4AD8BBE85EADFF8367C29D8BFAB52C ] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
20:07:02.0736 0x6c50 BrMfcWnd - detected UnsignedFile.Multi.Generic ( 1 )
20:07:05.0086 0x6c50 Detect skipped due to KSN trusted
20:07:05.0086 0x6c50 BrMfcWnd - ok
20:07:05.0248 0x6c50 [ 66177D4C99FD8B578C7C56DE445E4D5D, 003D0254D7C693A72DE84CB76858F8D67D9FD62206F1B56DF7F5D0FA834C3BA7 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
20:07:05.0324 0x6c50 avgnt - ok
20:07:05.0413 0x6c50 [ CB08561AB36857CCF74BF11475C9AEB2, 5F15F6868A719A0A84D3E0FE2BC4E76975C50FA99D642279DDA972269ADFDB8B ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
20:07:05.0431 0x6c50 Avira Systray - ok
20:07:05.0522 0x6c50 [ B63E5C7807334A3A8F731062F15462CC, F4E501F749C10C44E8F501A34D8DD309892968BE70DA17734267BBCDDC351444 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
20:07:05.0613 0x6c50 Adobe ARM - ok
20:07:05.0624 0x6c50 {7373A75C-5294-4286-8223-BB43E7C0955A} - ok
20:07:05.0779 0x6c50 [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:07:05.0885 0x6c50 Sidebar - ok
20:07:05.0894 0x6c50 WindowsWelcomeCenter - ok
20:07:05.0979 0x6c50 [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:07:06.0064 0x6c50 Sidebar - ok
20:07:06.0074 0x6c50 WindowsWelcomeCenter - ok
20:07:06.0218 0x6c50 Skype - ok
20:07:06.0592 0x6c50 [ C81F59B7D524FB462F73B27757084618, 6C7DF7257ED0D9C69A53B98F15EAF1B42D302659791EE80F48D06BCA11EA09D8 ] C:\Program Files\CCleaner\CCleaner64.exe
20:07:07.0096 0x6c50 CCleaner Monitoring - ok
20:07:07.0114 0x6c50 WMPNSCFG - ok
20:07:07.0262 0x6c50 [ 4E8AA6E2418484B1E49BE77A9C3ED77A, E3B4FAD26ABFF97C63399241D6335F98744AA034BC750F4C70F15DE9EB9E7BA2 ] C:\ProgramData\Avira\Antivirus\LOGFILES\dual_band\peak_reverse_voltage.exe
20:07:07.0293 0x6c50 absolute_zero - detected UnsignedFile.Multi.Generic ( 1 )
20:07:09.0647 0x6c50 Detect turned to UDS exact due to KSN untrusted
20:07:09.0647 0x6c50 absolute_zero ( UDSangerousObject.Multi.Generic ) - infected
20:07:09.0647 0x6c50 Force sending object to P2P due to detect: C:\ProgramData\Avira\Antivirus\LOGFILES\dual_band\peak_reverse_voltage.exe
20:07:12.0157 0x6c50 Object send P2P result: true
20:07:14.0634 0x6c50 [ B6F25883A7A16D95020DFCDC61F2136C, C2575EA153375B8B6D7FD0D646C39B4185C29A027C78E37F6CF5E0BABEC6B535 ] C:\ProgramData\NortonInstaller\Logs\01-18-2013-18h20m09s\signal_to_noise_ratio\open_collector.exe
20:07:14.0668 0x6c50 tdd_wlan - detected UnsignedFile.Multi.Generic ( 1 )
20:07:17.0024 0x6c50 tdd_wlan ( UnsignedFile.Multi.Generic ) - warning
20:07:19.0544 0x6c50 [ 7E6B4AD487ED241D8224108E8E86A351, 8246F75DF64BBCC35CDC8DFF2F5157AD9523179344AC0517D42BAC99F2E87E8D ] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe
20:07:19.0643 0x6c50 FlashPlayerUpdate - ok
20:07:19.0645 0x6c50 Waiting for KSN requests completion. In queue: 1
20:07:20.0645 0x6c50 Waiting for KSN requests completion. In queue: 1
20:07:21.0645 0x6c50 Waiting for KSN requests completion. In queue: 1
20:07:22.0661 0x6c50 AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.10.414 ), 0x41010 ( enabled : outofdate )
20:07:22.0667 0x6c50 Win FW state via NFP2: enabled
20:07:25.0011 0x6c50 ============================================================
20:07:25.0011 0x6c50 Scan finished
20:07:25.0011 0x6c50 ============================================================
20:07:25.0022 0x70cc Detected object count: 4
20:07:25.0022 0x70cc Actual detected object count: 4
20:08:36.0387 0x70cc transmission_gate ( UnsignedFile.Multi.Generic ) - skipped by user
20:08:36.0387 0x70cc transmission_gate ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:08:36.0393 0x70cc ultra_high_frequency ( UnsignedFile.Multi.Generic ) - skipped by user
20:08:36.0393 0x70cc ultra_high_frequency ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:08:36.0481 0x70cc C:\ProgramData\Avira\Antivirus\LOGFILES\dual_band\peak_reverse_voltage.exe - copied to quarantine
20:08:36.0495 0x70cc HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\Software\Microsoft\Windows\CurrentVersion\Run:absolute_zero - will be deleted on reboot
20:08:36.0495 0x70cc C:\ProgramData\Avira\Antivirus\LOGFILES\dual_band\peak_reverse_voltage.exe - will be deleted on reboot
20:08:36.0495 0x70cc absolute_zero ( UDSangerousObject.Multi.Generic ) - User select action: Delete
20:08:36.0501 0x70cc tdd_wlan ( UnsignedFile.Multi.Generic ) - skipped by user
20:08:36.0501 0x70cc tdd_wlan ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:08:36.0645 0x70cc KLMD registered as C:\Windows\system32\drivers\12355586.sys
#

Alt 05.06.2015, 19:57   #5
M-K-D-B
/// TB-Ausbilder
 
Trojaner durch gefakte Amazon Mail "eingefangen" - Standard

Trojaner durch gefakte Amazon Mail "eingefangen"



Servus,




Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


Alt 06.06.2015, 08:44   #6
bien2000
 
Trojaner durch gefakte Amazon Mail "eingefangen" - Standard

Trojaner durch gefakte Amazon Mail "eingefangen"



#Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
main: v2015.06.05.06
rootkit: v2015.06.02.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Standard :: TOSHIBA [administrator]

06.06.2015 00:07:00
mbar-log-2015-06-06 (00-07-00).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 356915
Time elapsed: 31 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)#

Alt 06.06.2015, 11:34   #7
M-K-D-B
/// TB-Ausbilder
 
Trojaner durch gefakte Amazon Mail "eingefangen" - Standard

Trojaner durch gefakte Amazon Mail "eingefangen"



Servus,




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


Alt 07.06.2015, 11:27   #8
bien2000
 
Trojaner durch gefakte Amazon Mail "eingefangen" - Standard

Trojaner durch gefakte Amazon Mail "eingefangen"



