| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Notebook soll Junkmails verschickenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.09.2015, 19:15
| #1 |
| |  Windows 7: Notebook soll Junkmails verschicken hallo, habe heute einen anruf von windowsoft.net erhalten mit dem hinweis, dass mein notebook als junkmailversender identifiziert wurde. nach 30 minuten indischem englisch habe ich das gespräch abgebrochen.  fakt ist aber, dass ich probleme beim starten meines notebook habe, da es die ersten 15-20 minuten praktisch durch andere prozesse komplett blockiert ist. erst danach ist es nutzbar. scanner nach viren, rootkits und malware blieben bislang ohne ergebnis. darum bin ich jetzt hier. frage: ist mein notebook ein junkmailsender bzw. verseucht oder nicht?  vielen dank im voraus!  gruß h-r Code:
ATTFilter 1: defogger
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:22 on 01/09/2015 (hanns-robert)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter 2: first
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2015
durchgeführt von hanns-robert (Administrator) auf hanns-robert-PC (01-09-2015 19:25:42)
Gestartet von C:\Users\hanns-robert\Downloads\trojaner-board
Geladene Profile: hanns-robert & admin (Verfügbare Profile: hanns-robert & admin)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Absolute Software Corp.) C:\Windows\System32\rpcnet.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files\Everything\Everything.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
() C:\Program Files\Mozilla Firefox\updated\firefox.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1048576 2014-08-06] ()
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139776 2014-01-27] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4513792 2013-12-19] (Brother Industries, Ltd.)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [2720144 2015-08-09] (Dominik Reichl)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157968 2015-08-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6453528 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6815512 2015-07-30] (SUPERAntiSpyware)
IFEO\excel.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\gaaihodoc.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\gpdfdirect.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\icloud.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\iclouddrive.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\icloudweb.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\isuspm.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\offdiag.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\ois.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\onenotem.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\pdfrouter.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\shellstreamsshortcut.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1
Tcpip\..\Interfaces\{0119FB2D-7C7E-4258-954F-5A33F8A32915}: [DhcpNameServer] 192.168.123.81 192.168.123.124
Tcpip\..\Interfaces\{677857D5-A830-483C-866D-A51015D17ED7}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{83DC2806-26AE-4D68-B2D8-8A10872F72A9}: [DhcpNameServer] 192.168.192.1
Internet Explorer:
==================
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: [S-1-5-21-1148431976-1086807397-2611512696-1003_classes] ACHTUNG => Standard URLSearchHook fehlt
SearchScopes: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000 -> {17521AD6-C195-4576-B69C-9A60834CDE99} URL = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
SearchScopes: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000 -> {219D42F1-35A3-4625-8532-82EF0313D5C8} URL = hxxp://ecosia.org/search?q={searchTerms}&addon=opsensearch-ie
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll [2012-07-19] (Zeon Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-01] (Oracle Corporation)
BHO: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-01] (Oracle Corporation)
Toolbar: HKLM - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)
FireFox:
========
FF ProfilePath: C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default
FF DefaultSearchEngine: Ecosia
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.gmx.net
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-01] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: ZEON/PDF,version=2.0 -> C:\Program Files\Nuance\PDF Professional 8\bin\nppdf.dll [2012-07-31] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-1148431976-1086807397-2611512696-1000: www.mydlink.com/Uplayer -> C:\Users\hanns-robert\AppData\Roaming\dlink\Uplayer\1.0.0.33\npUplayer.dll [2015-07-09] (D-LINK CORPORATION)
FF user.js: detected! => C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\user.js [2012-05-17]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npatgpc.dll [2015-06-16] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\hanns-robert\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-06-16] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\searchplugins\duckduckgo.xml [2014-01-18]
FF SearchPlugin: C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\searchplugins\ecosia.xml [2015-06-10]
FF Extension: German Dictionary - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-10]
FF Extension: United States English Spellchecker - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\en-US@dictionaries.addons.mozilla.org [2014-04-11]
FF Extension: FireFTP - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-05-31]
FF Extension: Add Bookmark Here ² - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\abhere2@moztw.org.xpi [2014-04-11]
FF Extension: Copy Plain Text 2 - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\copyplaintext@teo.pl.xpi [2014-04-11]
FF Extension: Facebook Disconnect - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\facebook@disconnect.me.xpi [2014-12-15]
FF Extension: Mailvelope - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\jid1-AQqSMBYb0a8ADg@jetpack.xpi [2015-04-22]
FF Extension: DuckDuckGo Plus - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-04-11]
FF Extension: Print/Print Preview - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}.xpi [2014-04-11]
FF Extension: Image Zoom - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2014-04-11]
FF Extension: Ecosia — The search engine that plants trees! - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-04-11]
FF Extension: Adblock Plus - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-11]
FF Extension: Tab Mix Plus - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-10-16]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-01]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-02-19] (Adobe Systems) [Datei ist nicht signiert]
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [Datei ist nicht signiert]
S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1045840 2015-07-21] (Flexera Software LLC.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S4 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [Datei ist nicht signiert]
S4 PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-10-23] (Nuance Communications, Inc.)
R2 rpcnet; C:\Windows\system32\rpcnet.exe [78032 2015-04-16] (Absolute Software Corp.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2015-06-25] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 HTCAND32; C:\Windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-26] (HTC, Corporation) [Datei ist nicht signiert]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 MpKsl1ab0d0d1; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{488E16AD-3C74-43FA-AF65-FF09C78A0ECB}\MpKsl1ab0d0d1.sys [39168 2015-09-01] (Microsoft Corporation)
S3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [86408 2012-08-27] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [178568 2012-08-27] (Renesas Electronics Corporation)
R0 PxHelp20; C:\Windows\System32\drivers\PxHelp20.sys [46096 2013-07-19] (Corel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [30632 2015-06-04] (TuneUp Software)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2014-07-28] (Apple, Inc.) [Datei ist nicht signiert]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-01 19:25 - 2015-09-01 19:25 - 00000000 ____D C:\FRST
2015-09-01 19:22 - 2015-09-01 19:22 - 00000000 _____ C:\Users\hanns-robert\defogger_reenable
2015-09-01 19:18 - 2015-09-01 19:18 - 00000000 ____D C:\Program Files\Common Files\Java
2015-09-01 19:17 - 2015-09-01 19:17 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\Sun
2015-09-01 19:17 - 2015-09-01 19:17 - 00000000 ____D C:\Users\hanns-robert\.oracle_jre_usage
2015-09-01 19:13 - 2015-09-01 19:25 - 00000000 ____D C:\Users\hanns-robert\Downloads\trojaner-board
2015-09-01 19:12 - 2015-09-01 19:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-01 16:45 - 2015-09-01 19:04 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ad4fad89-b24a-4565-8750-977379f468a4.job
2015-09-01 16:44 - 2015-09-01 19:04 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 4f3e50bf-a388-4efe-8e8a-ae4393e94785.job
2015-09-01 16:44 - 2015-09-01 16:44 - 00001965 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2015-09-01 16:44 - 2015-09-01 16:44 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\SUPERAntiSpyware.com
2015-09-01 16:44 - 2015-09-01 16:44 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-09-01 16:44 - 2015-09-01 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-09-01 16:44 - 2015-09-01 16:44 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-09-01 16:40 - 2015-09-01 16:41 - 23273424 _____ (SUPERAntiSpyware) C:\Users\hanns-robert\Downloads\SUPERAntiSpywarePro.exe
2015-09-01 16:20 - 2015-09-01 16:20 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\TeamViewer
2015-08-26 21:45 - 2015-08-26 21:45 - 00001376 _____ C:\Windows\PFRO.log
2015-08-25 19:07 - 2015-08-25 19:07 - 00001815 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-08-25 19:07 - 2015-08-25 19:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-08-25 19:06 - 2015-08-25 19:07 - 00000000 ____D C:\Program Files\QuickTime
2015-08-24 11:54 - 2015-08-11 02:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-24 11:54 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-22 18:12 - 2015-09-01 19:04 - 00001187 _____ C:\Windows\setupact.log
2015-08-22 18:12 - 2015-08-22 18:12 - 00000000 _____ C:\Windows\setuperr.log
2015-08-18 11:39 - 2015-08-18 11:39 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-18 11:39 - 2015-08-18 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-18 11:38 - 2015-08-18 11:39 - 00000000 ____D C:\Program Files\iTunes
2015-08-18 11:38 - 2015-08-18 11:38 - 00000000 ____D C:\Program Files\iPod
2015-08-14 20:07 - 2015-08-14 20:07 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-08-14 20:07 - 2015-08-14 20:07 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-08-13 21:15 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-13 21:15 - 2015-07-30 18:52 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-13 21:15 - 2015-07-30 18:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-13 21:15 - 2015-07-21 02:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-13 21:15 - 2015-07-16 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-13 21:15 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-13 21:15 - 2015-07-16 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-13 21:15 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-13 21:15 - 2015-07-16 21:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-13 21:15 - 2015-07-16 21:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-13 21:15 - 2015-07-16 21:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-13 21:15 - 2015-07-16 21:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-13 21:15 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-13 21:15 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-13 21:15 - 2015-07-16 21:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-13 21:15 - 2015-07-16 21:39 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-13 21:15 - 2015-07-16 21:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-13 21:15 - 2015-07-16 21:32 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-13 21:15 - 2015-07-16 21:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-13 21:15 - 2015-07-16 21:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-13 21:15 - 2015-07-16 21:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-13 21:15 - 2015-07-16 21:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-13 21:15 - 2015-07-16 21:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-13 21:15 - 2015-07-16 21:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-13 21:15 - 2015-07-16 21:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-13 21:15 - 2015-07-16 21:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-13 21:15 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-13 21:15 - 2015-07-16 21:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-13 21:15 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-13 21:15 - 2015-07-16 21:06 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-13 21:15 - 2015-07-16 21:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-13 21:15 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-13 21:15 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-13 21:15 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-13 21:15 - 2015-07-16 17:14 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-13 21:15 - 2015-07-15 19:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-13 21:15 - 2015-07-15 19:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-13 21:15 - 2015-07-15 19:59 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-13 21:15 - 2015-07-15 19:59 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-13 21:15 - 2015-07-15 19:59 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-13 21:15 - 2015-07-15 19:56 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-13 21:15 - 2015-07-15 19:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-13 21:15 - 2015-07-15 19:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-13 21:15 - 2015-07-15 19:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-13 21:15 - 2015-07-15 19:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-13 21:15 - 2015-07-15 19:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-13 21:15 - 2015-07-15 19:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-13 21:15 - 2015-07-15 19:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-13 21:15 - 2015-07-15 19:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-13 21:15 - 2015-07-15 18:36 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-13 21:15 - 2015-07-15 18:36 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-13 21:15 - 2015-07-15 18:36 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-13 21:14 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-13 21:14 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-13 21:11 - 2015-07-10 19:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-13 21:10 - 2015-07-15 04:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-13 21:09 - 2015-07-15 04:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-13 21:09 - 2015-07-15 04:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-13 21:09 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-13 21:09 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 16:28 - 2015-07-30 15:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 16:27 - 2015-07-28 22:04 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 16:27 - 2015-07-28 22:00 - 00952832 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 16:27 - 2015-07-28 21:54 - 00934400 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 02061312 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 16:27 - 2015-07-20 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 16:27 - 2015-07-20 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 16:27 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 16:27 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 16:27 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 16:27 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 16:16 - 2015-08-12 16:17 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\Nvu
2015-08-12 16:15 - 2015-08-12 16:16 - 00001477 _____ C:\Users\hanns-robert\Desktop\nvu.lnk
2015-08-11 15:28 - 2015-08-11 15:30 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\KompoZer
2015-08-11 15:25 - 2015-08-11 15:28 - 00000000 ____D C:\Program Files\KompoZer 0.7.10
2015-08-10 20:44 - 2015-08-10 20:44 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\dlink
2015-08-06 11:43 - 2015-08-06 11:43 - 00094208 _____ (Apple Inc.) C:\Windows\system32\QuickTimeVR.qtx
2015-08-06 11:43 - 2015-08-06 11:43 - 00069632 _____ (Apple Inc.) C:\Windows\system32\QuickTime.qts
2015-08-03 17:15 - 2015-08-03 17:16 - 00000000 ____D C:\Users\hanns-robert\Downloads\hotel
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-01 19:22 - 2014-04-10 21:37 - 00000000 ____D C:\Users\hanns-robert
2015-09-01 19:21 - 2014-04-10 22:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-01 19:20 - 2014-04-15 21:31 - 00000000 ____D C:\Program Files\Java
2015-09-01 19:19 - 2014-10-15 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-01 19:19 - 2014-08-20 20:12 - 01078570 _____ C:\Windows\WindowsUpdate.log
2015-09-01 19:16 - 2014-10-15 20:50 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-09-01 19:13 - 2009-07-14 06:34 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-01 19:13 - 2009-07-14 06:34 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-01 19:10 - 2014-05-06 21:11 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-01 19:05 - 2014-04-13 17:50 - 00078032 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2015-09-01 19:05 - 2014-04-13 17:45 - 00017408 _____ C:\Windows\system32\rpcnetp.exe
2015-09-01 19:04 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-01 17:32 - 2014-10-15 22:47 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\Everything
2015-09-01 16:08 - 2010-11-20 23:01 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-27 16:42 - 2014-11-04 22:38 - 00000000 ____D C:\Users\hanns-robert\usb
2015-08-26 23:18 - 2014-04-13 11:23 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\KeePass
2015-08-25 23:15 - 2014-04-16 00:55 - 00000000 ____D C:\ProgramData\TEMP
2015-08-25 20:58 - 2014-07-21 20:38 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\UseNeXT
2015-08-25 20:50 - 2015-03-08 10:33 - 00000000 ____D C:\Users\hanns-robert\Downloads\usenext
2015-08-25 19:28 - 2014-05-10 00:19 - 02420736 ___SH C:\Users\hanns-robert\Downloads\Thumbs.db
2015-08-22 18:16 - 2014-04-13 12:01 - 00381440 ___SH C:\Users\hanns-robert\Desktop\Thumbs.db
2015-08-18 11:38 - 2014-09-18 21:25 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-18 10:19 - 2014-04-10 22:43 - 00000000 ____D C:\Windows\system32\MRT
2015-08-18 10:10 - 2014-04-10 22:43 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-14 21:00 - 2014-04-11 08:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-14 21:00 - 2009-07-14 06:33 - 00429392 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-14 20:57 - 2011-04-12 03:29 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2015-08-14 20:57 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-08-14 20:53 - 2015-07-03 22:52 - 00014873 _____ C:\Users\hanns-robert\Downloads\Reiseplan ZA 2015.xlsx
2015-08-14 20:14 - 2014-04-11 08:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-14 20:13 - 2014-04-15 21:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-13 00:27 - 2014-05-10 22:04 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\XnView
2015-08-12 21:45 - 2014-04-15 21:28 - 00000000 ____D C:\Users\hanns-robert\bilder
2015-08-12 21:13 - 2014-04-26 22:41 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\Notepad++
2015-08-12 21:13 - 2014-04-26 22:41 - 00000000 ____D C:\Program Files\Notepad++
2015-08-12 20:47 - 2014-05-25 14:07 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\vlc
2015-08-12 20:33 - 2014-06-04 22:50 - 00000000 ____D C:\Users\hanns-robert\video
2015-08-12 17:10 - 2014-04-15 20:29 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-12 17:10 - 2014-04-15 20:29 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-12 17:05 - 2014-10-17 22:15 - 00000000 ___RD C:\Users\hanns-robert\iCloudDrive
2015-08-12 16:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-12 16:39 - 2015-04-15 11:47 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 16:39 - 2014-05-06 22:30 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 16:05 - 2015-04-15 21:43 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-08-11 16:21 - 2015-04-08 16:09 - 00000000 ____D C:\Windows\system32\data
2015-08-11 15:31 - 2015-05-25 22:13 - 00000000 ____D C:\Users\hanns-robert\Downloads\print
2015-08-11 15:13 - 2014-04-13 11:37 - 00000000 ____D C:\Users\hanns-robert\linus
2015-08-10 20:41 - 2014-04-13 10:49 - 00001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2015-08-10 20:41 - 2014-04-13 10:49 - 00000000 ____D C:\Program Files\KeePass Password Safe 2
2015-08-05 21:39 - 2014-05-10 19:50 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\TV-Browser
2015-08-05 11:50 - 2015-06-22 00:11 - 00000093 _____ C:\Users\hanns-robert\Desktop\links.txt
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-04-15 20:56 - 2014-04-15 20:56 - 0000030 _____ () C:\Program Files\Exiferupdate.ini
2015-05-03 11:55 - 2015-05-03 11:55 - 0007610 _____ () C:\Users\hanns-robert\AppData\Local\Resmon.ResmonCfg
2014-04-15 22:56 - 2014-04-15 22:56 - 0000026 ____H () C:\ProgramData\.811261211181235583101118113995
Einige Dateien in TEMP:
====================
C:\Users\hanns-robert\AppData\Local\Temp\cct.dll
C:\Users\hanns-robert\AppData\Local\Temp\JavaIC.dll
C:\Users\hanns-robert\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\hanns-robert\AppData\Local\Temp\msscct32.dll
C:\Users\hanns-robert\AppData\Local\Temp\YSearchUtil.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-07-23 21:06
==================== Ende vom FRST.txt ============================
Code:
ATTFilter 3: additions
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:31-08-2015
durchgeführt von hanns-robert (2015-09-01 19:27:08)
Gestartet von C:\Users\hanns-robert\Downloads\trojaner-board
Start-Modus: Normal
==========================================================
==================== Konten: =============================
admin (S-1-5-21-1148431976-1086807397-2611512696-1003 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-1148431976-1086807397-2611512696-500 - Administrator - Disabled)
Gast (S-1-5-21-1148431976-1086807397-2611512696-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1148431976-1086807397-2611512696-1002 - Limited - Enabled)
hanns-robert (S-1-5-21-1148431976-1086807397-2611512696-1000 - Administrator - Enabled) => C:\Users\hanns-robert
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.38 beta (HKLM\...\7-Zip) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Creative Suite 2 (HKLM\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version: - )
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
Anti-Twin (Installation 02.10.2014) (HKLM\...\Anti-Twin 2014-10-02 12.49.50) (Version: - Joerg Rosenthal, Germany)
Apple Application Support (32-Bit) (HKLM\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-L2700DW series (HKLM\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 0.0.20.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5666 - CDBurnerXP)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
CUEcards 2000 (HKLM\...\CUEcards 2000) (Version: - Marcus Humann Software-Technik)
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
Duden Home (HKLM\...\{288A423E-D6CA-47C3-B480-D1203EB08949}) (Version: 10.1.0 - Bibliographisches Institut GmbH)
Everything 1.3.4.686 (x86) (HKLM\...\Everything) (Version: - )
Final Draft (HKLM\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.3.120 - Final Draft, Inc.)