#Combofix Logfile:
Code:
ATTFilter
ComboFix 15-05-31.01 - Standard 06.06.2015  21:57:42.2.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.4060.2423 [GMT 2:00]
ausgeführt von:: c:\users\Standard\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Crypto\RSA\MachineKeys\signal_to_noise_ratio\multiplexor.exe
c:\users\Standard\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-05-06 bis 2015-06-06  ))))))))))))))))))))))))))))))
.
.
2015-06-06 20:05 . 2015-06-06 20:05	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-06-05 19:14 . 2015-06-05 19:14	--------	d-----w-	c:\programdata\Malwarebytes
2015-06-05 19:13 . 2015-06-06 19:18	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-06-05 19:13 . 2015-06-06 10:32	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-05 19:11 . 2015-06-06 10:29	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-06-05 17:40 . 2015-06-05 18:08	--------	d-----w-	C:\TDSSKiller_Quarantine
2015-06-05 17:22 . 2015-06-05 17:24	--------	d-----w-	C:\FRST
2015-05-28 13:45 . 2015-05-28 13:45	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2015-05-28 12:26 . 2015-05-28 12:26	--------	d-----w-	c:\users\Standard\AppData\Roaming\DriverCure
2015-05-28 12:26 . 2015-05-28 12:26	--------	d-----w-	c:\users\Standard\AppData\Roaming\ParetoLogic
2015-05-28 09:33 . 2015-05-28 09:33	--------	d-----w-	c:\program files (x86)\Common Files\ParetoLogic
2015-05-28 09:33 . 2015-05-28 13:57	--------	d-----w-	c:\programdata\ParetoLogic
2015-05-28 06:27 . 2015-05-29 08:12	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2015-05-28 06:27 . 2015-05-29 08:12	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2015-05-22 09:54 . 2015-05-27 07:53	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2015-05-15 08:11 . 2015-04-08 01:11	939008	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2015-05-15 08:11 . 2015-04-08 00:47	1505792	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2015-05-15 08:11 . 2015-04-08 00:47	1822208	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2015-05-15 08:11 . 2015-04-07 23:48	2294784	----a-w-	c:\program files\Windows Journal\Journal.exe
2015-05-15 08:11 . 2015-04-08 00:47	1482240	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2015-05-15 08:11 . 2015-04-08 00:47	1454080	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-05-15 08:10 . 2015-04-30 16:03	279040	----a-w-	c:\windows\SysWow64\schannel.dll
2015-05-15 08:10 . 2015-04-30 15:41	347648	----a-w-	c:\windows\system32\schannel.dll
2015-05-15 07:57 . 2015-04-10 23:33	384512	----a-w-	c:\windows\system32\services.exe
2015-05-15 07:57 . 2015-04-10 23:22	279552	----a-w-	c:\windows\SysWow64\services.exe
2015-05-15 07:55 . 2015-04-30 13:14	124112	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 07:55 . 2015-04-30 13:14	102608	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 11:51 . 2015-05-20 07:48	--------	d-----w-	c:\programdata\ubao
2015-05-12 11:36 . 2015-05-12 11:39	--------	d-----w-	c:\programdata\Package Cache
2015-05-12 11:05 . 2015-05-19 07:09	--------	d-----w-	c:\users\Standard\AppData\Roaming\Avira
2015-05-12 11:03 . 2015-05-22 09:13	152744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2015-05-12 11:03 . 2015-05-22 09:13	132120	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-05-12 11:03 . 2014-07-02 11:06	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2015-05-12 11:03 . 2015-05-19 07:07	--------	d-----w-	c:\programdata\Avira
2015-05-12 11:03 . 2015-05-12 11:39	--------	d-----w-	c:\program files (x86)\Avira
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-15 08:13 . 2006-11-02 12:35	140425016	----a-w-	c:\windows\system32\mrt.exe
2015-04-16 07:22 . 2013-02-19 14:10	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-16 07:22 . 2013-02-19 14:10	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-04 06:25 . 2015-05-01 17:17	12032440	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B5FC0298-91BA-4B5B-8C75-255402AA05E6}\mpengine.dll
2015-03-14 02:22 . 2015-05-04 18:20	1168080	----a-w-	c:\windows\SysWow64\ntdll.dll
2015-03-14 02:22 . 2015-05-04 18:20	1585248	----a-w-	c:\windows\system32\ntdll.dll
2015-03-13 01:44 . 2015-05-04 18:20	4691384	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-03-13 01:44 . 2015-05-04 18:20	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2015-03-13 01:44 . 2015-05-04 18:20	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2015-03-13 01:43 . 2015-05-04 18:20	43008	----a-w-	c:\windows\apppatch\acwow64.dll
2015-03-13 01:30 . 2015-05-04 18:20	301568	----a-w-	c:\windows\system32\wow64win.dll
2015-03-13 01:30 . 2015-05-04 18:20	234496	----a-w-	c:\windows\system32\wow64.dll
2015-03-13 01:30 . 2015-05-04 18:20	17408	----a-w-	c:\windows\system32\wow64cpu.dll
2015-03-13 01:30 . 2015-05-04 18:20	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2015-03-13 00:08 . 2015-05-04 18:20	26112	----a-w-	c:\windows\SysWow64\setup16.exe
2015-03-13 00:08 . 2015-05-04 18:20	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2015-03-13 00:08 . 2015-05-04 18:20	2560	----a-w-	c:\windows\SysWow64\user.exe
2015-03-09 01:01 . 2015-05-02 15:18	1249280	----a-w-	c:\windows\SysWow64\msxml3.dll
2015-03-09 00:40 . 2015-05-02 15:18	1869824	----a-w-	c:\windows\system32\msxml3.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-04-23 8204056]
"absolute_zero"="c:\programdata\Avira\Antivirus\LOGFILES\dual_band\atomic_structure.exe" [2015-03-27 230912]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tdd_wlan"="c:\programdata\NortonInstaller\Logs\01-18-2013-18h20m09s\signal_to_noise_ratio\chain_reaction.exe" [2007-06-29 205312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2008-11-21 438272]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-21 61440]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"NDSTray.exe"="c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe" [2009-05-12 299008]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2007-04-16 422400]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-08-12 114688]
"cfFncEnabler.exe"="c:\program files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2008-11-12 1122304]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-05-22 728312]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-03-16 129272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-2-24 391072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-28 13:25	986440	----a-w-	c:\program files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-06-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-19 07:22]
.
2015-06-06 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-4018626186-3194338725-3947389847-1000.job
- c:\users\Standard\AppData\Local\Citrix\GoToMeeting\2759\g2mupdate.exe [2015-05-31 09:40]
.
2015-06-06 c:\windows\Tasks\G2MUploadTask-S-1-5-21-4018626186-3194338725-3947389847-1000.job
- c:\users\Standard\AppData\Local\Citrix\GoToMeeting\2759\g2mupload.exe [2015-05-31 09:40]
.
2015-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 21:20]
.
2015-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 21:20]
.
2015-06-06 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2006-11-02 09:45]
.
2015-06-06 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08 18:55]
.
2015-06-06 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08 18:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-04-28 09:34	774984	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-04-28 09:34	774984	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-04-28 09:34	774984	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-04-28 09:34	774984	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-04-28 09:34	774984	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"TPCHWMsg"="c:\program files (x86)\TOSHIBA\TPHM\TPCHWMsg.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-04-23 1128448]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-03-04 96144]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-30 7574048]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-03-29 238592]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG;
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG;
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\kuvl55p3.default\
FF - ExtSQL: !HIDDEN! 2010-02-01 14:35; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Radar 9 - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\program files (x86)\XSManager\WTGService.exe
c:\windows\service4g.exe
c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
c:\windows\starter4g.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files (x86)\Brother\ControlCenter3\brccMCtl.exe
c:\program files (x86)\Brother\Brmfcmon\BrMfimon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-06-06  22:14:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-06-06 20:14
ComboFix2.txt  2015-06-06 19:27
.
Vor Suchlauf: 21 Verzeichnis(se), 32.234.987.520 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 32.299.941.888 Bytes frei
.
- - End Of File - - A8247ED55FBD6EAE1E2EDE7CF9A6E4D5
         
--- --- ---
5C616939100B85E558DA92B899A0FC36
#

Gruss Bien

Alt 07.06.2015, 11:31   #9
M-K-D-B
/// TB-Ausbilder
 
Trojaner durch gefakte Amazon Mail "eingefangen" - Standard

Trojaner durch gefakte Amazon Mail "eingefangen"



Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4
Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.
  • Starte die sc-cleaner.exe mit einem Doppelclick.
  • Bestätige die Meldung Shortcut Cleaner Finished am Ende des Suchlaufs mit Ok.
  • Eine Logdatei wird sich öffnen (sc-cleaner.txt).
  • Poste mir den Inhalt mit deiner nächsten Antwort.





Schritt 5
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von JRT,
  • die Logdatei von Shortcut-Cleaner,
  • die beiden neuen Logdateien von FRST.

Alt 07.06.2015, 12:43   #10
bien2000
 
Trojaner durch gefakte Amazon Mail "eingefangen" - Standard

Trojaner durch gefakte Amazon Mail "eingefangen"



#AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.206 - Bericht erstellt 07/06/2015 um 13:41:30
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-05-31.5 [Lokal]
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (x64)
# Benutzername : Standard - TOSHIBA
# Gestarted von : C:\Users\Standard\Desktop\AdwCleaner_4.206.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\Public\Desktop\eBay.lnk
Datei Gefunden : C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\kuvl55p3.default\user.js
Ordner Gefunden : C:\Program Files (x86)\Common Files\ParetoLogic
Ordner Gefunden : C:\Program Files (x86)\Free Ride Games
Ordner Gefunden : C:\ProgramData\Free Ride Games
Ordner Gefunden : C:\ProgramData\ParetoLogic
Ordner Gefunden : C:\Users\Standard\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Standard\AppData\Roaming\DriverCure
Ordner Gefunden : C:\Users\Standard\AppData\Roaming\ParetoLogic

***** [ Geplante Tasks ] *****

Task Gefunden : paretologic registration3
Task Gefunden : paretologic update version3
Task Gefunden : ParetoLogic Update Version3 Startup Task

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\ParetoLogic
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : [x64] HKCU\Software\ParetoLogic
Schlüssel Gefunden : [x64] HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\uus3url-pl
Schlüssel Gefunden : HKLM\SOFTWARE\ParetoLogic

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16644


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


-\\ Google Chrome v43.0.2357.81


*************************

AdwCleaner[R0].txt - [1734 Bytes] - [07/06/2015 13:41:30]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1793 Bytes] ##########
         
--- --- ---
#

Alt 07.06.2015, 13:06   #11
M-K-D-B
/// TB-Ausbilder
 
Trojaner durch gefakte Amazon Mail "eingefangen" - Standard

Trojaner durch gefakte Amazon Mail "eingefangen"



Die Funde mit AdwCleaner auch entfernen lassen!

Dann weiter mit den anderen Tools.

Alt 07.06.2015, 15:23   #12
bien2000
 
Trojaner durch gefakte Amazon Mail "eingefangen" - Standard

Trojaner durch gefakte Amazon Mail "eingefangen"



Das dauert... leider seine Zeit

Die Funde von Adwcleaner habe ich entfernen lassen ...

# Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Suchlauf Datum: 07.06.2015
Suchlauf-Zeit: 14:32:17
Logdatei: MalewarebyteLog.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.07.03
Rootkit Datenbank: v2015.06.02.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x64
Dateisystem: NTFS
Benutzer: Standard

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 383783
Verstrichene Zeit: 27 Min, 28 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)#

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.9 (06.06.2015:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Standard on 07.06.2015 at 15:03:01,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\xsmanager
Successfully deleted: [Folder] C:\Users\Standard\AppData\Roaming\xsmanager



~~~ FireFox

Emptied folder: C:\Users\Standard\AppData\Roaming\mozilla\firefox\profiles\kuvl55p3.default\minidumps [164 files]



~~~ Chrome


[C:\Users\Standard\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Standard\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Standard\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Standard\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.06.2015 at 15:08:28,29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#

#Shortcut Cleaner 1.3.8 by Lawrence Abrams (Grinler)
Bleeping Computer - Technical Support and Computer Help
Copyright 2008-2015 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
Shortcut Cleaner Download

Windows Version: Windows (TM) Vista Home Premium Service Pack 2
Program started at: 06/07/2015 03:09:38 PM.

Scanning for registry hijacks:

* No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Standard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\Standard\Desktop\

Searching C:\Users\Public\Desktop\


0 bad shortcuts found.

Program finished at: 06/07/2015 03:09:42 PM
Execution time: 0 hours(s), 0 minute(s), and 3 seconds(s)
#

#
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Standard (administrator) on TOSHIBA on 07-06-2015 15:18:58
Running from C:\Users\Standard\Downloads
Loaded Profiles: Standard &  (Available Profiles: Standard)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Desktop.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [225792 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [487264 2009-03-06] (TOSHIBA Corporation)
HKLM\...\Run: [TPCHWMsg] => C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe [613232 2009-04-15] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1128448 2009-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [96144 2009-03-04] (Toshiba Europe GmbH)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [573952 2009-03-31] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [236544 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-30] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7574048 2009-03-30] (Realtek Semiconductor)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [238592 2009-03-29] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2008-11-21] (TOSHIBA)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-04-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [NDSTray.exe] => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [299008 2009-05-12] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [422400 2007-04-16] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-08-12] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [cfFncEnabler.exe] => C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe [16384 2009-03-24] (Toshiba Corporation)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1122304 2008-11-12] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA)
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\...\Run: [absolute_zero] => C:\ProgramData\Avira\Antivirus\LOGFILES\dual_band\atomic_structure.exe [230912 2015-03-27] (Indigo Rose Corporation)
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\...\RunOnce: [tdd_wlan] => C:\ProgramData\NortonInstaller\Logs\01-18-2013-18h20m09s\signal_to_noise_ratio\chain_reaction.exe [205312 2007-06-29] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [absolute_zero] => C:\ProgramData\Avira\Antivirus\LOGFILES\dual_band\atomic_structure.exe [230912 2015-03-27] (Indigo Rose Corporation)
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [tdd_wlan] => C:\ProgramData\NortonInstaller\Logs\01-18-2013-18h20m09s\signal_to_noise_ratio\chain_reaction.exe [205312 2007-06-29] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-06-05]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-06-05]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = Google
SearchScopes: HKLM -> {1B03DF2C-D1D1-46FE-A639-330F679CC9EB} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG;
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4018626186-3194338725-3947389847-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-4018626186-3194338725-3947389847-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2012-10-02] (Skype Technologies S.A.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-10-02] (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-06-30] (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-4018626186-3194338725-3947389847-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-4018626186-3194338725-3947389847-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2012-10-02] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-10-02] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\kuvl55p3.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files (x86)\Picasa2\npPicasa2.dll [2008-08-21] (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4018626186-3194338725-3947389847-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Standard\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-04] (Citrix Online)
FF Plugin HKU\S-1-5-21-4018626186-3194338725-3947389847-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\Standard\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-04] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\kuvl55p3.default\Extensions\de_DE@dicts.j3e.de [2015-02-28]
FF Extension: Flagfox - C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\kuvl55p3.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(67) [2012-01-09]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\kuvl55p3.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-10-29]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-05]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-01-27]