Final Draft (HKLM\...\{E8FDC52C-83F4-4A0F-AA65-D0E8C0F3302F}) (Version: 9.0.7.184 - Final Draft, Inc.)
Free YouTube Download version 3.2.46.923 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.46.923 - DVDVideoSoft Ltd.)
iCloud (HKLM\...\{9A07AB4F-6B53-43E9-B7FC-7892E8C26BE3}) (Version: 4.1.1.53 - Apple Inc.)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{025E78AC-BD91-4E9E-B165-3C09D4084BA4}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
KeePass Password Safe 2.30 (HKLM\...\KeePassPasswordSafe2_is1) (Version: 2.30 - Dominik Reichl)
LibreOffice 4.4 Help Pack (German) (HKLM\...\{CCC30EC0-253C-4CF3-9A5D-5DE2601CD760}) (Version: 4.4.3.2 - The Document Foundation)
LibreOffice 4.4.3.2 (HKLM\...\{A651A592-2F6C-4D66-AEA8-9BFE4B61BCB3}) (Version: 4.4.3.2 - The Document Foundation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 40.0.3 (x86 de) (HKLM\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Mp3tag v2.70 (HKLM\...\Mp3tag) (Version: v2.70 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.8.1 - Notepad++ Team)
Nuance PDF Converter Professional 8 (HKLM\...\{35D85791-82E5-443B-B051-8FD85D9D5155}) (Version: 8.10.3267 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 Update x86 (HKLM\...\{7E6CA782-AA41-4E4C-A948-232B7FD82696}) (Version: 8.11.0000 - Nuance Communications, Inc.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
QuickTime 7 (HKLM\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RarZilla Free Unrar (HKLM\...\RarZilla Free Unrar) (Version: 6.50 - Philipp Winterberg)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden
RICOH R5U8xx Media Driver ver.3.64.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
Scansoft PDF Professional (Version: - ) Hidden
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Suite Specific (Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
TimeComX Basic (32-Bit) (HKLM\...\TimeComX Basic 32-Bit) (Version: 1.3.2.7 - Bitdreamers)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.353 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.353 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.353 - TuneUp Software) Hidden
TV-Browser 3.3.3 (HKLM\...\tvbrowser) (Version: 3.3.3 - TV-Browser Team)
Twep4Word (HKLM\...\{4A053D91-95D8-42E2-9DC6-6BAA250EFEF6}) (Version: 2.0.0 - Pintexx GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Uplayer (HKLM\...\{89827CE5-AA89-4242-8294-CF1238D5B537}) (Version: 1.0.0.33 - D-LINK CORPORATION)
UseNeXT by Tangysoft (HKLM\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
XnView 2.25 (HKLM\...\XnView_is1) (Version: 2.25 - Gougelet Pierre-e)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{05E7B7BB-C07B-359E-BBE4-75840AC0DC75}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{1C5F6CE5-A4D6-36EF-8943-FFF2DC1DC63C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{1E5A9280-8948-30E9-A3B4-46FE260A2460}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{202B524F-841E-5A9D-8D3F-1010FA1A469E}\InprocServer32 -> C:\Users\hanns-robert\AppData\Roaming\dlink\Uplayer\1.0.0.33\npUplayer.dll (D-LINK CORPORATION)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{35CC930B-6AE9-3190-BF11-D5568CFB31B7}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{397F7E23-D5C5-3471-A7A0-5A327913178F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{4001ED3C-6915-3607-9E11-E9C256C31518}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{4E64FE28-607C-34D5-A724-5AA3F7B78CBE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{51D240C2-930F-3CDF-978F-D8FDBAE6BD4B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{532DF24E-1732-32A2-8FD5-BB628B37C592}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{58BE98A0-BD2F-3569-A762-B8DB59D816D6}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{5AC266CE-2096-3C3D-AE0E-9C225E92C91F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{5FE32F50-9508-3CF5-9E7D-F40990EF6677}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{78910A5C-31FD-3A43-A4C2-E0AF103F8E5B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{7DA6AAC3-DE8B-371C-85CD-9DA44DA48936}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{81844449-F2E9-3741-B170-81FBA7D062F4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{8342197C-FC40-3036-9C2B-3367ED383160}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{8DC91D79-68FD-3C50-BDED-74A0832E6953}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{A27B667C-DB21-3643-A491-20265D781784}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{AA7A8973-9BC9-335D-B2B9-1B9C245EA1EA}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{AFD6BFDC-F329-41BB-9C53-764B965DD483}\InprocServer32 -> C:\Program Files\Duden\Duden Korrektor\adxloader.dll ()
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{B0B7FB30-21B7-30A1-81F5-27B95C842ABB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{B2280F25-0EFD-3884-AE38-F7D356055E54}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{BE24893C-CB61-3529-9ED7-03AC59F9C1B0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{BF30E74C-47D7-32F1-95C0-C9E71AB494EB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{C027615C-6DDA-3D90-84A7-179190AF48F4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{C1DFFCCC-6218-3219-A120-AD500A0F3A8D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{C9223138-E681-3DD6-A571-57B02AE398E6}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{CF41E812-1AE1-332D-9FD2-1E7D0ABCE125}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{CF73B1DC-C662-3F5B-BD96-1A162AABAC23}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{D604058F-0290-327D-BA2C-732FFAC723DA}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{D8B0B600-3293-33B8-9C70-2C68EB83154A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{F2EBCBE9-FF20-4373-A2A7-526CD06E345F}\InprocServer32 -> C:\Users\hanns-robert\AppData\Roaming\Pintexx GmbH\Twep4Word\adxloader.dll ()
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{FB6B7F0B-A4A7-3343-83DF-6A692FFBA0BB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
==================== Wiederherstellungspunkte =========================
10-08-2015 20:33:58 Windows Update
12-08-2015 16:28:02 Windows Update
14-08-2015 19:58:24 Windows Update
18-08-2015 10:07:25 Windows Update
22-08-2015 18:19:04 Windows Update
24-08-2015 11:54:00 Windows Update
27-08-2015 16:44:52 Windows Update
01-09-2015 16:08:07 Windows Update
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0761B118-79A1-4E76-91BE-3302D3CAF0CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {19F7EA9E-EAF3-4149-826A-920CA16E34B1} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2015-06-25] (TuneUp Software)
Task: {3D01BD9C-980C-4C83-A5C6-80713863A444} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-08-04] (Oracle Corporation)
Task: {80C06151-618B-41E8-9C17-97187C1FD2F3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {A117B4CF-7A58-4505-8288-87176FAC2669} - System32\Tasks\SUPERAntiSpyware Scheduled Task 4f3e50bf-a388-4efe-8e8a-ae4393e94785 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {BE0B4DB3-0094-44E0-A89B-5A41CFD14F6B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C83AFC1B-8DE0-4D7F-8F80-1FFC26CD2EF5} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {EDBDD5DD-7B92-4456-A5E8-86B8F9C1D6CC} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {FA1DDE7C-0804-4A96-B138-7CAC97E64852} - System32\Tasks\SUPERAntiSpyware Scheduled Task ad4fad89-b24a-4565-8750-977379f468a4 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 4f3e50bf-a388-4efe-8e8a-ae4393e94785.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ad4fad89-b24a-4565-8750-977379f468a4.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-25 07:53 - 2015-06-25 07:53 - 00586040 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2014-10-15 22:47 - 2014-08-06 03:01 - 01048576 _____ () C:\Program Files\Everything\Everything.exe
2015-07-17 19:34 - 2015-07-17 19:34 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\TEMP:AEC0AC81
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\hanns-robert\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1148431976-1086807397-2611512696-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.192.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupfolder: C:^Users^hanns-robert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: iCloudDrive => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDF8 Registry Controller => "C:\Program Files\Nuance\PDF Professional 8\RegistryController.exe"
MSCONFIG\startupreg: PDFProHook => "C:\Program Files\Nuance\PDF Professional 8\pdfpro8hook.exe"
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{569F55E5-E4F1-4890-B6D2-54E0182D4511}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{D04A8605-B5D7-41C1-8988-CA7AC65AFB30}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{4B5468E8-65B2-4C9B-97FA-B4AA3D0FB974}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{41F6B5F8-BEA1-4557-9DB2-E31FF7E04315}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\PDFRouter.exe
FirewallRules: [{3A8C2DF6-E86E-4503-8DB2-1A9200C84C2D}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\PDFRouter.exe
FirewallRules: [{9A6A1099-41DE-44BB-AF59-976C6D17580F}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\PdfPro8Hook.exe
FirewallRules: [{7882A56C-ED67-46E9-A039-CB5AB4939E52}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\PdfPro8Hook.exe
FirewallRules: [{26564071-D266-4553-BE97-88C2D966BA03}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\bin\GPDFDirect.exe
FirewallRules: [{1C6B0B8F-D34F-4D4B-AEA9-30E0B89A0F44}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\bin\GPDFDirect.exe
FirewallRules: [{3BDE1EFA-DE06-4EC3-88F4-2214C4BC4777}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\bin\GaaihoDoc.exe
FirewallRules: [{CD617E50-791F-48C6-87DE-FF12D90680B8}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\bin\GaaihoDoc.exe
FirewallRules: [{ADA8436A-2330-44A1-A8E6-788CB6D984D0}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\Ereg\Ereg.exe
FirewallRules: [{033BE22F-A422-4061-A2CF-E6EE742E52D2}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\Ereg\Ereg.exe
FirewallRules: [{EF014C62-6D09-4EEA-96AF-A9247E9E9B11}] => (Allow) C:\Program Files\TV-Browser\tvbrowser.exe
FirewallRules: [{75F1F5F1-1369-4A08-9DE3-3998C2FBFF37}] => (Allow) C:\Program Files\TV-Browser\tvbrowser.exe
FirewallRules: [{0A39FC57-F100-4E10-81BF-B20F87E34DD3}] => (Allow) C:\Program Files\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{CD523873-ED27-454D-A7C2-3873F06F4447}] => (Allow) C:\Program Files\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{803F0232-96E2-4DF1-A53D-5692B58BCFA2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DD5A7DEF-8953-45A8-9A6C-ABBD90493E8E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C23AD7B8-731C-4559-93A5-40CC87FA681F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0E619DA5-42F0-4408-ADDA-2F14C7BE603F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E5E3FF1A-3E5B-4B15-8047-F0161348BFB4}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{0486A61B-02CA-45CE-AEE1-6EF63A1E0F26}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{71C1EF93-BB5E-4F9B-9EC9-9492B2A0C0D4}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{1D90E857-42CC-4D31-9311-72B8E89E50F1}] => (Allow) D:\Advanced\autorun.exe
FirewallRules: [{1608D51A-CFD0-4754-9968-4041BEB77EBE}] => (Allow) D:\Advanced\autorun.exe
FirewallRules: [{647677E9-56C2-4E06-A8F5-FA084693CCAD}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/01/2015 07:06:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/01/2015 04:03:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/27/2015 04:23:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/26/2015 09:47:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/25/2015 05:38:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/24/2015 11:47:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/22/2015 06:14:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/22/2015 06:14:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: PDFCore8.dll, Version: 8.0.0.70, Zeitstempel: 0x512d656e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000a366c
ID des fehlerhaften Prozesses: 0x6c
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (08/18/2015 10:01:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/14/2015 09:01:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Systemfehler:
=============
Error: (09/01/2015 07:21:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
Error: (09/01/2015 04:22:41 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
Error: (09/01/2015 04:13:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
Error: (08/27/2015 04:27:10 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (08/26/2015 10:08:58 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
Error: (08/26/2015 09:50:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (08/25/2015 05:48:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
Error: (08/24/2015 12:08:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
Error: (08/24/2015 11:51:55 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (08/22/2015 06:23:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
Microsoft Office:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T5850 @ 2.16GHz
Prozentuale Nutzung des RAM: 60%
Installierter physikalischer RAM: 2046.43 MB
Verfügbarer physikalischer RAM: 810.52 MB
Summe virtueller Speicher: 4092.86 MB
Verfügbarer virtueller Speicher: 2826.71 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:232.88 GB) (Free:105.59 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 945F2211)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
==================== Ende vom Addition.txt ============================
Code:
ATTFilter 4: gmer
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-09-01 19:50:12
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 HITACHI_HTS542525K9SA00 rev.BBFZC3HP 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\hanns-robert\AppData\Local\Temp\kwdiipow.sys
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwReplaceKey + 1525 82C6EB15 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C8EEB2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x90803340, 0x3EE217, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\CCleaner\CCleaner.exe[3468] USER32.dll!SetScrollRange 77608EC5 5 Bytes JMP 0019A104 C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\CCleaner\CCleaner.exe[3468] USER32.dll!GetScrollInfo 77612DA3 5 Bytes JMP 0019A097 C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\CCleaner\CCleaner.exe[3468] USER32.dll!SetScrollInfo 776148DA 5 Bytes JMP 0019A13B C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\CCleaner\CCleaner.exe[3468] USER32.dll!GetScrollRange 7763045A 5 Bytes JMP 0019A03A C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\CCleaner\CCleaner.exe[3468] USER32.dll!SetScrollPos 776304BE 5 Bytes JMP 0019A015 C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\CCleaner\CCleaner.exe[3468] USER32.dll!GetScrollPos 77630E43 5 Bytes JMP 0019A072 C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\CCleaner\CCleaner.exe[3468] USER32.dll!EnableScrollBar 776319CE 5 Bytes JMP 0019A16F C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\CCleaner\CCleaner.exe[3468] USER32.dll!ShowScrollBar 77633C89 5 Bytes JMP 0019A0CA C:\Program Files\CCleaner\CCleaner.exe
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe1e4623d
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe1e4623d (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0x4C 0xFE 0xDB 0xB3 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\UseNeXT\UseNeXT.exe 0xC4 0x5B 0xAE 0xC6 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Microsoft Office\Office12\WINWORD.EXE 0x16 0xAE 0x8F 0x2F ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Duden\Duden Korrektor\WebUpdate.exe 0x80 0x73 0x55 0x3B ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Duden\Duden Korrektor\Register.exe 0x81 0xA8 0x61 0x3B ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Microsoft Office\Office12\EXCEL.EXE 0xA3 0xA5 0x70 0xA8 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\sdiagnhost.exe 0x8F 0xE1 0xF0 0x12 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe 0x54 0x3D 0x5F 0x16 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\PROGRA~1\MICROS~3\Office12\EXCEL.EXE 0x37 0x8D 0x63 0x1D ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe 0x50 0x90 0x8C 0x09 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 0xCC 0xB4 0x6A 0xF9 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\mmc.exe 0xE8 0x9A 0x10 0x07 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0x2B 0x59 0xBE 0xB2 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\KeePass Password Safe 2\KeePass.exe 0x73 0x4E 0x0D 0x6B ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\rundll32.exe 0x53 0xD7 0xFB 0x02 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Nuance\PDF Professional 8\bin\GaaihoDoc.exe 0xCA 0xA7 0xE1 0x9A ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Internet Explorer\iexplore.exe 0x13 0xC5 0xEB 0x7B ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\GWX\GWXConfigManager.exe 0xFC 0xCE 0x05 0xB5 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\CDBurnerXP\cdbxpp.exe 0xE7 0xC3 0x04 0xF9 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe 0x3E 0xC7 0xA6 0x01 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\msiexec.exe 0x49 0xDC 0xDC 0x9E ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe 0xAC 0xEE 0x0F 0x67 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Nuance\PDF Professional 8\PdfPro8Hook.exe 0x0E 0xEF 0x80 0x88 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Nuance\PDF Professional 8\bin\GPDFDirect.exe 0xC1 0xF3 0xBD 0xAB ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Final Draft 9\FDUpdateProgress.exe 0x0C 0x72 0xC9 0xAC ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\$Windows.~BT\Sources\SetupHost.exe 0xA9 0x53 0xA6 0x9B ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\CompatTelRunner.exe 0xA1 0x04 0xE0 0x1F ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@C3A57EE5 511