Chrome: 
=======
CHR Profile: C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-28]
CHR Extension: (Skype Click to Call) - C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-28]
CHR Extension: (Google Wallet) - C:\Users\Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-28]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-10-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [825856 2015-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1186040 2015-05-22] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S2 camsvc; C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
S2 ConfigFree Gadget Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [36864 2009-03-06] (TOSHIBA CORPORATION) [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2009-03-30] (TOSHIBA Corporation)
S2 TODDSrv; C:\Windows\system32\TODDSrv.exe [135168 2007-11-21] (TOSHIBA Corporation) [File not signed]
S2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [242176 2009-04-24] (TOSHIBA Corporation) [File not signed]
S2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [84480 2009-03-17] (TOSHIBA Corporation) [File not signed]
S2 ultra_high_frequency; C:\Windows\assembly\GAC\AxInterop.MSComctlLib\2.0.0.0__90ba9c70f846762e\buck_switcher\human_body_model.exe [214064 2014-01-28] (Lucersoft) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)
S2 XS Stick Service; C:\Windows\service4g.exe [145680 2010-03-19] (4G Systems GmbH & Co. KG)
S2 Crypkey License; crypserv.exe [X]
S2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-02] (Avira Operations GmbH & Co. KG)
S1 Beep; No ImagePath
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2014-07-10] (Mobile Connector)
S3 cmnsusbser; C:\Windows\SysWOW64\DRIVERS\cmnsusbser.sys [117888 2008-10-31] (Mobile Connector)
S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [296448 2005-06-14] (Aladdin Knowledge Systems Ltd.) [File not signed]
S2 Hardlock; C:\Windows\SysWOW64\drivers\hardlock.sys [665600 2010-01-28] (Aladdin Knowledge Systems) [File not signed]
R0 LPCFilter; C:\Windows\SysWOW64\DRIVERS\LPCFilter.sys [32040 2008-05-07] (COMPAL ELECTRONIC INC.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 NetworkX; \SystemRoot\system32\ckldrv.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-07 15:18 - 2015-06-07 15:18 - 02108928 _____ (Farbar) C:\Users\Standard\Downloads\FRST64(1).exe
2015-06-07 15:08 - 2015-06-07 15:08 - 00001361 _____ C:\Users\Standard\Desktop\JRT.txt
2015-06-07 15:03 - 2015-06-07 15:03 - 00000207 _____ C:\Windows\tweaking.com-regbackup-TOSHIBA-Windows-Vista-(TM)-Home-Premium-(64-bit).dat
2015-06-07 15:03 - 2015-06-07 15:03 - 00000000 ____D C:\RegBackup
2015-06-07 14:42 - 2015-06-07 14:42 - 00463688 _____ (Bleeping Computer, LLC) C:\Users\Standard\Downloads\sc-cleaner.exe
2015-06-07 14:39 - 2015-06-07 14:39 - 02942406 _____ (Thisisu) C:\Users\Standard\Downloads\JRT.exe
2015-06-07 14:31 - 2015-06-07 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-07 14:31 - 2015-06-07 14:31 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-07 14:31 - 2015-04-14 09:37 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-07 14:31 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-07 14:29 - 2015-06-07 14:29 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Standard\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-07 13:41 - 2015-06-07 13:45 - 00000000 ____D C:\AdwCleaner
2015-06-07 13:39 - 2015-06-07 13:40 - 02231296 _____ C:\Users\Standard\Desktop\AdwCleaner_4.206.exe
2015-06-06 22:14 - 2015-06-06 22:14 - 00020636 _____ C:\ComboFix.txt
2015-06-06 21:05 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-06 21:05 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-06 21:05 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-06 21:05 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-06 21:05 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-06 21:05 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-06 21:05 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-06 21:05 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-06 12:52 - 2015-06-06 22:15 - 00000000 ____D C:\Qoobox
2015-06-06 12:51 - 2015-06-06 21:25 - 00000000 ____D C:\Windows\erdnt
2015-06-06 12:46 - 2015-06-06 12:46 - 05628238 _____ (Swearware) C:\Users\Standard\Downloads\ComboFix.exe
2015-06-05 21:14 - 2015-06-07 14:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-05 21:13 - 2015-06-07 14:32 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-05 21:13 - 2015-06-06 21:18 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-05 21:11 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-05 21:10 - 2015-06-05 21:10 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Standard\Downloads\mbar-1.09.1.1004.exe
2015-06-05 19:40 - 2015-06-05 20:08 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-06-05 19:39 - 2015-06-05 19:39 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Standard\Downloads\tdsskiller.exe
2015-06-05 19:23 - 2015-06-05 19:24 - 00045619 _____ C:\Users\Standard\Downloads\Addition.txt
2015-06-05 19:22 - 2015-06-07 15:19 - 00000000 ____D C:\FRST
2015-06-05 19:22 - 2015-06-07 15:18 - 00024404 _____ C:\Users\Standard\Downloads\FRST.txt
2015-06-05 19:22 - 2015-06-05 19:22 - 02108928 _____ (Farbar) C:\Users\Standard\Downloads\FRST64.exe
2015-06-05 09:46 - 2015-06-06 21:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-05 08:43 - 2015-06-05 08:44 - 00274296 _____ C:\Windows\Minidump\Mini060515-01.dmp
2015-06-04 09:15 - 2015-06-04 09:15 - 00274296 _____ C:\Windows\Minidump\Mini060415-01.dmp
2015-05-31 11:40 - 2015-06-07 15:16 - 00000676 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-4018626186-3194338725-3947389847-1000.job
2015-05-31 11:40 - 2015-05-31 11:40 - 00003620 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-4018626186-3194338725-3947389847-1000
2015-05-29 15:47 - 2015-06-05 08:43 - 575290871 _____ C:\Windows\MEMORY.DMP
2015-05-29 15:47 - 2015-05-29 15:47 - 00274296 _____ C:\Windows\Minidump\Mini052915-01.dmp
2015-05-28 17:50 - 2015-05-28 17:50 - 00065890 _____ C:\Users\Standard\Desktop\AVSCAN-20150528-144035-52E11BA9.LOG
2015-05-28 15:48 - 2015-05-28 15:48 - 01126608 _____ (Adobe Systems Incorporated) C:\Users\Standard\Downloads\reader10_de_ga_install.exe
2015-05-28 15:45 - 2015-05-28 15:45 - 00001927 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2015-05-28 15:45 - 2015-05-28 15:45 - 00001804 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-28 15:45 - 2015-05-28 15:45 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-05-28 15:34 - 2015-05-28 15:35 - 50629792 _____ (Adobe Systems Incorporated) C:\Users\Standard\Downloads\AcroRdrDC1500720033_de_DE (1).exe
2015-05-28 15:26 - 2015-05-28 15:26 - 00002022 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-28 15:26 - 2015-05-28 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-28 15:24 - 2015-05-28 15:24 - 43518032 _____ (Google Inc.) C:\Users\Standard\Downloads\ChromeStandaloneSetup.exe
2015-05-28 15:21 - 2015-05-28 15:22 - 50629792 _____ (Adobe Systems Incorporated) C:\Users\Standard\Downloads\AcroRdrDC1500720033_de_DE.exe
2015-05-28 11:23 - 2015-05-30 16:53 - 00000000 ____D C:\ProgramData\Adobe
2015-05-28 10:17 - 2015-05-28 10:17 - 00010190 _____ C:\Users\Standard\Documents\cc_20150528_101715.reg
2015-05-28 08:27 - 2015-05-29 10:12 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-05-28 08:27 - 2015-05-29 10:12 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-05-28 08:27 - 2015-05-28 08:27 - 00001235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-05-28 08:27 - 2015-05-28 08:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-05-28 08:22 - 2015-06-07 15:12 - 00000000 ____D C:\Users\Standard\Desktop\Trojaner
2015-05-22 11:54 - 2015-05-27 09:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-05-15 10:36 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-05-15 10:36 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-05-15 10:36 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-05-15 10:36 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-05-15 10:36 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-05-15 10:36 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-05-15 10:36 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-05-15 10:36 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-15 10:36 - 2015-04-18 02:16 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-05-15 10:36 - 2015-04-18 02:16 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-05-15 10:36 - 2015-04-18 02:16 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-05-15 10:36 - 2015-04-18 02:16 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-05-15 10:36 - 2015-04-18 01:45 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-15 10:36 - 2015-04-18 01:44 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-05-15 10:36 - 2015-04-18 01:35 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-15 10:36 - 2015-04-18 01:33 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-15 10:36 - 2015-04-18 01:33 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-15 10:36 - 2015-04-18 01:30 - 02793472 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-15 10:10 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-15 10:10 - 2015-04-30 17:41 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-15 09:57 - 2015-04-11 01:33 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-15 09:57 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
2015-05-15 09:55 - 2015-04-30 15:14 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 09:55 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 19:03 - 2015-04-10 02:10 - 17881088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-14 19:03 - 2015-04-10 01:55 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-14 19:03 - 2015-04-10 01:53 - 10935808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-14 19:03 - 2015-04-10 01:52 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-14 19:03 - 2015-04-10 01:48 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-14 19:03 - 2015-04-10 01:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-14 19:03 - 2015-04-10 01:46 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-14 19:03 - 2015-04-10 01:46 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-14 19:03 - 2015-04-10 01:46 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-14 19:03 - 2015-04-10 01:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-14 19:03 - 2015-04-10 01:46 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-14 19:03 - 2015-04-10 01:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-14 19:03 - 2015-04-10 01:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-14 19:03 - 2015-04-10 01:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-14 19:03 - 2015-04-10 01:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-14 19:03 - 2015-04-10 01:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-14 19:03 - 2015-04-10 01:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-14 19:03 - 2015-04-10 01:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-14 19:03 - 2015-04-10 01:45 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-14 19:03 - 2015-04-10 01:45 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-14 19:03 - 2015-04-10 01:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-14 19:03 - 2015-04-10 01:45 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-14 19:03 - 2015-04-10 01:14 - 12379136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-14 19:03 - 2015-04-10 01:10 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-14 19:03 - 2015-04-10 01:08 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-14 19:03 - 2015-04-10 01:08 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-14 19:03 - 2015-04-10 01:05 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-14 19:03 - 2015-04-10 01:05 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-14 19:03 - 2015-04-10 01:04 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-14 19:03 - 2015-04-10 01:04 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-14 19:03 - 2015-04-10 01:04 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-14 19:03 - 2015-04-10 01:04 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-05-14 19:03 - 2015-04-10 01:04 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-14 19:03 - 2015-04-10 01:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-14 19:03 - 2015-04-10 01:03 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-14 19:03 - 2015-04-10 01:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-14 19:03 - 2015-04-10 01:03 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-14 19:03 - 2015-04-10 01:03 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-14 19:03 - 2015-04-10 01:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-14 19:03 - 2015-04-10 01:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-14 19:03 - 2015-04-10 01:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-14 19:03 - 2015-04-10 01:03 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-05-14 19:03 - 2015-04-10 01:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-05-14 19:03 - 2015-04-10 01:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-05-13 13:51 - 2015-05-20 09:48 - 00000000 ____D C:\ProgramData\ubao
2015-05-12 14:05 - 2015-05-12 14:25 - 00003240 _____ C:\Windows\setupact.log
2015-05-12 14:05 - 2015-05-12 14:05 - 00000000 _____ C:\Windows\setuperr.log
2015-05-12 13:54 - 2015-06-06 22:06 - 00462344 _____ C:\Windows\PFRO.log
2015-05-12 13:44 - 2015-05-12 13:44 - 00015208 _____ C:\Users\Standard\Documents\cc_20150512_134403.reg
2015-05-12 13:39 - 2015-05-12 13:39 - 00001047 _____ C:\Users\Public\Desktop\Avira.lnk
2015-05-12 13:36 - 2015-05-12 13:39 - 00000000 ____D C:\ProgramData\Package Cache
2015-05-12 13:12 - 2015-05-12 13:12 - 05248848 _____ (Piriform Ltd) C:\Users\Standard\Downloads\ccsetup505_slim.exe
2015-05-12 13:05 - 2015-05-19 09:09 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Avira
2015-05-12 13:04 - 2015-05-22 11:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-12 13:03 - 2015-05-22 11:13 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-12 13:03 - 2015-05-22 11:13 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-12 13:03 - 2015-05-19 09:07 - 00000000 ____D C:\ProgramData\Avira
2015-05-12 13:03 - 2015-05-12 13:39 - 00000000 ____D C:\Program Files (x86)\Avira
2015-05-12 13:03 - 2014-07-02 13:06 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-07 15:12 - 2015-03-04 12:02 - 00000580 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4018626186-3194338725-3947389847-1000.job
2015-06-07 15:05 - 2006-11-02 17:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-07 15:05 - 2006-11-02 17:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-07 15:04 - 2009-09-25 14:46 - 01199099 _____ C:\Windows\WindowsUpdate.log
2015-06-07 14:43 - 2010-01-27 11:41 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-07 14:21 - 2013-02-19 16:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-07 13:47 - 2010-01-27 11:41 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-07 13:47 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-07 13:46 - 2006-11-02 17:42 - 00032510 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-06 22:09 - 2006-11-02 14:34 - 00000215 _____ C:\Windows\system.ini
2015-06-06 21:45 - 2010-02-01 16:42 - 00000000 ____D C:\Users\Standard\AppData\Roaming\TeamViewer
2015-06-06 21:27 - 2006-11-02 15:33 - 00000000 __RHD C:\Users\Default
2015-06-06 21:18 - 2012-05-09 09:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-05 21:50 - 2012-05-15 10:24 - 00000020 ____H C:\ProgramData\PKP_DLet.DAT
2015-06-05 08:43 - 2009-12-21 18:19 - 00000000 ____D C:\Windows\Minidump
2015-06-04 09:20 - 2012-10-16 15:41 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Skype
2015-05-31 11:47 - 2009-09-28 16:32 - 00013312 _____ C:\Users\Standard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-31 11:40 - 2015-03-04 12:02 - 00003524 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4018626186-3194338725-3947389847-1000
2015-05-28 15:58 - 2010-01-22 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radar 9
2015-05-28 15:50 - 2010-02-14 18:31 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Adobe
2015-05-28 15:46 - 2010-04-01 21:13 - 00000000 ____D C:\Users\Standard\AppData\Local\Adobe
2015-05-28 15:25 - 2009-06-05 17:25 - 00000000 ____D C:\Program Files (x86)\Google
2015-05-28 14:28 - 2012-05-15 10:24 - 00001913 _____ C:\Users\Public\Desktop\ViewNX 2.lnk
2015-05-28 14:28 - 2006-11-02 17:36 - 00001807 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
2015-05-28 14:28 - 2006-11-02 17:36 - 00001758 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-05-28 14:28 - 2006-11-02 17:35 - 00001712 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
2015-05-28 14:28 - 2006-11-02 17:34 - 00001723 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
2015-05-28 08:25 - 2012-01-25 13:21 - 00000680 _____ C:\Users\Standard\AppData\Local\d3d9caps.dat
2015-05-20 08:38 - 2010-01-27 11:41 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-20 08:38 - 2010-01-27 11:41 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-19 08:50 - 2006-11-02 17:21 - 00331896 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-15 10:37 - 2006-11-02 17:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2015-05-15 10:37 - 2006-11-02 17:07 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-15 10:34 - 2008-01-21 13:10 - 01469650 _____ C:\Windows\system32\PerfStringBackup.INI
2015-05-15 10:34 - 2008-01-21 13:09 - 00628992 _____ C:\Windows\system32\perfh007.dat
2015-05-15 10:34 - 2008-01-21 13:09 - 00126704 _____ C:\Windows\system32\perfc007.dat
2015-05-15 10:20 - 2015-05-02 18:19 - 00000000 ____D C:\Windows\system32\MRT
2015-05-15 10:20 - 2009-06-05 17:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-15 10:13 - 2006-11-02 14:35 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-05-15 04:37 - 2006-11-02 17:07 - 00000000 ____D C:\Windows\ShellNew
2015-05-15 04:37 - 2006-11-02 14:33 - 69468160 _____ C:\Windows\system32\config\software_previous
2015-05-15 04:37 - 2006-11-02 14:33 - 20709376 _____ C:\Windows\system32\config\system_previous
2015-05-15 04:36 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\system32\spool
2015-05-15 04:36 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\system32\Msdtc
2015-05-15 04:36 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\registration
2015-05-15 04:32 - 2006-11-02 14:33 - 61341696 _____ C:\Windows\system32\config\components_previous
2015-05-15 04:32 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\sam_previous
2015-05-14 19:38 - 2014-05-09 22:19 - 00001954 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-05-14 19:38 - 2014-05-09 22:19 - 00001952 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-05-14 19:38 - 2014-05-09 22:19 - 00001942 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-05-14 19:38 - 2014-05-09 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-14 18:39 - 2009-09-25 15:19 - 00000000 ____D C:\Users\Standard
2015-05-14 11:19 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\security_previous
2015-05-14 11:19 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\default_previous
2015-05-12 14:59 - 2015-04-30 18:43 - 00000000 ___HD C:\Users\Standard\AppData\Local\Rent_warn
2015-05-12 14:12 - 2013-01-18 18:56 - 00000000 ____D C:\Windows\pss
2015-05-12 14:05 - 2010-09-03 16:15 - 00001460 _____ C:\Users\Standard\AppData\Local\d3d9caps64.dat
2015-05-12 13:22 - 2012-02-08 15:48 - 00000000 ___RD C:\Users\Standard\Dropbox
2015-05-12 13:22 - 2012-02-08 15:44 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Dropbox
2015-05-12 13:21 - 2012-02-08 15:48 - 00000933 _____ C:\Users\Standard\Desktop\Dropbox.lnk
2015-05-12 13:21 - 2012-02-08 15:45 - 00000000 ____D C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-12 13:16 - 2013-01-18 18:44 - 00000775 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-05-12 13:16 - 2013-01-18 18:44 - 00000000 ____D C:\Program Files\CCleaner