---- EOF - GMER 2.1 ----
|
|
01.09.2015, 20:00
| #2 |
| /// the machine /// TB-Ausbilder    |  Windows 7: Notebook soll Junkmails verschicken hi,
__________________ich hoffe du hast den Anrufer nicht auf den Rechner gelassen. Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
01.09.2015, 23:48
| #3 |
| | Windows 7: Notebook soll Junkmails verschicken mbar ohne fund
__________________Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.2.1008
www.malwarebytes.org
Database version:
main: v2015.09.01.05
rootkit: v2015.08.16.01
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17959
hanns-robert :: hanns-robert-PC [administrator]
01.09.2015 22:03:15
mbar-log-2015-09-01 (22-03-15).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 385726
Time elapsed: 1 hour(s), 14 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 00:31:54.0349 0x0dfc TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
00:32:04.0255 0x0dfc ============================================================
00:32:04.0255 0x0dfc Current date / time: 2015/09/02 00:32:04.0255
00:32:04.0255 0x0dfc SystemInfo:
00:32:04.0255 0x0dfc
00:32:04.0255 0x0dfc OS Version: 6.1.7601 ServicePack: 1.0
00:32:04.0255 0x0dfc Product type: Workstation
00:32:04.0255 0x0dfc ComputerName: hanns-robert-PC
00:32:04.0255 0x0dfc UserName: hanns-robert
00:32:04.0255 0x0dfc Windows directory: C:\Windows
00:32:04.0255 0x0dfc System windows directory: C:\Windows
00:32:04.0255 0x0dfc Processor architecture: Intel x86
00:32:04.0255 0x0dfc Number of processors: 2
00:32:04.0255 0x0dfc Page size: 0x1000
00:32:04.0255 0x0dfc Boot type: Normal boot
00:32:04.0255 0x0dfc ============================================================
00:32:08.0218 0x0dfc KLMD registered as C:\Windows\system32\drivers\88498384.sys
00:32:09.0544 0x0dfc System UUID: {EFBD3F7F-924C-2B15-28AC-CFEC0AAB0116}
00:32:10.0558 0x0dfc Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:32:10.0558 0x0dfc ============================================================
00:32:10.0558 0x0dfc \Device\Harddisk0\DR0:
00:32:10.0573 0x0dfc MBR partitions:
00:32:10.0573 0x0dfc \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C5000
00:32:10.0573 0x0dfc ============================================================
00:32:10.0604 0x0dfc C: <-> \Device\Harddisk0\DR0\Partition1
00:32:10.0604 0x0dfc ============================================================
00:32:10.0604 0x0dfc Initialize success
00:32:10.0604 0x0dfc ============================================================
00:32:16.0642 0x08b8 ============================================================
00:32:16.0642 0x08b8 Scan started
00:32:16.0642 0x08b8 Mode: Manual; SigCheck; TDLFS;
00:32:16.0642 0x08b8 ============================================================
00:32:16.0642 0x08b8 KSN ping started
00:32:17.0734 0x08b8 KSN ping finished: true
00:32:19.0294 0x08b8 ================ Scan system memory ========================
00:32:19.0294 0x08b8 System memory - ok
00:32:19.0294 0x08b8 ================ Scan services =============================
00:32:19.0559 0x08b8 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
00:32:19.0652 0x08b8 1394ohci - ok
00:32:19.0746 0x08b8 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:32:19.0762 0x08b8 ACPI - ok
00:32:19.0808 0x08b8 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
00:32:19.0886 0x08b8 AcpiPmi - ok
00:32:20.0074 0x08b8 [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
00:32:20.0089 0x08b8 Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
00:32:21.0228 0x08b8 Detect skipped due to KSN trusted
00:32:21.0228 0x08b8 Adobe LM Service - ok
00:32:21.0337 0x08b8 [ 368290D0A612D62DA6F3D798B1BB8FE7, D573BF8543F37BC51B88A2473EDFD28AFBCCC446E8CADD54A90FA48D8739D222 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:32:21.0368 0x08b8 AdobeFlashPlayerUpdateSvc - ok
00:32:21.0415 0x08b8 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
00:32:21.0446 0x08b8 adp94xx - ok
00:32:21.0478 0x08b8 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\drivers\adpahci.sys
00:32:21.0509 0x08b8 adpahci - ok
00:32:21.0524 0x08b8 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\drivers\adpu320.sys
00:32:21.0540 0x08b8 adpu320 - ok
00:32:21.0571 0x08b8 [ 12E6A172D72AFC626727B8635DD17E39, 33B3D109C39DF6EA86AFC3C89A93657906E981D3D22FF854401BC7326990CC08 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:32:21.0618 0x08b8 AeLookupSvc - ok
00:32:21.0696 0x08b8 [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\Windows\system32\drivers\afd.sys
00:32:21.0743 0x08b8 AFD - ok
00:32:21.0868 0x08b8 [ 7E10E3BB9B258AD8A9300F91214D67B9, CE5FAD7BF78234B64EAADF64DB23F3C342AADB9C5E3B0168E57863F494F30318 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
00:32:21.0930 0x08b8 AgereSoftModem - ok
00:32:21.0977 0x08b8 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
00:32:22.0008 0x08b8 agp440 - ok
00:32:22.0024 0x08b8 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\drivers\djsvs.sys
00:32:22.0039 0x08b8 aic78xx - ok
00:32:22.0102 0x08b8 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
00:32:22.0148 0x08b8 ALG - ok
00:32:22.0180 0x08b8 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
00:32:22.0195 0x08b8 aliide - ok
00:32:22.0242 0x08b8 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
00:32:22.0242 0x08b8 amdagp - ok
00:32:22.0258 0x08b8 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
00:32:22.0273 0x08b8 amdide - ok
00:32:22.0304 0x08b8 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
00:32:22.0320 0x08b8 AmdK8 - ok
00:32:22.0336 0x08b8 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
00:32:22.0351 0x08b8 AmdPPM - ok
00:32:22.0414 0x08b8 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:32:22.0429 0x08b8 amdsata - ok
00:32:22.0460 0x08b8 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
00:32:22.0476 0x08b8 amdsbs - ok
00:32:22.0523 0x08b8 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:32:22.0554 0x08b8 amdxata - ok
00:32:22.0601 0x08b8 [ 81F97D8F8B3FB94A451CC6F7CF8B2965, 8DEBA4E47E1016D69740C0BB7CDD23852D86E0D42C1C1EA5A847ECB115C38CB1 ] AppID C:\Windows\system32\drivers\appid.sys
00:32:22.0648 0x08b8 AppID - ok
00:32:22.0663 0x08b8 [ F5090F8FA6757C58E17BAEAA86093636, 5E14CF3032DF5801240F45C59AA93962EA41AA5648A0C6458D16D9B9D95A131F ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:32:22.0679 0x08b8 AppIDSvc - ok
00:32:22.0710 0x08b8 [ 530195DA0D84D9855020F2B80D6B267F, AB36F05991530437C7B3F25441B13BC085000F07579964A4CCA0BF029DD6DE7E ] Appinfo C:\Windows\System32\appinfo.dll
00:32:22.0757 0x08b8 Appinfo - ok
00:32:22.0913 0x08b8 [ 2F2BD5EFFA8E91295F4DB493D85534B5, FF6758DC06751028960C9A165767EDAD78B2868599D1A01CAC8108E1699A92DE ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:32:22.0928 0x08b8 Apple Mobile Device - ok
00:32:22.0975 0x08b8 [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt C:\Windows\System32\appmgmts.dll
00:32:23.0038 0x08b8 AppMgmt - ok
00:32:23.0084 0x08b8 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\drivers\arc.sys
00:32:23.0116 0x08b8 arc - ok
00:32:23.0131 0x08b8 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\drivers\arcsas.sys
00:32:23.0147 0x08b8 arcsas - ok
00:32:23.0318 0x08b8 [ 537B2948976F5D9B5767B74A63EBB395, 1A14F8B582E74AD15B612EDA5B707AA3CB0B2A107ED14572B4232EAA7383B634 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
00:32:23.0334 0x08b8 aspnet_state - ok
00:32:23.0396 0x08b8 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:32:23.0474 0x08b8 AsyncMac - ok
00:32:23.0521 0x08b8 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
00:32:23.0537 0x08b8 atapi - ok
00:32:23.0615 0x08b8 [ 6F718D6616E50FBCA64249755B7A1D2F, 0D243E50D9BEB23A1F894AAC4F97FB44E81C4377362AAB0394D066CAFA353742 ] ATSwpWDF C:\Windows\system32\DRIVERS\ATSwpWDF.sys
00:32:23.0662 0x08b8 ATSwpWDF - ok
00:32:23.0740 0x08b8 [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:32:23.0786 0x08b8 AudioEndpointBuilder - ok
00:32:23.0802 0x08b8 [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv C:\Windows\System32\Audiosrv.dll
00:32:23.0833 0x08b8 Audiosrv - ok
00:32:23.0864 0x08b8 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:32:23.0911 0x08b8 AxInstSV - ok
00:32:23.0989 0x08b8 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
00:32:24.0036 0x08b8 b06bdrv - ok
00:32:24.0098 0x08b8 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
00:32:24.0145 0x08b8 b57nd60x - ok
00:32:24.0208 0x08b8 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
00:32:24.0239 0x08b8 BDESVC - ok
00:32:24.0270 0x08b8 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
00:32:24.0317 0x08b8 Beep - ok
00:32:24.0379 0x08b8 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
00:32:24.0410 0x08b8 BFE - ok
00:32:24.0457 0x08b8 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
00:32:24.0644 0x08b8 BITS - ok
00:32:24.0676 0x08b8 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:32:24.0691 0x08b8 blbdrive - ok
00:32:24.0800 0x08b8 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:32:24.0847 0x08b8 Bonjour Service - ok
00:32:24.0910 0x08b8 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:32:24.0972 0x08b8 bowser - ok
00:32:25.0003 0x08b8 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
00:32:25.0019 0x08b8 BrFiltLo - ok
00:32:25.0034 0x08b8 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
00:32:25.0050 0x08b8 BrFiltUp - ok
00:32:25.0081 0x08b8 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
00:32:25.0097 0x08b8 Browser - ok
00:32:25.0128 0x08b8 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:32:25.0175 0x08b8 Brserid - ok
00:32:25.0190 0x08b8 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:32:25.0206 0x08b8 BrSerWdm - ok
00:32:25.0222 0x08b8 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:32:25.0237 0x08b8 BrUsbMdm - ok
00:32:25.0253 0x08b8 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:32:25.0268 0x08b8 BrUsbSer - ok
00:32:25.0362 0x08b8 [ 0471D5669F18C50E552B2BC0CB15E7B3, 472F471FF9E5A1FDD5610BAC2F5E727AB284B7B5A71C4E515D549667F0B5EB86 ] BrYNSvc C:\Program Files\Browny02\BrYNSvc.exe
00:32:25.0518 0x08b8 BrYNSvc - detected UnsignedFile.Multi.Generic ( 1 )
00:32:26.0641 0x08b8 Detect skipped due to KSN trusted
00:32:26.0641 0x08b8 BrYNSvc - ok
00:32:26.0704 0x08b8 [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
00:32:26.0766 0x08b8 BthEnum - ok
00:32:26.0782 0x08b8 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
00:32:26.0797 0x08b8 BTHMODEM - ok
00:32:26.0828 0x08b8 [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
00:32:26.0844 0x08b8 BthPan - ok
00:32:26.0875 0x08b8 [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
00:32:26.0906 0x08b8 BTHPORT - ok
00:32:26.0938 0x08b8 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
00:32:26.0953 0x08b8 bthserv - ok
00:32:27.0000 0x08b8 [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
00:32:27.0000 0x08b8 BTHUSB - ok
00:32:27.0031 0x08b8 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:32:27.0062 0x08b8 cdfs - ok
00:32:27.0140 0x08b8 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:32:27.0172 0x08b8 cdrom - ok
00:32:27.0234 0x08b8 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
00:32:27.0265 0x08b8 CertPropSvc - ok
00:32:27.0281 0x08b8 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\drivers\circlass.sys
00:32:27.0296 0x08b8 circlass - ok
00:32:27.0328 0x08b8 [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS C:\Windows\system32\CLFS.sys
00:32:27.0359 0x08b8 CLFS - ok
00:32:27.0437 0x08b8 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:32:27.0452 0x08b8 clr_optimization_v2.0.50727_32 - ok
00:32:27.0499 0x08b8 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:32:27.0515 0x08b8 clr_optimization_v4.0.30319_32 - ok
00:32:27.0546 0x08b8 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:32:27.0608 0x08b8 CmBatt - ok
00:32:27.0640 0x08b8 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:32:27.0655 0x08b8 cmdide - ok
00:32:27.0827 0x08b8 [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG C:\Windows\system32\Drivers\cng.sys
00:32:27.0874 0x08b8 CNG - ok
00:32:27.0920 0x08b8 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:32:27.0952 0x08b8 Compbatt - ok
00:32:28.0014 0x08b8 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
00:32:28.0061 0x08b8 CompositeBus - ok
00:32:28.0092 0x08b8 COMSysApp - ok
00:32:28.0108 0x08b8 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
00:32:28.0139 0x08b8 crcdisk - ok
00:32:28.0186 0x08b8 [ 33F67BBCC3C0499D3F3382473114CFA8, FDDCC41CE005B7C1BEBB6F4ACA9A3F10E5972792ADFD7D294E70A0B781460981 ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:32:28.0217 0x08b8 CryptSvc - ok
00:32:28.0310 0x08b8 [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC C:\Windows\system32\drivers\csc.sys
00:32:28.0373 0x08b8 CSC - ok
00:32:28.0420 0x08b8 [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService C:\Windows\System32\cscsvc.dll
00:32:28.0451 0x08b8 CscService - ok
00:32:28.0529 0x08b8 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
00:32:28.0591 0x08b8 DcomLaunch - ok
00:32:28.0669 0x08b8 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
00:32:28.0778 0x08b8 defragsvc - ok
00:32:28.0810 0x08b8 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:32:28.0841 0x08b8 DfsC - ok
00:32:28.0919 0x08b8 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
00:32:28.0966 0x08b8 Dhcp - ok
00:32:29.0153 0x08b8 [ 7AB2DE012C88870C9274E966EC88AB61, CE2098B152B9C039C29C0573C813BFBF13B2D2E6BEE83985374160884A817133 ] DiagTrack C:\Windows\system32\diagtrack.dll
00:32:29.0215 0x08b8 DiagTrack - ok
00:32:29.0278 0x08b8 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
00:32:29.0309 0x08b8 discache - ok
00:32:29.0387 0x08b8 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\drivers\disk.sys
00:32:29.0418 0x08b8 Disk - ok
00:32:29.0465 0x08b8 [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
00:32:29.0496 0x08b8 dmvsc - ok
00:32:29.0558 0x08b8 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:32:29.0590 0x08b8 Dnscache - ok
00:32:29.0605 0x08b8 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
00:32:29.0652 0x08b8 dot3svc - ok
00:32:29.0668 0x08b8 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
00:32:29.0714 0x08b8 DPS - ok
00:32:29.0746 0x08b8 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:32:29.0777 0x08b8 drmkaud - ok
00:32:29.0824 0x08b8 [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:32:29.0870 0x08b8 DXGKrnl - ok
00:32:29.0902 0x08b8 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
00:32:29.0933 0x08b8 EapHost - ok
00:32:30.0089 0x08b8 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
00:32:30.0260 0x08b8 ebdrv - ok
00:32:30.0307 0x08b8 [ 3AD57B7A84035A05079226D1DE47E771, 4DABE420AB2CDAA1D7214B2569DA4AF335E49D31731CBE91DC18B450874F494B ] EFS C:\Windows\System32\lsass.exe
00:32:30.0323 0x08b8 EFS - ok
00:32:30.0432 0x08b8 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:32:30.0494 0x08b8 ehRecvr - ok
00:32:30.0510 0x08b8 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
00:32:30.0526 0x08b8 ehSched - ok
00:32:30.0572 0x08b8 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
00:32:30.0588 0x08b8 elxstor - ok
00:32:30.0619 0x08b8 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:32:30.0635 0x08b8 ErrDev - ok
00:32:30.0682 0x08b8 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
00:32:30.0713 0x08b8 EventSystem - ok
00:32:30.0744 0x08b8 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
00:32:30.0775 0x08b8 exfat - ok
00:32:30.0806 0x08b8 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:32:30.0838 0x08b8 fastfat - ok
00:32:30.0884 0x08b8 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
00:32:30.0916 0x08b8 Fax - ok
00:32:30.0947 0x08b8 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\drivers\fdc.sys
00:32:30.0962 0x08b8 fdc - ok
00:32:30.0994 0x08b8 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
00:32:31.0025 0x08b8 fdPHost - ok
00:32:31.0025 0x08b8 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
00:32:31.0056 0x08b8 FDResPub - ok
00:32:31.0103 0x08b8 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:32:31.0134 0x08b8 FileInfo - ok
00:32:31.0165 0x08b8 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:32:31.0212 0x08b8 Filetrace - ok
00:32:31.0399 0x08b8 [ 21485C51A6C0DC3D096A96428455AE0C, A14E242504B198F3A27F5C6D5CDA467CF0CE52AA723D70CB3A038B7A8716995B ] FlexNet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:32:31.0524 0x08b8 FlexNet Licensing Service - ok
00:32:31.0571 0x08b8 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
00:32:31.0602 0x08b8 flpydisk - ok
00:32:31.0680 0x08b8 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:32:31.0696 0x08b8 FltMgr - ok
00:32:31.0820 0x08b8 [ 37DE123FE4276D8EC7F3C5B10C236238, 93CA47B9A96D904DD177FC0E04DECDF13756C8FA3C7613913DB4BF29A70ECE96 ] FontCache C:\Windows\system32\FntCache.dll
00:32:31.0883 0x08b8 FontCache - ok
00:32:31.0992 0x08b8 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:32:32.0023 0x08b8 FontCache3.0.0.0 - ok
00:32:32.0039 0x08b8 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:32:32.0054 0x08b8 FsDepends - ok
00:32:32.0086 0x08b8 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:32:32.0086 0x08b8 Fs_Rec - ok