==================== Files in the root of some directories =======

2012-05-15 10:24 - 2012-05-15 10:24 - 0000268 ___RH () C:\Users\Standard\AppData\Roaming\Libraries
2012-05-15 10:25 - 2012-05-15 10:25 - 0000268 ___RH () C:\Users\Standard\AppData\Roaming\Licenses
2012-05-15 10:24 - 2012-05-15 10:24 - 0000268 ___RH () C:\Users\Standard\AppData\Roaming\Light Machine
2009-10-21 18:37 - 2009-10-21 18:37 - 0000000 _____ () C:\Users\Standard\AppData\Roaming\wklnhst.dat
2012-01-25 13:21 - 2015-05-28 08:25 - 0000680 _____ () C:\Users\Standard\AppData\Local\d3d9caps.dat
2010-09-03 16:15 - 2015-05-12 14:05 - 0001460 _____ () C:\Users\Standard\AppData\Local\d3d9caps64.dat
2009-09-28 16:32 - 2015-05-31 11:47 - 0013312 _____ () C:\Users\Standard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-02-01 15:58 - 2010-02-01 15:59 - 0421538 _____ () C:\Users\Standard\AppData\Local\dd_vcredistMSI0B4F.txt
2012-02-10 10:52 - 2012-02-10 10:53 - 0433634 _____ () C:\Users\Standard\AppData\Local\dd_vcredistMSI2D1A.txt
2012-02-10 10:53 - 2012-02-10 10:54 - 0435850 _____ () C:\Users\Standard\AppData\Local\dd_vcredistMSI2DE1.txt
2010-02-01 15:58 - 2010-02-01 15:59 - 0011474 _____ () C:\Users\Standard\AppData\Local\dd_vcredistUI0B4F.txt
2012-02-10 10:52 - 2012-02-10 10:53 - 0011616 _____ () C:\Users\Standard\AppData\Local\dd_vcredistUI2D1A.txt
2012-02-10 10:53 - 2012-02-10 10:54 - 0011632 _____ () C:\Users\Standard\AppData\Local\dd_vcredistUI2DE1.txt
2011-12-29 22:28 - 2011-12-29 22:28 - 0000000 _____ () C:\Users\Standard\AppData\Local\{B20DAE09-5B49-4912-9AEA-0D430ED36FB1}
2012-05-15 10:25 - 2012-05-15 10:25 - 0000268 ___RH () C:\ProgramData\MAS
2012-05-15 10:24 - 2012-05-15 10:24 - 0000268 ___RH () C:\ProgramData\MIDI Configurations
2012-05-15 10:24 - 2012-05-15 10:24 - 0000012 ___RH () C:\ProgramData\Nature
2012-05-15 10:25 - 2012-05-15 10:25 - 0000012 ___RH () C:\ProgramData\NetServices
2012-05-15 10:24 - 2012-05-15 10:24 - 0000012 ___RH () C:\ProgramData\Organic
2012-05-15 10:25 - 2012-05-15 10:25 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2012-05-15 10:24 - 2015-06-05 21:50 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2012-05-15 10:24 - 2013-01-06 15:09 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT

Some files in TEMP:
====================
C:\Users\Standard\AppData\Local\Temp\avgnt.exe
C:\Users\Standard\AppData\Local\Temp\Quarantine.exe
C:\Users\Standard\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-07 13:57

==================== End of log ============================
         
--- --- ---
#

Hallo Matthias,
ich möchte Dir erst mal für Deine Bemühungen danken...
War es das jetzt ?