00:32:32.0148 0x08b8 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:32:32.0179 0x08b8 fvevol - ok
00:32:32.0242 0x08b8 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
00:32:32.0257 0x08b8 gagp30kx - ok
00:32:32.0304 0x08b8 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:32:32.0320 0x08b8 GEARAspiWDM - ok
00:32:32.0398 0x08b8 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
00:32:32.0444 0x08b8 gpsvc - ok
00:32:32.0476 0x08b8 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:32:32.0507 0x08b8 hcw85cir - ok
00:32:32.0569 0x08b8 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:32:32.0585 0x08b8 HdAudAddService - ok
00:32:32.0647 0x08b8 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
00:32:32.0694 0x08b8 HDAudBus - ok
00:32:32.0710 0x08b8 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
00:32:32.0725 0x08b8 HidBatt - ok
00:32:32.0756 0x08b8 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\drivers\hidbth.sys
00:32:32.0788 0x08b8 HidBth - ok
00:32:32.0803 0x08b8 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\drivers\hidir.sys
00:32:32.0819 0x08b8 HidIr - ok
00:32:32.0850 0x08b8 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
00:32:32.0881 0x08b8 hidserv - ok
00:32:32.0912 0x08b8 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:32:32.0944 0x08b8 HidUsb - ok
00:32:32.0975 0x08b8 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
00:32:33.0006 0x08b8 hkmsvc - ok
00:32:33.0022 0x08b8 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:32:33.0053 0x08b8 HomeGroupListener - ok
00:32:33.0084 0x08b8 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:32:33.0115 0x08b8 HomeGroupProvider - ok
00:32:33.0146 0x08b8 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:32:33.0162 0x08b8 HpSAMD - ok
00:32:33.0240 0x08b8 [ 950CC1E6AE3A6CD23E0945CDE089B02C, C242AE9F21FE7FBC269BD11BDD3346936626DA15596561B527EF20CFAEF77055 ] HTCAND32 C:\Windows\system32\Drivers\ANDROIDUSB.sys
00:32:33.0240 0x08b8 HTCAND32 - detected UnsignedFile.Multi.Generic ( 1 )
00:32:34.0363 0x08b8 Detect skipped due to KSN trusted
00:32:34.0363 0x08b8 HTCAND32 - ok
00:32:34.0441 0x08b8 [ 339ADEFAD60353F960E3CA67CE468C24, AF0953ACBE2CA6466595A31349DBF96452DEF2633FD279E8F2B59A3767B89AFC ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
00:32:34.0488 0x08b8 htcnprot - ok
00:32:34.0550 0x08b8 [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:32:34.0628 0x08b8 HTTP - ok
00:32:34.0691 0x08b8 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:32:34.0738 0x08b8 hwpolicy - ok
00:32:34.0800 0x08b8 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
00:32:34.0831 0x08b8 i8042prt - ok
00:32:34.0909 0x08b8 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:32:34.0956 0x08b8 iaStorV - ok
00:32:35.0299 0x08b8 [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:32:35.0362 0x08b8 idsvc - ok
00:32:35.0408 0x08b8 IEEtwCollectorService - ok
00:32:35.0502 0x08b8 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\drivers\iirsp.sys
00:32:35.0549 0x08b8 iirsp - ok
00:32:35.0642 0x08b8 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
00:32:35.0689 0x08b8 IKEEXT - ok
00:32:35.0767 0x08b8 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
00:32:35.0798 0x08b8 intelide - ok
00:32:35.0861 0x08b8 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:32:35.0908 0x08b8 intelppm - ok
00:32:35.0939 0x08b8 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:32:36.0001 0x08b8 IPBusEnum - ok
00:32:36.0032 0x08b8 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:32:36.0110 0x08b8 IpFilterDriver - ok
00:32:36.0173 0x08b8 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:32:36.0220 0x08b8 iphlpsvc - ok
00:32:36.0235 0x08b8 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
00:32:36.0251 0x08b8 IPMIDRV - ok
00:32:36.0313 0x08b8 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:32:36.0360 0x08b8 IPNAT - ok
00:32:36.0516 0x08b8 [ 1AA479D2A100ACFDE3A7B7B2D6E53DC0, 487714C233A93F2DCE7AD443CEA61B60B35D6131C79DE0A9C1A614BCB3B97391 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:32:36.0547 0x08b8 iPod Service - ok
00:32:36.0594 0x08b8 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:32:36.0625 0x08b8 IRENUM - ok
00:32:36.0656 0x08b8 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:32:36.0719 0x08b8 isapnp - ok
00:32:36.0766 0x08b8 [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
00:32:36.0797 0x08b8 iScsiPrt - ok
00:32:36.0859 0x08b8 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:32:36.0890 0x08b8 kbdclass - ok
00:32:36.0937 0x08b8 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
00:32:36.0953 0x08b8 kbdhid - ok
00:32:36.0984 0x08b8 [ 3AD57B7A84035A05079226D1DE47E771, 4DABE420AB2CDAA1D7214B2569DA4AF335E49D31731CBE91DC18B450874F494B ] KeyIso C:\Windows\system32\lsass.exe
00:32:37.0000 0x08b8 KeyIso - ok
00:32:37.0078 0x08b8 [ 48732BFA0C692BEC15DBBFE754E594C6, A39DD1181CF51534C18C2ECFE02E961363769482BAF9F206E57B014C5B246921 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:32:37.0109 0x08b8 KSecDD - ok
00:32:37.0140 0x08b8 [ 46B1F590C06AF25BCADCCAE0148C2074, 62447A906E5D7D20B3955A1EF99C971F1E0522A7D68C3D2C88EF174A5A5ECD29 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:32:37.0156 0x08b8 KSecPkg - ok
00:32:37.0234 0x08b8 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
00:32:37.0280 0x08b8 KtmRm - ok
00:32:37.0312 0x08b8 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll
00:32:37.0343 0x08b8 LanmanServer - ok
00:32:37.0374 0x08b8 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:32:37.0405 0x08b8 LanmanWorkstation - ok
00:32:37.0468 0x08b8 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:32:37.0514 0x08b8 lltdio - ok
00:32:37.0546 0x08b8 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:32:37.0592 0x08b8 lltdsvc - ok
00:32:37.0624 0x08b8 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:32:37.0670 0x08b8 lmhosts - ok
00:32:37.0717 0x08b8 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
00:32:37.0764 0x08b8 LSI_FC - ok
00:32:37.0795 0x08b8 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
00:32:37.0811 0x08b8 LSI_SAS - ok
00:32:37.0842 0x08b8 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
00:32:37.0858 0x08b8 LSI_SAS2 - ok
00:32:37.0873 0x08b8 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
00:32:37.0889 0x08b8 LSI_SCSI - ok
00:32:37.0936 0x08b8 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
00:32:38.0014 0x08b8 luafv - ok
00:32:38.0060 0x08b8 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:32:38.0092 0x08b8 Mcx2Svc - ok
00:32:38.0123 0x08b8 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\drivers\megasas.sys
00:32:38.0138 0x08b8 megasas - ok
00:32:38.0201 0x08b8 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
00:32:38.0248 0x08b8 MegaSR - ok
00:32:38.0263 0x08b8 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
00:32:38.0294 0x08b8 MMCSS - ok
00:32:38.0341 0x08b8 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
00:32:38.0388 0x08b8 Modem - ok
00:32:38.0435 0x08b8 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:32:38.0450 0x08b8 monitor - ok
00:32:38.0497 0x08b8 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:32:38.0544 0x08b8 mouclass - ok
00:32:38.0575 0x08b8 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:32:38.0591 0x08b8 mouhid - ok
00:32:38.0606 0x08b8 [ BAD9C0366134BA181514E9263C8CE606, 7976B2D3DC283ACDBC21C7D197C0E2A650E6555F6569283302766B17D736BDB8 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:32:38.0622 0x08b8 mountmgr - ok
00:32:38.0731 0x08b8 [ CC11EEB7AF4617D65DF0E9A21FC1ABD0, A683A5FB26E1B9FB4EEB40A9C7186F8433E3FB0A45848DF6102EF07B4DC75AC8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:32:38.0762 0x08b8 MozillaMaintenance - ok
00:32:38.0872 0x08b8 [ F112DA773EC3E9D3CDE9221ED300E033, 693C416B281DA3489C096812D0E4E0413C05798D36AF534624C3B29551CE68A4 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
00:32:38.0934 0x08b8 MpFilter - ok
00:32:38.0965 0x08b8 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
00:32:38.0997 0x08b8 mpio - ok
00:32:39.0418 0x08b8 [ BB7BB66A8DAF16950F83AE7BF498AF8F, A96FC3BE055C52B98E7ECDF68D69081620F829B04B5496C73D87F271E40EA638 ] MpKslf78dad13 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2A6CE3B3-8FB2-44FA-9F5E-C490E4AED2A2}\MpKslf78dad13.sys
00:32:39.0449 0x08b8 MpKslf78dad13 - ok
00:32:39.0480 0x08b8 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:32:39.0527 0x08b8 mpsdrv - ok
00:32:39.0636 0x08b8 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
00:32:39.0683 0x08b8 MpsSvc - ok
00:32:39.0745 0x08b8 [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:32:39.0870 0x08b8 MRxDAV - ok
00:32:39.0933 0x08b8 [ FEDAAB6716B44DE8B9EFC14DD9A26215, 765890CDEADF6851C5C9014D12422733D7E7833690F560B94AE2BE9E7E08F130 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:32:39.0995 0x08b8 mrxsmb - ok
00:32:40.0042 0x08b8 [ 77DD652AB8708CDB55FDB7073B868784, AC88E2BFFE3EC62269216FD1B52DA8D85AFD0AF3E69B7B876F531258977BA372 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:32:40.0089 0x08b8 mrxsmb10 - ok
00:32:40.0104 0x08b8 [ 4ACDB6414918D8920875B00B286E1FBC, 404F5AC75DFD7C5CEF08A8D2FC24CD806941BF2B16FF7BC3BECBEABCBFA1B64A ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:32:40.0120 0x08b8 mrxsmb20 - ok
00:32:40.0151 0x08b8 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
00:32:40.0167 0x08b8 msahci - ok
00:32:40.0198 0x08b8 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:32:40.0229 0x08b8 msdsm - ok
00:32:40.0245 0x08b8 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
00:32:40.0260 0x08b8 MSDTC - ok
00:32:40.0338 0x08b8 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:32:40.0385 0x08b8 Msfs - ok
00:32:40.0447 0x08b8 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:32:40.0525 0x08b8 mshidkmdf - ok
00:32:40.0572 0x08b8 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:32:40.0635 0x08b8 msisadrv - ok
00:32:40.0681 0x08b8 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:32:40.0759 0x08b8 MSiSCSI - ok
00:32:40.0759 0x08b8 msiserver - ok
00:32:40.0806 0x08b8 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:32:40.0853 0x08b8 MSKSSRV - ok
00:32:40.0978 0x08b8 [ CC09BB7FDEFC5763CCB3CF7DAE2D76CF, F8F00900EDBA2F64BF136DD0B6C83CAF07C72F24F3D49C78B7EA24757FDBC6D0 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
00:32:41.0009 0x08b8 MsMpSvc - ok
00:32:41.0056 0x08b8 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:32:41.0087 0x08b8 MSPCLOCK - ok
00:32:41.0087 0x08b8 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:32:41.0118 0x08b8 MSPQM - ok
00:32:41.0165 0x08b8 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:32:41.0181 0x08b8 MsRPC - ok
00:32:41.0212 0x08b8 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
00:32:41.0212 0x08b8 mssmbios - ok
00:32:41.0243 0x08b8 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:32:41.0259 0x08b8 MSTEE - ok
00:32:41.0290 0x08b8 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
00:32:41.0305 0x08b8 MTConfig - ok
00:32:41.0337 0x08b8 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
00:32:41.0352 0x08b8 Mup - ok
00:32:41.0415 0x08b8 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
00:32:41.0446 0x08b8 napagent - ok
00:32:41.0477 0x08b8 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:32:41.0508 0x08b8 NativeWifiP - ok
00:32:41.0602 0x08b8 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:32:41.0664 0x08b8 NDIS - ok
00:32:41.0727 0x08b8 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:32:41.0758 0x08b8 NdisCap - ok
00:32:41.0805 0x08b8 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:32:41.0836 0x08b8 NdisTapi - ok
00:32:41.0883 0x08b8 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:32:41.0914 0x08b8 Ndisuio - ok
00:32:41.0945 0x08b8 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:32:41.0976 0x08b8 NdisWan - ok
00:32:41.0992 0x08b8 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:32:42.0023 0x08b8 NDProxy - ok
00:32:42.0023 0x08b8 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:32:42.0054 0x08b8 NetBIOS - ok
00:32:42.0132 0x08b8 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:32:42.0179 0x08b8 NetBT - ok
00:32:42.0210 0x08b8 [ 3AD57B7A84035A05079226D1DE47E771, 4DABE420AB2CDAA1D7214B2569DA4AF335E49D31731CBE91DC18B450874F494B ] Netlogon C:\Windows\system32\lsass.exe
00:32:42.0226 0x08b8 Netlogon - ok
00:32:42.0288 0x08b8 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
00:32:42.0335 0x08b8 Netman - ok
00:32:42.0382 0x08b8 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:32:42.0397 0x08b8 NetMsmqActivator - ok
00:32:42.0413 0x08b8 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:32:42.0429 0x08b8 NetPipeActivator - ok
00:32:42.0460 0x08b8 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
00:32:42.0507 0x08b8 netprofm - ok
00:32:42.0522 0x08b8 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:32:42.0538 0x08b8 NetTcpActivator - ok
00:32:42.0538 0x08b8 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:32:42.0553 0x08b8 NetTcpPortSharing - ok
00:32:42.0850 0x08b8 [ 58218EC6B61B1169CF54AAB0D00F5FE2, B76ABB2AD78CE68D30F0F08563B0593D658298CDCF1B138B6E9FB0D64CBCC3C2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
00:32:43.0162 0x08b8 netw5v32 - ok
00:32:43.0287 0x08b8 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
00:32:43.0318 0x08b8 nfrd960 - ok
00:32:43.0349 0x08b8 [ 780FF28BCD8470C5FDDEEF69982AA295, 1ED386E87E0AA733F23D554D2BF4EF4168DB9A419B7BA0BA8FBA20F118BE21DF ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:32:43.0365 0x08b8 NisDrv - ok
00:32:43.0396 0x08b8 [ 3FF257F54649D4F19E39263C5D581CD1, 1F201EEE770A452AA30C6270AAA456A77F9F3A102F473E12C22D3B8809932C1B ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
00:32:43.0427 0x08b8 NisSrv - ok
00:32:43.0458 0x08b8 [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:32:43.0489 0x08b8 NlaSvc - ok
00:32:43.0521 0x08b8 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:32:43.0552 0x08b8 Npfs - ok
00:32:43.0599 0x08b8 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
00:32:43.0630 0x08b8 nsi - ok
00:32:43.0645 0x08b8 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:32:43.0677 0x08b8 nsiproxy - ok
00:32:43.0817 0x08b8 [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:32:43.0879 0x08b8 Ntfs - ok
00:32:43.0926 0x08b8 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
00:32:43.0973 0x08b8 Null - ok
00:32:44.0035 0x08b8 [ 75833D803CD7875506536827ACC31A9A, 2F26967D45C778917A825654294BCBC7796DB3CB7DB3749BCE1AF50D015BD6B4 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
00:32:44.0098 0x08b8 nusb3hub - ok
00:32:44.0145 0x08b8 [ 7DD06524B89DD897CD043A28DB7B610D, EB720B04D6D085D7DCF8BD3CCCDA81FAD8A0958972C0BB72A38CB918754BC52A ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
00:32:44.0207 0x08b8 nusb3xhc - ok
00:32:44.0550 0x08b8 [ 05B288B25C2EBD9A4E9E5114AE790876, 84EFC4983DC1D679EC19E8A427B96351628CD3ECBF5D22CF1F7E984540D129A2 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:32:45.0003 0x08b8 nvlddmkm - ok
00:32:45.0065 0x08b8 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:32:45.0081 0x08b8 nvraid - ok
00:32:45.0096 0x08b8 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:32:45.0112 0x08b8 nvstor - ok
00:32:45.0159 0x08b8 [ E937A615D4289E83E234C3EC26092431, C7C1BFBBC2592AFC45F71AC6C474000AA4F4D2A1593D5075036EB3201E1E3C19 ] nvsvc C:\Windows\system32\nvvsvc.exe
00:32:45.0174 0x08b8 nvsvc - ok
00:32:45.0190 0x08b8 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:32:45.0221 0x08b8 nv_agp - ok
00:32:45.0393 0x08b8 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:32:45.0424 0x08b8 odserv - ok
00:32:45.0455 0x08b8 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
00:32:45.0471 0x08b8 ohci1394 - ok
00:32:45.0517 0x08b8 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:32:45.0533 0x08b8 ose - ok
00:32:45.0564 0x08b8 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:32:45.0611 0x08b8 p2pimsvc - ok
00:32:45.0658 0x08b8 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
00:32:45.0705 0x08b8 p2psvc - ok
00:32:45.0720 0x08b8 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\drivers\parport.sys
00:32:45.0736 0x08b8 Parport - ok
00:32:45.0798 0x08b8 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:32:45.0829 0x08b8 partmgr - ok
00:32:45.0845 0x08b8 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
00:32:45.0861 0x08b8 Parvdm - ok
00:32:45.0939 0x08b8 [ 3CAE2BBC86FCF7F94C9696994AF30386, 4DA063A60523567272CFB35DF5D7CA142B100EF9123B1F23A6F11AB89DB83486 ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
00:32:45.0954 0x08b8 PassThru Service - detected UnsignedFile.Multi.Generic ( 1 )
00:32:47.0155 0x08b8 Detect skipped due to KSN trusted
00:32:47.0155 0x08b8 PassThru Service - ok
00:32:47.0202 0x08b8 [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc C:\Windows\System32\pcasvc.dll
00:32:47.0280 0x08b8 PcaSvc - ok
00:32:47.0343 0x08b8 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
00:32:47.0374 0x08b8 pci - ok
00:32:47.0389 0x08b8 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
00:32:47.0405 0x08b8 pciide - ok
00:32:47.0452 0x08b8 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
00:32:47.0483 0x08b8 pcmcia - ok
00:32:47.0514 0x08b8 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
00:32:47.0530 0x08b8 pcw - ok
00:32:47.0639 0x08b8 [ 0BBA0B66C14AE56FCB516062395DE0B4, 42D16D9438234227E063ABBBD2A0B96ABEEE5591EAE61B6C4C9DEA334E738CB1 ] PDFProFiltSrv C:\Program Files\Nuance\PDF Professional 8\PDFProFiltSrv.exe
00:32:47.0655 0x08b8 PDFProFiltSrv - ok
00:32:47.0748 0x08b8 [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:32:47.0795 0x08b8 PEAUTH - ok
00:32:47.0873 0x08b8 [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
00:32:47.0920 0x08b8 PeerDistSvc - ok
00:32:48.0029 0x08b8 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
00:32:48.0107 0x08b8 pla - ok
00:32:48.0185 0x08b8 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:32:48.0247 0x08b8 PlugPlay - ok
00:32:48.0279 0x08b8 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:32:48.0294 0x08b8 PNRPAutoReg - ok
00:32:48.0310 0x08b8 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:32:48.0341 0x08b8 PNRPsvc - ok
00:32:48.0466 0x08b8 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:32:48.0513 0x08b8 PolicyAgent - ok
00:32:48.0575 0x08b8 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
00:32:48.0622 0x08b8 Power - ok
00:32:48.0684 0x08b8 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:32:48.0731 0x08b8 PptpMiniport - ok
00:32:48.0762 0x08b8 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\drivers\processr.sys
00:32:48.0778 0x08b8 Processor - ok
00:32:48.0809 0x08b8 [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc C:\Windows\system32\profsvc.dll
00:32:48.0840 0x08b8 ProfSvc - ok
00:32:48.0856 0x08b8 [ 3AD57B7A84035A05079226D1DE47E771, 4DABE420AB2CDAA1D7214B2569DA4AF335E49D31731CBE91DC18B450874F494B ] ProtectedStorage C:\Windows\system32\lsass.exe
00:32:48.0871 0x08b8 ProtectedStorage - ok
00:32:48.0934 0x08b8 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:32:48.0981 0x08b8 Psched - ok
00:32:49.0074 0x08b8 [ B6A1692FC131F1FE5162513D78A9B6FC, 193B12508E5D076B178AADDDA9BECB4F397307FB8D96B16540697D6E49D61C28 ] PxHelp20 C:\Windows\system32\drivers\PxHelp20.sys
00:32:49.0105 0x08b8 PxHelp20 - ok
00:32:49.0215 0x08b8 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\drivers\ql2300.sys
00:32:49.0277 0x08b8 ql2300 - ok
00:32:49.0308 0x08b8 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
00:32:49.0324 0x08b8 ql40xx - ok
00:32:49.0355 0x08b8 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
00:32:49.0386 0x08b8 QWAVE - ok
00:32:49.0402 0x08b8 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:32:49.0417 0x08b8 QWAVEdrv - ok
00:32:49.0433 0x08b8 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:32:49.0464 0x08b8 RasAcd - ok
00:32:49.0527 0x08b8 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:32:49.0558 0x08b8 RasAgileVpn - ok
00:32:49.0589 0x08b8 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
00:32:49.0620 0x08b8 RasAuto - ok
00:32:49.0636 0x08b8 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:32:49.0651 0x08b8 Rasl2tp - ok
00:32:49.0714 0x08b8 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
00:32:49.0745 0x08b8 RasMan - ok
00:32:49.0776 0x08b8 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:32:49.0807 0x08b8 RasPppoe - ok
00:32:49.0854 0x08b8 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:32:49.0917 0x08b8 RasSstp - ok
00:32:49.0948 0x08b8 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:32:49.0979 0x08b8 rdbss - ok
00:32:49.0995 0x08b8 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:32:50.0010 0x08b8 rdpbus - ok
00:32:50.0010 0x08b8 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:32:50.0041 0x08b8 RDPCDD - ok
00:32:50.0104 0x08b8 [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
00:32:50.0151 0x08b8 RDPDR - ok
00:32:50.0151 0x08b8 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:32:50.0182 0x08b8 RDPENCDD - ok
00:32:50.0197 0x08b8 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:32:50.0213 0x08b8 RDPREFMP - ok
00:32:50.0260 0x08b8 [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
00:32:50.0291 0x08b8 RdpVideoMiniport - ok
00:32:50.0322 0x08b8 [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:32:50.0353 0x08b8 RDPWD - ok
00:32:50.0416 0x08b8 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:32:50.0447 0x08b8 rdyboost - ok
00:32:50.0494 0x08b8 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:32:50.0525 0x08b8 RemoteAccess - ok
00:32:50.0556 0x08b8 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:32:50.0587 0x08b8 RemoteRegistry - ok
00:32:50.0619 0x08b8 [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
00:32:50.0634 0x08b8 RFCOMM - ok
00:32:50.0681 0x08b8 [ D65AC8797F0286ED269500747D6290A4, 7E264156FF5B8D9E39FEECC1D905C8E8E6E85206B7BFB7B49172167DA6F32884 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
00:32:50.0743 0x08b8 rimmptsk - ok
00:32:50.0759 0x08b8 [ 49EC82B44EB93374ED9988DA7E0E0151, 4F5C32D20F7B11080688B3E9E84BAF9253D4027C36294FF44661F2ECC4197480 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
00:32:50.0806 0x08b8 rimsptsk - ok
00:32:50.0821 0x08b8 [ 3F400C3CCD0818858602DDB37B5DE719, 2F9045D59A18EA5D0FA9AC8C369C5FFF017147246E078CA0C612854CDFC2F1B4 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
00:32:50.0837 0x08b8 rismxdp - ok
00:32:50.0868 0x08b8 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:32:50.0899 0x08b8 RpcEptMapper - ok
00:32:50.0931 0x08b8 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
00:32:50.0946 0x08b8 RpcLocator - ok
00:32:51.0009 0x08b8 [ DC908AB53016010462F371BBFD3173F5, EBA817F382F49FC698AB98415E7552C2ED031FAEEAB55D34EC77E5EF59860649 ] rpcnet C:\Windows\system32\rpcnet.exe
00:32:51.0040 0x08b8 rpcnet - ok
00:32:51.0087 0x08b8 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
00:32:51.0118 0x08b8 RpcSs - ok
00:32:51.0289 0x08b8 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:32:51.0352 0x08b8 rspndr - ok
00:32:51.0492 0x08b8 [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap C:\Windows\system32\drivers\vms3cap.sys
00:32:51.0523 0x08b8 s3cap - ok
00:32:51.0539 0x08b8 [ 3AD57B7A84035A05079226D1DE47E771, 4DABE420AB2CDAA1D7214B2569DA4AF335E49D31731CBE91DC18B450874F494B ] SamSs C:\Windows\system32\lsass.exe
00:32:51.0570 0x08b8 SamSs - ok
00:32:51.0633 0x08b8 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:32:51.0664 0x08b8 sbp2port - ok
00:32:51.0695 0x08b8 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:32:51.0726 0x08b8 SCardSvr - ok
00:32:51.0742 0x08b8 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:32:51.0773 0x08b8 scfilter - ok
00:32:51.0820 0x08b8 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
00:32:51.0882 0x08b8 Schedule - ok
00:32:51.0898 0x08b8 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
00:32:51.0929 0x08b8 SCPolicySvc - ok
00:32:51.0976 0x08b8 [ 0328BE1C7F1CBA23848179F8762E391C, EA80853F04BAE6F46F658B3EFED34BFDDE20E6F2BDA349EBC17EC75DFF19855D ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
00:32:52.0023 0x08b8 sdbus - ok
00:32:52.0054 0x08b8 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:32:52.0116 0x08b8 SDRSVC - ok
00:32:52.0163 0x08b8 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:32:52.0225 0x08b8 secdrv - ok
00:32:52.0241 0x08b8 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
00:32:52.0272 0x08b8 seclogon - ok
00:32:52.0303 0x08b8 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\System32\sens.dll
00:32:52.0335 0x08b8 SENS - ok
00:32:52.0366 0x08b8 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:32:52.0381 0x08b8 SensrSvc - ok
00:32:52.0397 0x08b8 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\drivers\serenum.sys
00:32:52.0413 0x08b8 Serenum - ok
00:32:52.0428 0x08b8 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\drivers\serial.sys
00:32:52.0444 0x08b8 Serial - ok
00:32:52.0475 0x08b8 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\drivers\sermouse.sys
00:32:52.0491 0x08b8 sermouse - ok
00:32:52.0537 0x08b8 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
00:32:52.0569 0x08b8 SessionEnv - ok
00:32:52.0584 0x08b8 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:32:52.0600 0x08b8 sffdisk - ok
00:32:52.0615 0x08b8 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:32:52.0631 0x08b8 sffp_mmc - ok
00:32:52.0647 0x08b8 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:32:52.0662 0x08b8 sffp_sd - ok
00:32:52.0693 0x08b8 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
00:32:52.0709 0x08b8 sfloppy - ok
00:32:52.0756 0x08b8 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:32:52.0803 0x08b8 SharedAccess - ok
00:32:52.0849 0x08b8 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:32:52.0881 0x08b8 ShellHWDetection - ok
00:32:52.0912 0x08b8 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
00:32:52.0927 0x08b8 sisagp - ok
00:32:52.0959 0x08b8 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
00:32:52.0974 0x08b8 SiSRaid2 - ok
00:32:52.0990 0x08b8 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
00:32:53.0005 0x08b8 SiSRaid4 - ok
00:32:53.0099 0x08b8 [ A9C057A9463C25490CF99EA8DF8A4B35, 8F4D1C40D0F17EDBF84ED455B8946F782C7552383F0A07E410A9B6CFF7F51D63 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
00:32:53.0130 0x08b8 SkypeUpdate - ok
00:32:53.0193 0x08b8 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:32:53.0271 0x08b8 Smb - ok
00:32:53.0302 0x08b8 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:32:53.0317 0x08b8 SNMPTRAP - ok
00:32:53.0349 0x08b8 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
00:32:53.0364 0x08b8 spldr - ok
00:32:53.0427 0x08b8 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
00:32:53.0458 0x08b8 Spooler - ok
00:32:53.0614 0x08b8 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
00:32:53.0801 0x08b8 sppsvc - ok
00:32:53.0848 0x08b8 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:32:53.0879 0x08b8 sppuinotify - ok
00:32:53.0941 0x08b8 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
00:32:54.0004 0x08b8 srv - ok
00:32:54.0066 0x08b8 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:32:54.0097 0x08b8 srv2 - ok
00:32:54.0097 0x08b8 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:32:54.0113 0x08b8 srvnet - ok
00:32:54.0160 0x08b8 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:32:54.0222 0x08b8 SSDPSRV - ok
00:32:54.0238 0x08b8 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:32:54.0269 0x08b8 SstpSvc - ok
00:32:54.0285 0x08b8 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\drivers\stexstor.sys
00:32:54.0300 0x08b8 stexstor - ok
00:32:54.0347 0x08b8 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
00:32:54.0394 0x08b8 StiSvc - ok
00:32:54.0425 0x08b8 [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt C:\Windows\system32\drivers\vmstorfl.sys
00:32:54.0456 0x08b8 storflt - ok
00:32:54.0519 0x08b8 [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc C:\Windows\system32\storsvc.dll
00:32:54.0565 0x08b8 StorSvc - ok
00:32:54.0581 0x08b8 [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc C:\Windows\system32\drivers\storvsc.sys
00:32:54.0597 0x08b8 storvsc - ok
00:32:54.0628 0x08b8 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
00:32:54.0643 0x08b8 swenum - ok
00:32:54.0706 0x08b8 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
00:32:54.0753 0x08b8 swprv - ok
00:32:54.0831 0x08b8 [ 4EE25AC85AFC3FD67D9F57ECDF566FF2, F1BFF1FB655F31B97FA9C6A49D433EFD33D8A35F6B28B4D83E45C27A05A86228 ] SysMain C:\Windows\system32\sysmain.dll
00:32:54.0893 0x08b8 SysMain - ok
00:32:54.0940 0x08b8 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
00:32:54.0955 0x08b8 TabletInputService - ok
00:32:54.0987 0x08b8 [ 432D9D823C4C26B6070C41BAD4404CE4, 741B41F7467D312AF4CC733EA31F647FBCD06985CBB6A14117E8A87A6F7B06F5 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
00:32:55.0049 0x08b8 tap0901 - ok
00:32:55.0080 0x08b8 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
00:32:55.0127 0x08b8 TapiSrv - ok
00:32:55.0143 0x08b8 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
00:32:55.0174 0x08b8 TBS - ok
00:32:55.0283 0x08b8 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:32:55.0345 0x08b8 Tcpip - ok
00:32:55.0423 0x08b8 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:32:55.0470 0x08b8 TCPIP6 - ok
00:32:55.0517 0x08b8 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:32:55.0533 0x08b8 tcpipreg - ok
00:32:55.0564 0x08b8 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:32:55.0626 0x08b8 TDPIPE - ok
00:32:55.0657 0x08b8 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:32:55.0673 0x08b8 TDTCP - ok
00:32:55.0720 0x08b8 [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:32:55.0767 0x08b8 tdx - ok
00:32:55.0782 0x08b8 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
00:32:55.0798 0x08b8 TermDD - ok
00:32:55.0876 0x08b8 [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService C:\Windows\System32\termsrv.dll
00:32:55.0923 0x08b8 TermService - ok
00:32:55.0954 0x08b8 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
00:32:55.0969 0x08b8 Themes - ok
00:32:55.0985 0x08b8 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
00:32:56.0016 0x08b8 THREADORDER - ok
00:32:56.0047 0x08b8 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
00:32:56.0094 0x08b8 TrkWks - ok
00:32:56.0141 0x08b8 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:32:56.0172 0x08b8 TrustedInstaller - ok
00:32:56.0203 0x08b8 [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:32:56.0219 0x08b8 tssecsrv - ok
00:32:56.0266 0x08b8 [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:32:56.0297 0x08b8 TsUsbFlt - ok
00:32:56.0328 0x08b8 [ 01246F0BAAD7B68EC0F472AA41E33282, 51F975AF029AD015576FFFA3E88F5DBB8B40C7CD30ECDEDE8AFABCB08C954199 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
00:32:56.0344 0x08b8 TsUsbGD - ok
00:32:56.0531 0x08b8 [ 58CA8A3052E36ACEF2026BC968CFE6B3, C3CA1BF88432279D1E77E3FBD038C507D50BF92EEE34210E55D206F0952A0843 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
00:32:56.0687 0x08b8 TuneUp.UtilitiesSvc - ok
00:32:56.0749 0x08b8 [ 9F0B34E0B903B803309552C3DB267451, EA3F23F7C2551DCACB8118A36355E03A6A26F693AEB1D39E0F9B8F391BA40E96 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys
00:32:56.0781 0x08b8 TuneUpUtilitiesDrv - ok
00:32:56.0827 0x08b8 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:32:56.0874 0x08b8 tunnel - ok
00:32:56.0921 0x08b8 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
00:32:56.0937 0x08b8 uagp35 - ok
00:32:56.0952 0x08b8 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:32:57.0015 0x08b8 udfs - ok
00:32:57.0046 0x08b8 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:32:57.0061 0x08b8 UI0Detect - ok
00:32:57.0108 0x08b8 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:32:57.0124 0x08b8 uliagpkx - ok
00:32:57.0186 0x08b8 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
00:32:57.0217 0x08b8 umbus - ok
00:32:57.0264 0x08b8 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\drivers\umpass.sys
00:32:57.0295 0x08b8 UmPass - ok
00:32:57.0327 0x08b8 [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService C:\Windows\System32\umrdp.dll
00:32:57.0358 0x08b8 UmRdpService - ok
00:32:57.0389 0x08b8 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
00:32:57.0451 0x08b8 upnphost - ok
00:32:57.0483 0x08b8 [ EC1C23779BB41A8B2AB2AA6FCE308BDE, D027A2B472CAE97AECB16F69BE52E06CB61E1C61AE196C22662050B711C1C72D ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
00:32:57.0498 0x08b8 USBAAPL - detected UnsignedFile.Multi.Generic ( 1 )
00:32:58.0621 0x08b8 Detect skipped due to KSN trusted
00:32:58.0621 0x08b8 USBAAPL - ok
00:32:58.0668 0x08b8 [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:32:58.0746 0x08b8 usbccgp - ok
00:32:58.0777 0x08b8 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:32:58.0809 0x08b8 usbcir - ok
00:32:58.0855 0x08b8 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:32:58.0887 0x08b8 usbehci - ok
00:32:58.0965 0x08b8 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:32:59.0027 0x08b8 usbhub - ok
00:32:59.0089 0x08b8 [ A6FB7957EA7AFB1165991E54CE934B74, 1CE83D9E3276AE380F720C7700A17D58A37A2A77FD72DA69EE0C756B88DB3689 ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:32:59.0121 0x08b8 usbohci - ok
00:32:59.0136 0x08b8 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:32:59.0152 0x08b8 usbprint - ok
00:32:59.0214 0x08b8 [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
00:32:59.0245 0x08b8 usbscan - ok
00:32:59.0261 0x08b8 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:32:59.0323 0x08b8 USBSTOR - ok
00:32:59.0370 0x08b8 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
00:32:59.0401 0x08b8 usbuhci - ok
00:32:59.0479 0x08b8 [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
00:32:59.0511 0x08b8 usbvideo - ok
00:32:59.0542 0x08b8 [ AF77716205C97E902E6C5B78DECE2CCA, ED99EABED1C7F323EE2A76413E2B260F8EE1D76FDF1E60EE35136D060E756735 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
00:32:59.0573 0x08b8 usb_rndisx - ok
00:32:59.0604 0x08b8 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
00:32:59.0620 0x08b8 UxSms - ok
00:32:59.0698 0x08b8 [ 6C6395DB3AADD8815F8077C4511B5979, 4405FD248F7E6CCD682388537ADD09539289C81E917E470B386D3F06248B197D ] UxTuneUp C:\Windows\System32\uxtuneup.dll
00:32:59.0729 0x08b8 UxTuneUp - ok
00:32:59.0745 0x08b8 [ 3AD57B7A84035A05079226D1DE47E771, 4DABE420AB2CDAA1D7214B2569DA4AF335E49D31731CBE91DC18B450874F494B ] VaultSvc C:\Windows\system32\lsass.exe
00:32:59.0760 0x08b8 VaultSvc - ok
00:32:59.0823 0x08b8 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:32:59.0854 0x08b8 vdrvroot - ok
00:32:59.0916 0x08b8 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
00:32:59.0963 0x08b8 vds - ok
00:32:59.0979 0x08b8 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:32:59.0994 0x08b8 vga - ok
00:33:00.0025 0x08b8 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
00:33:00.0057 0x08b8 VgaSave - ok
00:33:00.0103 0x08b8 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
00:33:00.0119 0x08b8 vhdmp - ok
00:33:00.0150 0x08b8 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