Gruß
Reinhart

Alt 08.06.2015, 13:17   #13
M-K-D-B
/// TB-Ausbilder
 
Trojaner durch gefakte Amazon Mail "eingefangen" - Standard

Trojaner durch gefakte Amazon Mail "eingefangen"



Servus,


nein, wir sind noch nicht ganz fertig.

Bitte noch wie beschrieben die aktuelle Addition.txt von FRST posten, dann kann es weitergehen.

Alt 08.06.2015, 20:04   #14
bien2000
 
Trojaner durch gefakte Amazon Mail "eingefangen" - Standard

Trojaner durch gefakte Amazon Mail "eingefangen"



ok dann wollen wir mal wieder
#Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Standard at 2015-06-05 19:23:48
Running from C:\Users\Standard\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4018626186-3194338725-3947389847-500 - Administrator - Disabled)
Gast (S-1-5-21-4018626186-3194338725-3947389847-501 - Limited - Disabled)
Standard (S-1-5-21-4018626186-3194338725-3947389847-1000 - Administrator - Enabled) => C:\Users\Standard

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3SwitcheD LITE (HKLM-x32\...\3SwitcheD LITE) (Version: 1.0.0.0 - Reality Pump)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.102.302.104 - ALPS ELECTRIC CO., LTD.)
ANNO 1503 GOLD (HKLM-x32\...\{DB833EF9-A198-49BE-970A-BD46F30BFBB4}) (Version: 1.05.00 - )
ArcSoft Panorama Maker 6 (HKLM-x32\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{190A60F1-2FEE-0A11-7D37-D8607809CC39}) (Version: 3.0.723.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Brother MFL-Pro Suite (HKLM-x32\...\{004B8D14-7E3A-490A-ABB3-753535E169E3}) (Version: 1.00 - Brother Industries, Ltd.)
ccc-core-static (x32 Version: 2009.0421.2132.36832 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
ChickenShoot (HKLM-x32\...\ChickenShoot) (Version: 1.0.1.0 - ToonTraxx)
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
DVAG Online-System (HKLM-x32\...\DVAG Online System) (Version: 1.2 - Deutsche Vermögensberatung AG)
Encyclopaedia Homeopathica (HKLM-x32\...\{17DFC892-17D0-4D28-9684-E0634B0471DE}) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GoToMeeting 7.2.0.2759 (HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\...\GoToMeeting) (Version: 7.2.0.2759 - CitrixOnline)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
Jewels of Atlantis (HKLM-x32\...\JOA_is1) (Version:  - City Interactive)
Luxor HD (HKLM-x32\...\Luxor HD) (Version: 1.1.0.0 - MumboJumbo)
Micam 1.4 (HKLM-x32\...\Micam-1.4_is1) (Version:  - Marien van Westen)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
myphotobook 3.65 (HKLM-x32\...\myphotobook) (Version: 3.65 - myphotobook)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.3.1 - Nikon)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Picasa 2 (HKLM-x32\...\Picasa2) (Version: 2.0 - Google, Inc.)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.3 - Nikon)
PlayReady PC runtime (HKLM\...\{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}) (Version: 1 - Microsoft Corporation)
Radar 9 (HKLM-x32\...\Radar 9) (Version:  - )
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0004 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5821 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20132 - Realtek Semiconductor Corp.)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Skins (x32 Version: 2009.0421.2132.36832 - ATI) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.14563 - TeamViewer)
Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.08 - TOSHIBA)
TOSHIBA Benutzerhandbücher (HKLM-x32\...\{1C971EE3-B4C4-4367-9676-57549919C6CE}) (Version: 7.40 - TOSHIBA)
TOSHIBA ConfigFree (HKLM-x32\...\{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}) (Version: 7.4.9 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.00.1.04-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.0.3.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.0.5.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.3C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.0.64.1 - TOSHIBA Corporation)
Toshiba Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.06.0000 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.3.2.64 - TOSHIBA Corporation)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 for x64 - TOSHIBA)
TOSHIBA Recovery Disk Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0017 - TOSHIBA)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.9.1.12 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.0.26 - TOSHIBA)
TOSHIBA Supervisorkennwort (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.3C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.8.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.0.1.8 - TOSHIBA Corporation)
TRORDCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.6 - TOSHIBA)
TRORDCLauncher (x32 Version: 1.0.0.6 - TOSHIBA) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
USB Video/Audio Driver (HKLM-x32\...\InstallShield_{4D6FC0A8-37D6-45FE-A5D0-67A995AA082C}) (Version: 1.00.0000 - Ihr Firmenname)
USB Video/Audio Driver (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden
Utility Common Driver (x32 Version: 1.0.50.22C - TOSHIBA) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.3.1 - Nikon)
WildTangent-Spiele (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.71 - WildTangent)
XSManager (HKLM-x32\...\XSManager) (Version: 3.0 - XSManager)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4018626186-3194338725-3947389847-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Standard\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018626186-3194338725-3947389847-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Standard\AppData\Local\Citrix\GoToMeeting\1669\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-4018626186-3194338725-3947389847-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018626186-3194338725-3947389847-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018626186-3194338725-3947389847-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018626186-3194338725-3947389847-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018626186-3194338725-3947389847-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018626186-3194338725-3947389847-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018626186-3194338725-3947389847-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018626186-3194338725-3947389847-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018626186-3194338725-3947389847-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Standard\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

31-05-2015 11:04:34 Windows-Sicherung
31-05-2015 12:00:04 Windows-Sicherung
01-06-2015 21:13:38 Geplanter Prüfpunkt
01-06-2015 23:01:17 Windows-Sicherung
03-06-2015 08:00:58 Windows-Sicherung
04-06-2015 09:26:08 Windows-Sicherung
05-06-2015 08:24:32 Windows-Sicherung
05-06-2015 12:00:29 Windows-Sicherung

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 14:34 - 2006-09-18 23:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {237BD26C-51C1-4686-8CFF-364B6F6464A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {2748E5F3-8B8A-4F3E-A2B3-220EBE6F298A} - System32\Tasks\{F22A86C4-4D49-4FF9-90FA-4329A476338A} => pcalua.exe -a C:\Windows\IsUn0407.exe -c -fC:\Windows\DeIsL1.isu
Task: {4C6BD89A-311A-4F23-AECC-9726115B238B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {614A202C-7A5C-4FAD-B797-5AA47B4D417E} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {7F63A11B-8FFE-44E9-8F4D-EF610DDAF9FD} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08] ()
Task: {803BE084-E0BE-44EF-B2E1-D7F4D52849D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {947A6FC7-E2BC-4AF5-BE65-266767AA2BDA} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08] ()
Task: {9480AE2F-F67A-436C-AF41-83FD14EB5859} - System32\Tasks\G2MUpdateTask-S-1-5-21-4018626186-3194338725-3947389847-1000 => C:\Users\Standard\AppData\Local\Citrix\GoToMeeting\2759\g2mupdate.exe [2015-05-31] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {A22B38EE-2616-43F8-8084-16975A29B700} - System32\Tasks\G2MUploadTask-S-1-5-21-4018626186-3194338725-3947389847-1000 => C:\Users\Standard\AppData\Local\Citrix\GoToMeeting\2759\g2mupload.exe [2015-05-31] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {BF444824-C1F8-48B3-9B4A-4B2669080DA1} - System32\Tasks\{17A9840A-A75B-40FF-B411-515D74D93B16} => pcalua.exe -a F:\setup.exe -d F:\
Task: {D0B5BE99-47FE-469A-BA98-FAA78CFB23A1} - System32\Tasks\Norton Security Scan for Standard => C:\Program Files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe
Task: {E4B985CC-9B86-417E-BA3C-D6F9CCAC51E3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)
Task: {FB9D40A7-294B-442F-8A5F-8833D785814F} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Standard => C:\Program Files (x86)\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4018626186-3194338725-3947389847-1000.job => C:\Users\Standard\AppData\Local\Citrix\GoToMeeting\2759\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-4018626186-3194338725-3947389847-1000.job => C:\Users\Standard\AppData\Local\Citrix\GoToMeeting\2759\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Registration3.job => C:\Windows\system32\rundll32.exeGC:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe

==================== Loaded Modules (Whitelisted) ==============

2009-09-25 14:49 - 2009-04-21 22:06 - 00120320 _____ () C:\Windows\system32\atitmm64.dll
2011-12-17 18:36 - 2005-04-22 14:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2009-04-24 11:39 - 2009-04-24 11:39 - 00549376 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2014-07-10 11:43 - 2009-06-22 15:21 - 00304592 ____N () C:\Program Files (x86)\XSManager\WTGService.exe
2009-02-10 12:32 - 2009-02-10 12:32 - 00076288 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2009-09-25 14:51 - 2009-09-25 14:51 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-11-25 10:19 - 2008-11-25 10:19 - 01193472 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Implementation\64\wbocx.ocx
2009-01-30 10:41 - 2009-01-30 10:41 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-09-25 14:51 - 2009-09-25 14:51 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-04-08 21:53 - 2015-04-08 21:53 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2011-12-17 18:34 - 2008-12-25 13:36 - 00139264 ____N () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-04-16 09:22 - 2015-04-16 09:22 - 16863920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:19170FB7

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Standard\Pictures\Sommer 2012\154.JPG
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Standard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Standard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: absolute_electrode_potential => C:\ProgramData\Adobe\Reader\9.5\ARM\10507\ieee802_11a\maxwells_equations.exe
MSCONFIG\startupreg: automatic_meter_reading => C:\ProgramData\Adobe\Reader\9.2\ARM(37)\schottky_barrier_diode\analog_fan_controller.exe
MSCONFIG\startupreg: base_transceiver_station => C:\ProgramData\Adobe\Reader\9.5\ARM\12915\pulse_code_modulation\transmission_gate.exe
MSCONFIG\startupreg: biology => C:\ProgramData\Adobe\Reader\9.5\ARM\12767\scattering_parameters\high_bit_rate_digital.exe
MSCONFIG\startupreg: biophysics => C:\ProgramData\Adobe\Reader\9.5\ARM\14213\dc_dc_converter\yield.exe
MSCONFIG\startupreg: bottom-weekend => C:\Users\Standard\AppData\Local\Temp\Bottom-command\bottom-post.exe
MSCONFIG\startupreg: brown_and_sharpe_wire => C:\ProgramData\Adobe\Reader\9.5\ARM\13677\deepcover\bit_error_rate.exe
MSCONFIG\startupreg: compensation => C:\ProgramData\Adobe\Reader\9.5\ARM\12214\high_z\interleave.exe
MSCONFIG\startupreg: contact_bounce => C:\ProgramData\Adobe\Reader\9.5\ARM\1402\utility_frequency\signal_to_noise_ratio.exe
MSCONFIG\startupreg: cow_live => C:\Users\Standard\AppData\Local\Temp\Cow_string\cow-layer.exe
MSCONFIG\startupreg: crossover => C:\ProgramData\Adobe\Reader\9.5\ARM\10207\lvpecl\lever.exe
MSCONFIG\startupreg: current_sensing => C:\ProgramData\Adobe\Reader\9.5\ARM\11460\displacement_fluid\linear_elasticity.exe
MSCONFIG\startupreg: degrees_of_freedom => C:\ProgramData\Adobe\Reader\9.5\ARM\10190\weighted_mean\wcdma_fdd.exe
MSCONFIG\startupreg: digital_to_analog_converter => C:\ProgramData\Adobe\Reader\9.5\ARM\12056\dc_dc\indefinite_integral.exe
MSCONFIG\startupreg: keyboard_video_mouse => C:\ProgramData\Adobe\Reader\9.5\ARM\14178\switched_cap\plasma_physics.exe
MSCONFIG\startupreg: max_hold_step_mv => C:\ProgramData\Adobe\Reader\9.5\ARM\11411\image_frequency\frequency_synthesizer.exe
MSCONFIG\startupreg: meal-chain => C:\Users\Standard\AppData\Local\Temp\Meal_imagine\meal-alarm.exe
MSCONFIG\startupreg: mesfet => C:\ProgramData\Adobe\Reader\9.5\ARM\13830\click\intermediate_frequency.exe
MSCONFIG\startupreg: noxious_fumes => C:\ProgramData\Adobe\Reader\9.5\ARM\1121\handover\digital_log_pot.exe
MSCONFIG\startupreg: opamp => C:\ProgramData\Adobe\Reader\9.5\ARM\13021\solid_mechanics\pc_board.exe
MSCONFIG\startupreg: optical_network_unit => C:\ProgramData\Adobe\Reader\9.5\ARM\12056\computer_aided_manufacturing\esbga.exe
MSCONFIG\startupreg: phase_equilibrium => C:\ProgramData\Adobe\Reader\9.5\ARM\13753\ieee_802_11g\physical_quantity.exe
MSCONFIG\startupreg: physical_chemistry => C:\ProgramData\Adobe\Reader\9.5\ARM\1402\push_pull\gravitational_potential.exe
MSCONFIG\startupreg: powerline => C:\ProgramData\Adobe\Reader\9.5\ARM\11460\iec_connector\ohms_law.exe
MSCONFIG\startupreg: pressure_cooker_test => C:\ProgramData\Adobe\Reader\9.5\ARM\11119\powercap\coefficient_of_performance.exe
MSCONFIG\startupreg: rent_building => C:\Users\Standard\AppData\Local\Rent_warn\rent-ought.exe
MSCONFIG\startupreg: secure_digital => C:\ProgramData\Adobe\Acrobat\9.0\Replicate\Security\computer_aided_engineering\ripple_rejection.exe
MSCONFIG\startupreg: spurious_free => C:\ProgramData\Adobe\Reader\9.5\ARM\13173\environmental_engineering\logarithmic_potentiometer.exe
MSCONFIG\startupreg: starter4g => C:\Windows\starter4g.exe
MSCONFIG\startupreg: system-spirit => C:\Users\Standard\AppData\Local\Temp\System-pleased\system_say.exe
MSCONFIG\startupreg: tdd_wcdma => C:\ProgramData\Adobe\Reader\9.5\ARM\12214\base_station\small_form_factor_plug.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: thermtrip => C:\ProgramData\Adobe\Reader\9.5\ARM\12161\electromagnetic_interface\wcdma.exe
MSCONFIG\startupreg: TOSHIBA Online Product Information => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
MSCONFIG\startupreg: TWebCamera => "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
MSCONFIG\startupreg: window-plant => C:\Users\Standard\AppData\Local\Temp\Window_site\window-find.exe
MSCONFIG\startupreg: yttrium_iron_garnet => C:\ProgramData\Adobe\Reader\9.5\ARM\11195\boiling_point\henrys_law.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [TCP Query User{5DF11954-A977-435D-B5C1-7F8E0B9E9E04}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{8DF77E80-095F-4BB5-B992-C37F1693BE75}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [TCP Query User{9A2B7626-9619-4CA3-B045-A519BCB829E9}D:\jre\bin\java.exe] => (Block) D:\jre\bin\java.exe
FirewallRules: [UDP Query User{C7CBD133-FD41-4739-BC2A-0D05494137E9}D:\jre\bin\java.exe] => (Block) D:\jre\bin\java.exe
FirewallRules: [{5D0FA802-20E7-48A1-832F-9B72D9017026}] => (Allow) LPort=80
FirewallRules: [{EF02009B-9B15-4F61-B7E1-CDA34E2CA1E4}] => (Allow) LPort=80
FirewallRules: [{6161BC6A-B508-47FB-89C4-726C1A1ADA28}] => (Allow) LPort=80
FirewallRules: [TCP Query User{58FB213F-D776-4A34-84C9-11DE23E10085}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Block) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{D7256998-B9AC-4F1D-B892-1B3C385A5513}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Block) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{D244CA66-62A4-4F84-BD81-2E286E02105E}] => (Allow) C:\Program Files (x86)\Brother\Brmfl08i\FAXRX.exe
FirewallRules: [{C45432E6-F848-4AF7-ADEA-48397A213DBA}] => (Allow) C:\Program Files (x86)\Brother\Brmfl08i\FAXRX.exe
FirewallRules: [{BD74DAFE-A65C-4E23-8F62-822CE6828F11}] => (Allow) LPort=54925
FirewallRules: [{3227269D-FC36-43EA-9073-FC1D362E601C}] => (Allow) C:\Users\Standard\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2541D446-70AB-487E-B506-1F66581E6B05}] => (Allow) C:\Users\Standard\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{02DF306F-F683-48BF-8620-F5CDCB8456AC}] => (Allow) C:\Program Files (x86)\ToonTraxx\ChickenShoot\Kurka.exe
FirewallRules: [{5413866F-FE97-4906-A26B-4C2E6ABA2017}] => (Allow) C:\Program Files (x86)\ToonTraxx\ChickenShoot\Kurka.exe
FirewallRules: [{E6D2DCBB-8D03-4B8C-87F5-BAFB717545DE}] => (Allow) C:\Program Files (x86)\Reality Pump\3SwitcheD LITE\3SwitcheD_LITE.exe
FirewallRules: [{8DF15048-3C5C-4980-834D-E12FFBF7F848}] => (Allow) C:\Program Files (x86)\Reality Pump\3SwitcheD LITE\3SwitcheD_LITE.exe
FirewallRules: [{378C554B-69FD-4293-BF8D-E6A73079124C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{3BD5CA6F-B8B6-4472-B847-8A1F9D3A73EA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{E54A3D81-6155-4B92-9EDC-77A8BBFC4B61}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{135FF641-F39B-44C2-B15A-2E3A33D47AEE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{DC2B85D3-B3DF-4206-80A0-36C1FAA19142}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{186C8C87-F069-46F7-8DC0-0CC5C2ABAD0F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1C0096DF-F30C-42CE-AB19-854A352A32B4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{EDF87716-46A7-4E1A-ADAC-E062DE06BA26}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{2D34F15A-21E5-4857-AD6A-C7E8B3E6F346}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{1D1D4814-29F2-4B6B-88D3-10F58F492865}C:\users\standard\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\standard\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{F09719FF-9B51-4EB3-AD4C-1A25E325C56B}C:\users\standard\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\standard\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{71FCDA98-EAB1-4A34-ABF2-833C64AC1271}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/05/2015 08:48:08 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\STANDARD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\SKYPEICON.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/05/2015 08:48:08 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\STANDARD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\SKYPEICON.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/05/2015 08:48:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\STANDARD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\SKYPE.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/05/2015 08:48:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\STANDARD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\SKYPE.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/05/2015 08:48:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\STANDARD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\PLUS.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/05/2015 08:48:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\STANDARD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\PLUS.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/05/2015 08:48:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\STANDARD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\PICTURE.JPG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/05/2015 08:48:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\STANDARD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\PICTURE.JPG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/05/2015 08:48:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\STANDARD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\MSDEFAULTPICTURE.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/05/2015 08:48:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\STANDARD\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\MSDEFAULTPICTURE.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)


System errors:
=============
Error: (06/05/2015 08:46:18 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: NetworkX

Error: (06/05/2015 08:45:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Hardlock%%577

Error: (06/05/2015 08:45:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Crypkey License%%2

Error: (06/05/2015 08:43:58 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 05.06.2015 um 08:41:44 unerwartet heruntergefahren.

Error: (06/05/2015 08:16:52 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: NetworkX

Error: (06/05/2015 08:15:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Hardlock%%577

Error: (06/05/2015 08:15:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Crypkey License%%2

Error: (06/04/2015 09:17:55 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: NetworkX

Error: (06/04/2015 09:17:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Hardlock%%577

Error: (06/04/2015 09:17:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Crypkey License%%2


Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-06-05 08:44:21.708
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-06-05 08:44:21.302
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-06-05 08:14:27.035
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-06-05 08:14:26.583
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-06-04 09:15:56.320
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-06-04 09:15:55.962
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-06-04 09:05:55.508
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-06-04 09:05:54.993
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-06-03 20:06:15.622
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-06-03 20:06:15.247
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\hardlock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 65%
Total physical RAM: 4059.93 MB
Available physical RAM: 1412.61 MB
Total Pagefile: 8325.16 MB
Available Pagefile: 3499.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:116.44 GB) (Free:29.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:114.98 GB) (Free:90.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 7878FC96)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=115 GB) - (Type=07 NTFS)

==================== End of log ============================
         
--- --- ---
#

Alt 08.06.2015, 21:05   #15
M-K-D-B
/// TB-Ausbilder
 
Trojaner durch gefakte Amazon Mail "eingefangen" - Standard

Trojaner durch gefakte Amazon Mail "eingefangen"



Servus,


hast du eine Idee, was das hier für zwei Einträge sein könnten?

Zitat:
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\...\Run: [absolute_zero] => C:\ProgramData\Avira\Antivirus\LOGFILES\dual_band\atomic_structure.exe [230912 2015-03-27] (Indigo Rose Corporation)
HKU\S-1-5-21-4018626186-3194338725-3947389847-1000\...\RunOnce: [tdd_wlan] => C:\ProgramData\NortonInstaller\Logs\01-18-2013-18h20m09s\signal_to_noise_ratio\chain_reaction.exe [205312 2007-06-29] (Samsung Electronics Co., Ltd.)
Habe ich noch nie gesehen...




Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Wählen Sie eine
  • Kopiere nun folgendes in die Suchleiste
    Code:
    ATTFilter
    C:\ProgramData\Avira\Antivirus\LOGFILES\dual_band\atomic_structure.exe
             
  • und klicke auf Öffnen.
  • Klicke auf Scannen!.
  • Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen
    Zitat:
    Diese Datei wurde bereits von VirusTotal analysiert...
    klicke auf Neu analysieren.
  • Warte bis dir das Analysedatum angezeigt wird und der Scan abgeschlossen ist.
  • Kopiere den Link aus deiner Adresszeile und poste ihn hier.

Das gleich bitte mit folgender Datei auch machen:
Code:
ATTFilter
C:\ProgramData\NortonInstaller\Logs\01-18-2013-18h20m09s\signal_to_noise_ratio\chain_reaction.exe
         

Antwort

Themen zu Trojaner durch gefakte Amazon Mail "eingefangen"
adobe, adobe flash player, alert, antivirus, avg, bho, desktop, e-mail, ebay, explorer, firefox, flash player, google, hijackthis, hkus\s-1-5-18, internet, internet explorer, mozilla, opera, rundll, senden, software, stick, trojaner, trojaner durch gefakte amazon mail, windows, wlan




Ähnliche Themen: Trojaner durch gefakte Amazon Mail "eingefangen"


  1. Phishing Mail Amazon geöffnet und Link "gedrückt", dadurch schädliche Software eingefangen?
    Log-Analyse und Auswertung - 15.07.2015 (5)
  2. vor 1 Woche Trojaner mit "UPS-Mail" eingefangen, nun wieder Spam-Mails über meine Accounts...
    Log-Analyse und Auswertung - 23.03.2015 (11)
  3. Anhang von "Amazon" Mail heruntergeladen
    Plagegeister aller Art und deren Bekämpfung - 27.02.2015 (9)
  4. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  5. Amazon Spam von "info@amazon.de"
    Plagegeister aller Art und deren Bekämpfung - 01.07.2014 (14)
  6. Beim Treiber Update "wiederspenstige" Software eingefangen. "SpeedUpMyComputer"
    Plagegeister aller Art und deren Bekämpfung - 27.05.2014 (3)
  7. Spammail: Mahnung von Amazon; "ownz.su"; "775499404.Rechnung.11.08.13.PDF(1).exe"
    Log-Analyse und Auswertung - 12.11.2013 (22)
  8. SPAM-Vorwurf durch Internet-Anbieter / "Malwarebytes Anti-Malware"-Abstürze / Nachfrage zu "Secunia PSI"
    Log-Analyse und Auswertung - 30.08.2013 (17)
  9. Amazon startet Single Sign-On "Login with Amazon"
    Nachrichten - 30.05.2013 (0)
  10. Zip-Datei im E-Mail-Anhang von "Bestellung bei Amazon Buyvip" geöffnet
    Log-Analyse und Auswertung - 05.04.2013 (9)
  11. Trojaner TR/Injection.aqu laut Antivir‏ eingefangen durch zip Datei einer angeblichen Mahnung von Amazon
    Plagegeister aller Art und deren Bekämpfung - 19.03.2013 (24)
  12. "Falsche" E-Mail von Freund mit Link ins Netz -> Virus oder nur "Werbung"?
    Log-Analyse und Auswertung - 30.07.2012 (1)
  13. "Zeus"-Trojaner durch Web.de Nachricht "entdeckt
    Plagegeister aller Art und deren Bekämpfung - 01.07.2012 (15)
  14. GEMA Trojaner aus Link in E-Mail erworben;Bildschirm zeigt "PC ist gesperrt" an "lt.Gema"
    Plagegeister aller Art und deren Bekämpfung - 27.02.2012 (7)
  15. hohe load durch prozess "system" und "explorer.exe" verbindet alleine nach russland
    Plagegeister aller Art und deren Bekämpfung - 08.12.2010 (10)
  16. Trojaner "Backdoor.Bifrose" ,Fund durch "Spyware Doctor"
    Plagegeister aller Art und deren Bekämpfung - 27.01.2010 (9)
  17. Trojaner eingefangen "rarype32" durch DHL-Mail-Anhang - was nun?
    Log-Analyse und Auswertung - 28.12.2009 (3)

Zum Thema Trojaner durch gefakte Amazon Mail "eingefangen" - Betriebssystem Windows Vista. Nach öffnen von gefakter E-Mail (Amazon) Trojaner eingefangen. Banken haben deshalb online Zugänge gesperrt. Avira Antivirensoftware installiert. Alles was durch Avira gefunden und in Quarantäne geschoben wurde - Trojaner durch gefakte Amazon Mail "eingefangen"...
Archiv
Du betrachtest: Trojaner durch gefakte Amazon Mail "eingefangen" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.