00:33:00.0166 0x08b8 viaagp - ok
00:33:00.0213 0x08b8 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
00:33:00.0228 0x08b8 ViaC7 - ok
00:33:00.0259 0x08b8 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
00:33:00.0259 0x08b8 viaide - ok
00:33:00.0306 0x08b8 [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus C:\Windows\system32\drivers\vmbus.sys
00:33:00.0322 0x08b8 vmbus - ok
00:33:00.0337 0x08b8 [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
00:33:00.0353 0x08b8 VMBusHID - ok
00:33:00.0384 0x08b8 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:33:00.0400 0x08b8 volmgr - ok
00:33:00.0415 0x08b8 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:33:00.0447 0x08b8 volmgrx - ok
00:33:00.0462 0x08b8 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:33:00.0493 0x08b8 volsnap - ok
00:33:00.0556 0x08b8 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
00:33:00.0587 0x08b8 vsmraid - ok
00:33:00.0649 0x08b8 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
00:33:00.0712 0x08b8 VSS - ok
00:33:00.0743 0x08b8 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
00:33:00.0759 0x08b8 vwifibus - ok
00:33:00.0774 0x08b8 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
00:33:00.0805 0x08b8 W32Time - ok
00:33:00.0837 0x08b8 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
00:33:00.0868 0x08b8 WacomPen - ok
00:33:00.0930 0x08b8 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:33:00.0961 0x08b8 WANARP - ok
00:33:00.0961 0x08b8 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:33:00.0993 0x08b8 Wanarpv6 - ok
00:33:01.0133 0x08b8 [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
00:33:01.0196 0x08b8 WatAdminSvc - ok
00:33:01.0259 0x08b8 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
00:33:01.0337 0x08b8 wbengine - ok
00:33:01.0384 0x08b8 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:33:01.0430 0x08b8 WbioSrvc - ok
00:33:01.0477 0x08b8 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:33:01.0493 0x08b8 wcncsvc - ok
00:33:01.0508 0x08b8 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:33:01.0540 0x08b8 WcsPlugInService - ok
00:33:01.0571 0x08b8 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\drivers\wd.sys
00:33:01.0602 0x08b8 Wd - ok
00:33:01.0680 0x08b8 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:33:01.0727 0x08b8 Wdf01000 - ok
00:33:01.0774 0x08b8 [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:33:01.0805 0x08b8 WdiServiceHost - ok
00:33:01.0805 0x08b8 [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:33:01.0820 0x08b8 WdiSystemHost - ok
00:33:01.0867 0x08b8 [ 55C70654420DBF429604FD567E6F3CD3, 22191B049BCA76EF13AEDF8078E452E6B35E998A75AD63F14C542B541EA9F67D ] WebClient C:\Windows\System32\webclnt.dll
00:33:01.0898 0x08b8 WebClient - ok
00:33:01.0930 0x08b8 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:33:01.0961 0x08b8 Wecsvc - ok
00:33:01.0992 0x08b8 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:33:02.0023 0x08b8 wercplsupport - ok
00:33:02.0039 0x08b8 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
00:33:02.0070 0x08b8 WerSvc - ok
00:33:02.0117 0x08b8 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:33:02.0148 0x08b8 WfpLwf - ok
00:33:02.0195 0x08b8 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:33:02.0210 0x08b8 WIMMount - ok
00:33:02.0320 0x08b8 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
00:33:02.0366 0x08b8 WinDefend - ok
00:33:02.0382 0x08b8 WinHttpAutoProxySvc - ok
00:33:02.0476 0x08b8 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:33:02.0538 0x08b8 Winmgmt - ok
00:33:02.0616 0x08b8 [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM C:\Windows\system32\WsmSvc.dll
00:33:02.0678 0x08b8 WinRM - ok
00:33:02.0756 0x08b8 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys
00:33:02.0788 0x08b8 WinUsb - ok
00:33:02.0834 0x08b8 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
00:33:02.0881 0x08b8 Wlansvc - ok
00:33:02.0912 0x08b8 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
00:33:02.0928 0x08b8 WmiAcpi - ok
00:33:02.0975 0x08b8 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:33:03.0006 0x08b8 wmiApSrv - ok
00:33:03.0178 0x08b8 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
00:33:03.0224 0x08b8 WMPNetworkSvc - ok
00:33:03.0256 0x08b8 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:33:03.0287 0x08b8 WPCSvc - ok
00:33:03.0302 0x08b8 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:33:03.0318 0x08b8 WPDBusEnum - ok
00:33:03.0365 0x08b8 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:33:03.0396 0x08b8 ws2ifsl - ok
00:33:03.0427 0x08b8 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\System32\wscsvc.dll
00:33:03.0474 0x08b8 wscsvc - ok
00:33:03.0474 0x08b8 WSearch - ok
00:33:03.0614 0x08b8 [ A7A67674E51F2B050AAC4C477297EEE2, FA6DA2AA7869A99AB3D19509D7F2411E5E2C9ADB6D8DB97D7B8FAF1F6E160687 ] wuauserv C:\Windows\system32\wuaueng.dll
00:33:03.0755 0x08b8 wuauserv - ok
00:33:03.0786 0x08b8 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:33:03.0802 0x08b8 WudfPf - ok
00:33:03.0848 0x08b8 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:33:03.0864 0x08b8 WUDFRd - ok
00:33:03.0895 0x08b8 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:33:03.0911 0x08b8 wudfsvc - ok
00:33:03.0958 0x08b8 [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
00:33:03.0989 0x08b8 WwanSvc - ok
00:33:04.0004 0x08b8 ================ Scan global ===============================
00:33:04.0036 0x08b8 [ 5E7C5DE85AF978495C3A9A0B720B9811, 142CDEBED78E3BAEE8D2DBF6A97CE26313932024010548EC2E570CAE480AF7C3 ] C:\Windows\system32\basesrv.dll
00:33:04.0082 0x08b8 [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\Windows\system32\winsrv.dll
00:33:04.0098 0x08b8 [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\Windows\system32\winsrv.dll
00:33:04.0114 0x08b8 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
00:33:04.0145 0x08b8 [ 0780A42DBD7D9969F9BF4A19AA4285B5, 8EA41124A4E97732C5DAA616457FBA7111CB38986F3427FA776ED00BC1407171 ] C:\Windows\system32\services.exe
00:33:04.0160 0x08b8 [ Global ] - ok
00:33:04.0160 0x08b8 ================ Scan MBR ==================================
00:33:04.0176 0x08b8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:33:04.0644 0x08b8 \Device\Harddisk0\DR0 - ok
00:33:04.0644 0x08b8 ================ Scan VBR ==================================
00:33:04.0644 0x08b8 [ 05E21A6F9392B194BE6DF9899EE1EC38 ] \Device\Harddisk0\DR0\Partition1
00:33:04.0660 0x08b8 \Device\Harddisk0\DR0\Partition1 - ok
00:33:04.0660 0x08b8 ================ Scan generic autorun ======================
00:33:04.0753 0x08b8 [ 20DE1CDD37A5D3D4177B8D9FEF907D81, F6CE80984852595A677C92B8C555F9B0D398BAE36768E0D6FC7F8C7211D962D2 ] c:\Program Files\Microsoft Security Client\msseces.exe
00:33:04.0800 0x08b8 MSC - ok
00:33:04.0800 0x08b8 NvCplDaemon - ok
00:33:04.0816 0x08b8 NvMediaCenter - ok
00:33:04.0878 0x08b8 [ 8943465BEFA91044227D42E84ECB8280, 76D19CE3EB7E6C6573F250543CDC10B3601604535BFB756805AE246FA55AC265 ] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
00:33:04.0909 0x08b8 NUSB3MON - ok
00:33:05.0034 0x08b8 [ 9D54F3E5E4D102AB27E190CBEC14B355, AECF6C3634557937F8CE2D353A3C3B1FC31E33CB66C2926ADD2C99756EB09F88 ] C:\Program Files\Everything\Everything.exe
00:33:05.0065 0x08b8 Everything - detected UnsignedFile.Multi.Generic ( 1 )
00:33:06.0204 0x08b8 Detect skipped due to KSN trusted
00:33:06.0204 0x08b8 Everything - ok
00:33:06.0282 0x08b8 [ 053E2A1DAA1AE4171A863BDE73872DB3, 644E70AE998E7115F7452949BB5FAFD3939FD54C89E9E742FF535AE9131AAF49 ] C:\Program Files\ControlCenter4\BrCcBoot.exe
00:33:06.0298 0x08b8 ControlCenter4 - detected UnsignedFile.Multi.Generic ( 1 )
00:33:07.0437 0x08b8 Detect skipped due to KSN trusted
00:33:07.0437 0x08b8 ControlCenter4 - ok
00:33:07.0734 0x08b8 [ FBE2F33BBFF0F9592F552FD3BA41F8AC, 7126FBEEB4CD5A1B6F084503598E616905957FD364E4576BDFF4DB75FE660B17 ] C:\Program Files\Browny02\Brother\BrStMonW.exe
00:33:08.0061 0x08b8 BrStsMon00 - detected UnsignedFile.Multi.Generic ( 1 )
00:33:09.0231 0x08b8 Detect skipped due to KSN trusted
00:33:09.0231 0x08b8 BrStsMon00 - ok
00:33:09.0450 0x08b8 [ F1021BD18F1F726DAD6E00398FD1CCB6, A76FC4DFB1E9BFE0B920C78E36C1E77D4AA2224D37A26B26AD843D60949D2214 ] C:\Program Files\KeePass Password Safe 2\KeePass.exe
00:33:09.0606 0x08b8 KeePass 2 PreLoad - ok
00:33:09.0731 0x08b8 [ D1B2FADBF98C2B7A53893B939802004B, 0E4B97F24C4204B2905AE5AF489C0144CD6997330135C48C487EE27CD395452E ] C:\Program Files\iTunes\iTunesHelper.exe
00:33:09.0746 0x08b8 iTunesHelper - ok
00:33:09.0824 0x08b8 [ F655E4A1AED366E96E5D5AA397E0F255, F8573CCA72FA25079B8CE2FC5D30379487E2905B109C73C741FAB31589FA49E1 ] C:\Program Files\QuickTime\QTTask.exe
00:33:09.0840 0x08b8 QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
00:33:11.0088 0x08b8 QuickTime Task ( UnsignedFile.Multi.Generic ) - warning
00:33:12.0336 0x08b8 [ F916BA0DA28A4B4F7B1ADE76EB42F088, FB3C91D44709D039E959B275F6ECE26AF9307D272FE3E25CC41EAC259AA3B596 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
00:33:12.0367 0x08b8 SunJavaUpdateSched - ok
00:33:12.0523 0x08b8 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
00:33:12.0601 0x08b8 Sidebar - ok
00:33:12.0617 0x08b8 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
00:33:12.0648 0x08b8 mctadmin - ok
00:33:12.0710 0x08b8 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
00:33:12.0741 0x08b8 Sidebar - ok
00:33:12.0757 0x08b8 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
00:33:12.0773 0x08b8 mctadmin - ok
00:33:13.0053 0x08b8 [ 3D01BD151A423F6B7D89970E42E31E46, CA1B7619A387E94A033D3143B782DEEC30C9F9E528B52822E7CB35D1C617F349 ] C:\Program Files\CCleaner\CCleaner.exe
00:33:13.0225 0x08b8 CCleaner Monitoring - ok
00:33:13.0241 0x08b8 Waiting for KSN requests completion. In queue: 6
00:33:14.0255 0x08b8 Waiting for KSN requests completion. In queue: 6
00:33:15.0284 0x08b8 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x61000 ( enabled : updated )
00:33:15.0284 0x08b8 Win FW state via NFP2: enabled ( trusted )
00:33:16.0454 0x08b8 ============================================================
00:33:16.0454 0x08b8 Scan finished
00:33:16.0454 0x08b8 ============================================================
00:33:16.0470 0x04e4 Detected object count: 1
00:33:16.0470 0x04e4 Actual detected object count: 1
00:33:26.0220 0x04e4 QuickTime Task ( UnsignedFile.Multi.Generic ) - skipped by user
00:33:26.0220 0x04e4 QuickTime Task ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
02.09.2015, 18:03
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: Notebook soll Junkmails verschicken Hast Du den Anrufer nun auf den Rechner gelassen oder nicht? Ich denke nicht. Neben Ich -mach-den-PC-Kaputt TUne Up ist da aber noch Adware die runter muss. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.09.2015, 10:43
| #5 |
| | Windows 7: Notebook soll Junkmails verschicken hallo schrauber, sorry: der anrufer war via teamviewer ca. 5-10 minuten auf dem pc. nachdem ein fenster aufblitzte und wieder verschwand, wusste ich, dass das nichts gutes ist und brach die verbindung ab. anschließend auch das telefonat. dank google weiß ich jetzt, worauf ich (fast?) reingefallen bin. tune-up ist gelöscht. hier die logs Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 03.09.2015 Suchlaufzeit: 09:34 Protokolldatei: mbam.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.09.03.02 Rootkit-Datenbank: v2015.08.16.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: hanns-robert Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 384774 Abgelaufene Zeit: 48 Min., 48 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v5.005 - Bericht erstellt am 03/09/2015 um 10:39:17
# Aktualisiert am 31/08/2015 von Xplode
# Datenbank : 2015-08-31.2 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x86)
# Benutzername : hanns-robert - hanns-robert-PC
# Gestartet von : C:\Users\hanns-robert\Downloads\trojaner-board\AdwCleaner_5.005.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner Gelöscht : C:\Users\hanns-robert\Documents\Updater
***** [ Dateien ] *****
[-] Datei Gelöscht : C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\foxydeal.sqlite
[-] Datei Gelöscht : C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\user.js
***** [ Verknüpfungen ] *****
***** [ Geplante Tasks ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
*************************
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1044 Bytes] ##########
JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 7 Professional x86
Ran by hanns-robert on 03.09.2015 at 10:45:17,27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\Users\hanns-robert\AppData\Roaming\getrighttogo
Successfully deleted: [Folder] C:\Users\hanns-robert\Documents\add-in express
~~~ FireFox
Emptied folder: C:\Users\hanns-robert\AppData\Roaming\mozilla\firefox\profiles\q2cfpw2h.default\minidumps [25 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.09.2015 at 10:47:20,76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
beim first kam kein addition.txt mit. folgt. FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2015
durchgeführt von hanns-robert (Administrator) auf hanns-robert-PC (03-09-2015 11:29:13)
Gestartet von C:\Users\hanns-robert\Downloads\trojaner-board
Geladene Profile: hanns-robert (Verfügbare Profile: hanns-robert & admin)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 8\PDFProFiltSrv.exe
(Absolute Software Corp.) C:\Windows\System32\rpcnet.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files\Everything\Everything.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1048576 2014-08-06] ()
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139776 2014-01-27] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4513792 2013-12-19] (Brother Industries, Ltd.)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [2720144 2015-08-09] (Dominik Reichl)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157968 2015-08-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6490904 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1
Tcpip\..\Interfaces\{0119FB2D-7C7E-4258-954F-5A33F8A32915}: [DhcpNameServer] 192.168.123.81 192.168.123.124
Tcpip\..\Interfaces\{677857D5-A830-483C-866D-A51015D17ED7}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{83DC2806-26AE-4D68-B2D8-8A10872F72A9}: [DhcpNameServer] 192.168.192.1
Internet Explorer:
==================
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000 -> {17521AD6-C195-4576-B69C-9A60834CDE99} URL = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
SearchScopes: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000 -> {219D42F1-35A3-4625-8532-82EF0313D5C8} URL = hxxp://ecosia.org/search?q={searchTerms}&addon=opsensearch-ie
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll [2012-07-19] (Zeon Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-01] (Oracle Corporation)
BHO: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-01] (Oracle Corporation)
Toolbar: HKLM - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)
FireFox:
========
FF ProfilePath: C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default
FF DefaultSearchEngine: Ecosia
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.gmx.net
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-01] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: ZEON/PDF,version=2.0 -> C:\Program Files\Nuance\PDF Professional 8\bin\nppdf.dll [2012-07-31] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-1148431976-1086807397-2611512696-1000: www.mydlink.com/Uplayer -> C:\Users\hanns-robert\AppData\Roaming\dlink\Uplayer\1.0.0.33\npUplayer.dll [2015-07-09] (D-LINK CORPORATION)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npatgpc.dll [2015-06-16] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\hanns-robert\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-06-16] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\searchplugins\duckduckgo.xml [2014-01-18]
FF SearchPlugin: C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\searchplugins\ecosia.xml [2015-06-10]
FF Extension: German Dictionary - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-10]
FF Extension: United States English Spellchecker - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\en-US@dictionaries.addons.mozilla.org [2014-04-11]
FF Extension: FireFTP - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-05-31]
FF Extension: Add Bookmark Here ² - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\abhere2@moztw.org.xpi [2014-04-11]
FF Extension: Copy Plain Text 2 - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\copyplaintext@teo.pl.xpi [2014-04-11]
FF Extension: Facebook Disconnect - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\facebook@disconnect.me.xpi [2014-12-15]
FF Extension: Mailvelope - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\jid1-AQqSMBYb0a8ADg@jetpack.xpi [2015-04-22]
FF Extension: DuckDuckGo Plus - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-04-11]
FF Extension: Print/Print Preview - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}.xpi [2014-04-11]
FF Extension: Image Zoom - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2014-04-11]
FF Extension: Ecosia — The search engine that plants trees! - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-04-11]
FF Extension: Adblock Plus - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-11]
FF Extension: Tab Mix Plus - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-10-16]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-01]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-02-19] (Adobe Systems) [Datei ist nicht signiert]
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [Datei ist nicht signiert]
S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1045840 2015-07-21] (Flexera Software LLC.)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [Datei ist nicht signiert]
R2 PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-10-23] (Nuance Communications, Inc.)
R2 rpcnet; C:\Windows\system32\rpcnet.exe [78032 2015-04-16] (Absolute Software Corp.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 HTCAND32; C:\Windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-26] (HTC, Corporation) [Datei ist nicht signiert]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
S3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [86408 2012-08-27] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [178568 2012-08-27] (Renesas Electronics Corporation)
R0 PxHelp20; C:\Windows\System32\drivers\PxHelp20.sys [46096 2013-07-19] (Corel Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2014-07-28] (Apple, Inc.) [Datei ist nicht signiert]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-03 10:47 - 2015-09-03 10:47 - 00000891 _____ C:\Users\hanns-robert\Desktop\JRT.txt
2015-09-03 10:36 - 2015-09-03 10:39 - 00000000 ____D C:\AdwCleaner
2015-09-03 09:22 - 2015-09-03 09:22 - 00001064 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-09-03 09:22 - 2015-09-03 09:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-09-03 09:22 - 2015-09-03 09:22 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware
2015-09-03 09:22 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-03 09:22 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-02 00:51 - 2015-09-02 00:51 - 06667640 _____ (Piriform Ltd) C:\Users\hanns-robert\Downloads\ccsetup509.exe
2015-09-01 22:03 - 2015-09-03 09:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-01 22:02 - 2015-09-03 09:33 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-01 22:02 - 2015-09-02 00:31 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-01 22:01 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-01 22:00 - 2015-09-01 22:01 - 00000000 ____D C:\Users\admin\Downloads\mbar
2015-09-01 21:57 - 2015-09-01 21:57 - 00000000 ____D C:\Program Files\Common Files\Java
2015-09-01 21:56 - 2015-09-01 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-01 21:56 - 2015-09-01 21:55 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-09-01 21:03 - 2015-09-01 21:03 - 00000000 ____D C:\Users\hanns-robert\AppData\Local\Image Composite Editor
2015-09-01 21:02 - 2015-09-01 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Composite Editor
2015-09-01 21:02 - 2015-09-01 21:02 - 00000000 ____D C:\Program Files\Microsoft Research
2015-09-01 19:25 - 2015-09-03 11:29 - 00000000 ____D C:\FRST
2015-09-01 19:22 - 2015-09-01 19:22 - 00000000 _____ C:\Users\hanns-robert\defogger_reenable
2015-09-01 19:17 - 2015-09-01 19:17 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\Sun
2015-09-01 19:17 - 2015-09-01 19:17 - 00000000 ____D C:\Users\hanns-robert\.oracle_jre_usage
2015-09-01 19:13 - 2015-09-03 10:57 - 00000000 ____D C:\Users\hanns-robert\Downloads\trojaner-board
2015-09-01 19:12 - 2015-09-01 19:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-01 16:40 - 2015-09-01 16:41 - 23273424 _____ (SUPERAntiSpyware) C:\Users\hanns-robert\Downloads\SUPERAntiSpywarePro.exe
2015-09-01 16:20 - 2015-09-01 16:20 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\TeamViewer
2015-08-26 21:45 - 2015-09-03 09:30 - 00002588 _____ C:\Windows\PFRO.log
2015-08-25 19:07 - 2015-08-25 19:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-08-25 19:06 - 2015-08-25 19:07 - 00000000 ____D C:\Program Files\QuickTime
2015-08-24 11:54 - 2015-08-11 02:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-24 11:54 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-22 18:12 - 2015-09-03 10:50 - 00001467 _____ C:\Windows\setupact.log
2015-08-22 18:12 - 2015-08-22 18:12 - 00000000 _____ C:\Windows\setuperr.log
2015-08-18 11:39 - 2015-08-18 11:39 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-18 11:39 - 2015-08-18 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-18 11:38 - 2015-08-18 11:39 - 00000000 ____D C:\Program Files\iTunes
2015-08-18 11:38 - 2015-08-18 11:38 - 00000000 ____D C:\Program Files\iPod
2015-08-14 20:07 - 2015-08-14 20:07 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-08-14 20:07 - 2015-08-14 20:07 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-08-13 21:15 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-13 21:15 - 2015-07-30 18:52 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-13 21:15 - 2015-07-30 18:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-13 21:15 - 2015-07-21 02:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-13 21:15 - 2015-07-16 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-13 21:15 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-13 21:15 - 2015-07-16 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-13 21:15 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-13 21:15 - 2015-07-16 21:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-13 21:15 - 2015-07-16 21:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-13 21:15 - 2015-07-16 21:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-13 21:15 - 2015-07-16 21:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-13 21:15 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-13 21:15 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-13 21:15 - 2015-07-16 21:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-13 21:15 - 2015-07-16 21:39 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-13 21:15 - 2015-07-16 21:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-13 21:15 - 2015-07-16 21:32 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-13 21:15 - 2015-07-16 21:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-13 21:15 - 2015-07-16 21:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-13 21:15 - 2015-07-16 21:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-13 21:15 - 2015-07-16 21:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-13 21:15 - 2015-07-16 21:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-13 21:15 - 2015-07-16 21:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-13 21:15 - 2015-07-16 21:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-13 21:15 - 2015-07-16 21:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-13 21:15 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-13 21:15 - 2015-07-16 21:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-13 21:15 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-13 21:15 - 2015-07-16 21:06 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-13 21:15 - 2015-07-16 21:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-13 21:15 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-13 21:15 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-13 21:15 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-13 21:15 - 2015-07-16 17:14 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-13 21:15 - 2015-07-15 19:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-13 21:15 - 2015-07-15 19:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-13 21:15 - 2015-07-15 19:59 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-13 21:15 - 2015-07-15 19:59 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-13 21:15 - 2015-07-15 19:59 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-13 21:15 - 2015-07-15 19:56 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-13 21:15 - 2015-07-15 19:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-13 21:15 - 2015-07-15 19:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-13 21:15 - 2015-07-15 19:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-13 21:15 - 2015-07-15 19:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-13 21:15 - 2015-07-15 19:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-13 21:15 - 2015-07-15 19:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-13 21:15 - 2015-07-15 19:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-13 21:15 - 2015-07-15 19:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-13 21:15 - 2015-07-15 18:36 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-13 21:15 - 2015-07-15 18:36 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-13 21:15 - 2015-07-15 18:36 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-13 21:14 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-13 21:14 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-13 21:11 - 2015-07-10 19:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-13 21:10 - 2015-07-15 04:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-13 21:09 - 2015-07-15 04:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-13 21:09 - 2015-07-15 04:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-13 21:09 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-13 21:09 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 16:28 - 2015-07-30 15:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 16:27 - 2015-07-28 22:04 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 16:27 - 2015-07-28 22:00 - 00952832 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 16:27 - 2015-07-28 21:54 - 00934400 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 02061312 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 16:27 - 2015-07-20 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 16:27 - 2015-07-20 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 16:27 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 16:27 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 16:27 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 16:27 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 16:16 - 2015-08-12 16:17 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\Nvu
2015-08-12 16:15 - 2015-08-12 16:16 - 00001477 _____ C:\Users\hanns-robert\Desktop\nvu.lnk
2015-08-11 15:28 - 2015-08-11 15:30 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\KompoZer
2015-08-11 15:25 - 2015-08-11 15:28 - 00000000 ____D C:\Program Files\KompoZer 0.7.10
2015-08-10 20:44 - 2015-08-10 20:44 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\dlink
2015-08-06 11:43 - 2015-08-06 11:43 - 00094208 _____ (Apple Inc.) C:\Windows\system32\QuickTimeVR.qtx
2015-08-06 11:43 - 2015-08-06 11:43 - 00069632 _____ (Apple Inc.) C:\Windows\system32\QuickTime.qts
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-03 11:10 - 2014-05-06 21:11 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-03 10:59 - 2009-07-14 06:34 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-03 10:59 - 2009-07-14 06:34 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-03 10:54 - 2014-08-20 20:12 - 01168923 _____ C:\Windows\WindowsUpdate.log
2015-09-03 10:52 - 2014-10-17 22:15 - 00000000 ___RD C:\Users\hanns-robert\iCloudDrive
2015-09-03 10:51 - 2014-04-13 17:50 - 00078032 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2015-09-03 10:51 - 2014-04-13 17:45 - 00017408 _____ C:\Windows\system32\rpcnetp.exe
2015-09-03 10:51 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-03 09:37 - 2010-11-20 23:01 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-03 09:29 - 2014-10-15 22:47 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\Everything
2015-09-03 09:01 - 2014-05-10 22:04 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\XnView
2015-09-02 00:52 - 2015-07-23 19:54 - 00000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-02 00:52 - 2014-04-13 17:46 - 00000000 ____D C:\Users\admin
2015-09-02 00:52 - 2014-04-11 01:04 - 00000000 ____D C:\Program Files\CCleaner
2015-09-01 21:58 - 2014-04-15 21:28 - 00000000 ____D C:\ProgramData\Oracle
2015-09-01 21:54 - 2014-04-15 21:31 - 00000000 ____D C:\Program Files\Java
2015-09-01 21:41 - 2014-04-10 22:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-01 21:00 - 2014-04-11 00:56 - 00000000 ____D C:\Users\hanns-robert\Software
2015-09-01 20:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-09-01 20:07 - 2014-05-10 00:19 - 02420736 ___SH C:\Users\hanns-robert\Downloads\Thumbs.db
2015-09-01 19:22 - 2014-04-10 21:37 - 00000000 ____D C:\Users\hanns-robert
2015-08-27 16:42 - 2014-11-04 22:38 - 00000000 ____D C:\Users\hanns-robert\usb
2015-08-26 23:18 - 2014-04-13 11:23 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\KeePass
2015-08-25 23:15 - 2014-04-16 00:55 - 00000000 ____D C:\ProgramData\TEMP
2015-08-25 20:58 - 2014-07-21 20:38 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\UseNeXT
2015-08-25 20:50 - 2015-03-08 10:33 - 00000000 ____D C:\Users\hanns-robert\Downloads\usenext
2015-08-22 18:16 - 2014-04-13 12:01 - 00381440 ___SH C:\Users\hanns-robert\Desktop\Thumbs.db
2015-08-18 11:38 - 2014-09-18 21:25 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-18 10:19 - 2014-04-10 22:43 - 00000000 ____D C:\Windows\system32\MRT
2015-08-18 10:10 - 2014-04-10 22:43 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-14 21:00 - 2014-04-11 08:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-14 21:00 - 2009-07-14 06:33 - 00429392 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-14 20:57 - 2011-04-12 03:29 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2015-08-14 20:57 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-08-14 20:53 - 2015-07-03 22:52 - 00014873 _____ C:\Users\hanns-robert\Downloads\Reiseplan ZA 2015.xlsx
2015-08-14 20:14 - 2014-04-11 08:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-14 20:13 - 2014-04-15 21:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 21:45 - 2014-04-15 21:28 - 00000000 ____D C:\Users\hanns-robert\bilder
2015-08-12 21:13 - 2014-04-26 22:41 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\Notepad++
2015-08-12 21:13 - 2014-04-26 22:41 - 00000000 ____D C:\Program Files\Notepad++
2015-08-12 20:47 - 2014-05-25 14:07 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\vlc
2015-08-12 20:33 - 2014-06-04 22:50 - 00000000 ____D C:\Users\hanns-robert\video
2015-08-12 17:10 - 2014-04-15 20:29 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-12 17:10 - 2014-04-15 20:29 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-12 16:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-12 16:39 - 2015-04-15 11:47 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 16:39 - 2014-05-06 22:30 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 16:05 - 2015-04-15 21:43 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-08-11 16:21 - 2015-04-08 16:09 - 00000000 ____D C:\Windows\system32\data
2015-08-11 15:31 - 2015-05-25 22:13 - 00000000 ____D C:\Users\hanns-robert\Downloads\print
2015-08-11 15:13 - 2014-04-13 11:37 - 00000000 ____D C:\Users\hanns-robert\linus
2015-08-10 20:41 - 2014-04-13 10:49 - 00001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2015-08-10 20:41 - 2014-04-13 10:49 - 00000000 ____D C:\Program Files\KeePass Password Safe 2
2015-08-05 21:39 - 2014-05-10 19:50 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\TV-Browser
2015-08-05 11:50 - 2015-06-22 00:11 - 00000093 _____ C:\Users\hanns-robert\Desktop\links.txt
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-04-15 20:56 - 2014-04-15 20:56 - 0000030 _____ () C:\Program Files\Exiferupdate.ini
2015-05-03 11:55 - 2015-05-03 11:55 - 0007610 _____ () C:\Users\hanns-robert\AppData\Local\Resmon.ResmonCfg
2014-04-15 22:56 - 2014-04-15 22:56 - 0000026 ____H () C:\ProgramData\.811261211181235583101118113995
Einige Dateien in TEMP:
====================
C:\Users\hanns-robert\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\hanns-robert\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\hanns-robert\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\hanns-robert\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-09-01 20:40
==================== Ende vom FRST.txt ============================
FRST Additions Logfile: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:31-08-2015
durchgeführt von hanns-robert (2015-09-03 11:29:41)
Gestartet von C:\Users\hanns-robert\Downloads\trojaner-board
Start-Modus: Normal
==========================================================
==================== Konten: =============================
admin (S-1-5-21-1148431976-1086807397-2611512696-1003 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-1148431976-1086807397-2611512696-500 - Administrator - Disabled)
Gast (S-1-5-21-1148431976-1086807397-2611512696-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1148431976-1086807397-2611512696-1002 - Limited - Enabled)
hanns-robert (S-1-5-21-1148431976-1086807397-2611512696-1000 - Administrator - Enabled) => C:\Users\hanns-robert
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.38 beta (HKLM\...\7-Zip) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Creative Suite 2 (HKLM\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version: - )
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
Anti-Twin (Installation 02.10.2014) (HKLM\...\Anti-Twin 2014-10-02 12.49.50) (Version: - Joerg Rosenthal, Germany)
Apple Application Support (32-Bit) (HKLM\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-L2700DW series (HKLM\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 0.0.20.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5666 - CDBurnerXP)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
CUEcards 2000 (HKLM\...\CUEcards 2000) (Version: - Marcus Humann Software-Technik)
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
Duden Home (HKLM\...\{288A423E-D6CA-47C3-B480-D1203EB08949}) (Version: 10.1.0 - Bibliographisches Institut GmbH)
Everything 1.3.4.686 (x86) (HKLM\...\Everything) (Version: - )
Final Draft (HKLM\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.3.120 - Final Draft, Inc.)
Final Draft (HKLM\...\{E8FDC52C-83F4-4A0F-AA65-D0E8C0F3302F}) (Version: 9.0.7.184 - Final Draft, Inc.)
Free YouTube Download version 3.2.46.923 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.46.923 - DVDVideoSoft Ltd.)
iCloud (HKLM\...\{9A07AB4F-6B53-43E9-B7FC-7892E8C26BE3}) (Version: 4.1.1.53 - Apple Inc.)
Image Composite Editor (HKLM\...\{B29E2C62-496A-4F4F-9ED0-239FA15E1CB8}) (Version: 2.0.3 - Microsoft Corporation)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{025E78AC-BD91-4E9E-B165-3C09D4084BA4}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
KeePass Password Safe 2.30 (HKLM\...\KeePassPasswordSafe2_is1) (Version: 2.30 - Dominik Reichl)
LibreOffice 4.4 Help Pack (German) (HKLM\...\{CCC30EC0-253C-4CF3-9A5D-5DE2601CD760}) (Version: 4.4.3.2 - The Document Foundation)
LibreOffice 4.4.3.2 (HKLM\...\{A651A592-2F6C-4D66-AEA8-9BFE4B61BCB3}) (Version: 4.4.3.2 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 40.0.3 (x86 de) (HKLM\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Mp3tag v2.70 (HKLM\...\Mp3tag) (Version: v2.70 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.8.1 - Notepad++ Team)
Nuance PDF Converter Professional 8 (HKLM\...\{35D85791-82E5-443B-B051-8FD85D9D5155}) (Version: 8.10.3267 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 Update x86 (HKLM\...\{7E6CA782-AA41-4E4C-A948-232B7FD82696}) (Version: 8.11.0000 - Nuance Communications, Inc.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
QuickTime 7 (HKLM\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RarZilla Free Unrar (HKLM\...\RarZilla Free Unrar) (Version: 6.50 - Philipp Winterberg)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden
RICOH R5U8xx Media Driver ver.3.64.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
Scansoft PDF Professional (Version: - ) Hidden
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Suite Specific (Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
TimeComX Basic (32-Bit) (HKLM\...\TimeComX Basic 32-Bit) (Version: 1.3.2.7 - Bitdreamers)
TV-Browser 3.3.3 (HKLM\...\tvbrowser) (Version: 3.3.3 - TV-Browser Team)
Twep4Word (HKLM\...\{4A053D91-95D8-42E2-9DC6-6BAA250EFEF6}) (Version: 2.0.0 - Pintexx GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Uplayer (HKLM\...\{89827CE5-AA89-4242-8294-CF1238D5B537}) (Version: 1.0.0.33 - D-LINK CORPORATION)
UseNeXT by Tangysoft (HKLM\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
XnView 2.25 (HKLM\...\XnView_is1) (Version: 2.25 - Gougelet Pierre-e)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{05E7B7BB-C07B-359E-BBE4-75840AC0DC75}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{1C5F6CE5-A4D6-36EF-8943-FFF2DC1DC63C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{1E5A9280-8948-30E9-A3B4-46FE260A2460}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{202B524F-841E-5A9D-8D3F-1010FA1A469E}\InprocServer32 -> C:\Users\hanns-robert\AppData\Roaming\dlink\Uplayer\1.0.0.33\npUplayer.dll (D-LINK CORPORATION)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{35CC930B-6AE9-3190-BF11-D5568CFB31B7}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{397F7E23-D5C5-3471-A7A0-5A327913178F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{4001ED3C-6915-3607-9E11-E9C256C31518}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{4E64FE28-607C-34D5-A724-5AA3F7B78CBE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{51D240C2-930F-3CDF-978F-D8FDBAE6BD4B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{532DF24E-1732-32A2-8FD5-BB628B37C592}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{58BE98A0-BD2F-3569-A762-B8DB59D816D6}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{5AC266CE-2096-3C3D-AE0E-9C225E92C91F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{5FE32F50-9508-3CF5-9E7D-F40990EF6677}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{78910A5C-31FD-3A43-A4C2-E0AF103F8E5B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{7DA6AAC3-DE8B-371C-85CD-9DA44DA48936}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{81844449-F2E9-3741-B170-81FBA7D062F4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{8342197C-FC40-3036-9C2B-3367ED383160}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{8DC91D79-68FD-3C50-BDED-74A0832E6953}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{A27B667C-DB21-3643-A491-20265D781784}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{AA7A8973-9BC9-335D-B2B9-1B9C245EA1EA}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{AFD6BFDC-F329-41BB-9C53-764B965DD483}\InprocServer32 -> C:\Program Files\Duden\Duden Korrektor\adxloader.dll ()
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{B0B7FB30-21B7-30A1-81F5-27B95C842ABB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{B2280F25-0EFD-3884-AE38-F7D356055E54}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{BE24893C-CB61-3529-9ED7-03AC59F9C1B0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{BF30E74C-47D7-32F1-95C0-C9E71AB494EB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{C027615C-6DDA-3D90-84A7-179190AF48F4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{C1DFFCCC-6218-3219-A120-AD500A0F3A8D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{C9223138-E681-3DD6-A571-57B02AE398E6}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{CF41E812-1AE1-332D-9FD2-1E7D0ABCE125}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{CF73B1DC-C662-3F5B-BD96-1A162AABAC23}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{D604058F-0290-327D-BA2C-732FFAC723DA}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{D8B0B600-3293-33B8-9C70-2C68EB83154A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{F2EBCBE9-FF20-4373-A2A7-526CD06E345F}\InprocServer32 -> C:\Users\hanns-robert\AppData\Roaming\Pintexx GmbH\Twep4Word\adxloader.dll ()
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{FB6B7F0B-A4A7-3343-83DF-6A692FFBA0BB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
==================== Wiederherstellungspunkte =========================
14-08-2015 19:58:24 Windows Update
18-08-2015 10:07:25 Windows Update
22-08-2015 18:19:04 Windows Update
24-08-2015 11:54:00 Windows Update
27-08-2015 16:44:52 Windows Update
01-09-2015 16:08:07 Windows Update
01-09-2015 21:01:17 Installed Image Composite Editor
03-09-2015 09:11:01 TuneUp Utilities 2014 wird entfernt
03-09-2015 09:12:57 TuneUp Utilities 2014 (de-DE) wird entfernt
03-09-2015 10:45:22 JRT Pre-Junkware Removal
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0761B118-79A1-4E76-91BE-3302D3CAF0CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {3D01BD9C-980C-4C83-A5C6-80713863A444} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-08-04] (Oracle Corporation)
Task: {80C06151-618B-41E8-9C17-97187C1FD2F3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-20] (Piriform Ltd)
Task: {BE0B4DB3-0094-44E0-A89B-5A41CFD14F6B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C83AFC1B-8DE0-4D7F-8F80-1FFC26CD2EF5} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {EDBDD5DD-7B92-4456-A5E8-86B8F9C1D6CC} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-08 21:12 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2014-10-15 22:47 - 2014-08-06 03:01 - 01048576 _____ () C:\Program Files\Everything\Everything.exe
2015-08-24 20:28 - 2015-08-24 20:28 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\TEMP:AEC0AC81
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\hanns-robert\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.192.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupfolder: C:^Users^hanns-robert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: iCloudDrive => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDF8 Registry Controller => "C:\Program Files\Nuance\PDF Professional 8\RegistryController.exe"
MSCONFIG\startupreg: PDFProHook => "C:\Program Files\Nuance\PDF Professional 8\pdfpro8hook.exe"
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{569F55E5-E4F1-4890-B6D2-54E0182D4511}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{D04A8605-B5D7-41C1-8988-CA7AC65AFB30}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{4B5468E8-65B2-4C9B-97FA-B4AA3D0FB974}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{41F6B5F8-BEA1-4557-9DB2-E31FF7E04315}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\PDFRouter.exe
FirewallRules: [{3A8C2DF6-E86E-4503-8DB2-1A9200C84C2D}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\PDFRouter.exe
FirewallRules: [{9A6A1099-41DE-44BB-AF59-976C6D17580F}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\PdfPro8Hook.exe
FirewallRules: [{7882A56C-ED67-46E9-A039-CB5AB4939E52}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\PdfPro8Hook.exe
FirewallRules: [{26564071-D266-4553-BE97-88C2D966BA03}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\bin\GPDFDirect.exe
FirewallRules: [{1C6B0B8F-D34F-4D4B-AEA9-30E0B89A0F44}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\bin\GPDFDirect.exe
FirewallRules: [{3BDE1EFA-DE06-4EC3-88F4-2214C4BC4777}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\bin\GaaihoDoc.exe
FirewallRules: [{CD617E50-791F-48C6-87DE-FF12D90680B8}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\bin\GaaihoDoc.exe
FirewallRules: [{ADA8436A-2330-44A1-A8E6-788CB6D984D0}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\Ereg\Ereg.exe
FirewallRules: [{033BE22F-A422-4061-A2CF-E6EE742E52D2}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\Ereg\Ereg.exe
FirewallRules: [{EF014C62-6D09-4EEA-96AF-A9247E9E9B11}] => (Allow) C:\Program Files\TV-Browser\tvbrowser.exe
FirewallRules: [{75F1F5F1-1369-4A08-9DE3-3998C2FBFF37}] => (Allow) C:\Program Files\TV-Browser\tvbrowser.exe
FirewallRules: [{0A39FC57-F100-4E10-81BF-B20F87E34DD3}] => (Allow) C:\Program Files\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{CD523873-ED27-454D-A7C2-3873F06F4447}] => (Allow) C:\Program Files\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{803F0232-96E2-4DF1-A53D-5692B58BCFA2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DD5A7DEF-8953-45A8-9A6C-ABBD90493E8E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C23AD7B8-731C-4559-93A5-40CC87FA681F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0E619DA5-42F0-4408-ADDA-2F14C7BE603F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E5E3FF1A-3E5B-4B15-8047-F0161348BFB4}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{0486A61B-02CA-45CE-AEE1-6EF63A1E0F26}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{71C1EF93-BB5E-4F9B-9EC9-9492B2A0C0D4}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{1D90E857-42CC-4D31-9311-72B8E89E50F1}] => (Allow) D:\Advanced\autorun.exe
FirewallRules: [{1608D51A-CFD0-4754-9968-4041BEB77EBE}] => (Allow) D:\Advanced\autorun.exe
FirewallRules: [{647677E9-56C2-4E06-A8F5-FA084693CCAD}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/03/2015 10:52:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/03/2015 10:42:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/03/2015 09:32:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/03/2015 08:49:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/01/2015 09:43:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/01/2015 07:06:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/01/2015 04:03:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/27/2015 04:23:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/26/2015 09:47:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/25/2015 05:38:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Systemfehler:
=============
Error: (09/03/2015 10:45:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/03/2015 10:45:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/03/2015 10:45:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/03/2015 10:45:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Remote Procedure Call (RPC) Net" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/03/2015 10:45:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PDFProFiltSrv" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/03/2015 10:45:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Internet Pass-Through Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/03/2015 10:45:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/03/2015 10:45:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/03/2015 10:45:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/03/2015 10:39:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T5850 @ 2.16GHz
Prozentuale Nutzung des RAM: 36%
Installierter physikalischer RAM: 2046.43 MB
Verfügbarer physikalischer RAM: 1305.89 MB
Summe virtueller Speicher: 4092.86 MB
Verfügbarer virtueller Speicher: 3290.16 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:232.88 GB) (Free:94.94 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 945F2211)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
==================== Ende vom Addition.txt ============================
betr. tune-up: wie sinnvoll ist der einsatz von CCleaner? ich nutze die free edition. |
|
03.09.2015, 18:24
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7: Notebook soll Junkmails verschicken Ccleaner ist gut für die Temps, aber Finger weg von der Registry  .ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Windows 7: Notebook soll Junkmails verschicken |
|
04.09.2015, 19:50
| #7 |
| | Windows 7: Notebook soll Junkmails verschicken hallo schrauber, geschafft! ESET ist ja ein monster von einer software... lohnt sich die anschaffung als antiviren scanner? aber ich vermute mal, dass du Emsisoft empfehlen wirst...  Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d23bf2b8d226344d8c2370a28dc5122f
# end=init
# utc_time=2015-09-04 08:48:06
# local_time=2015-09-04 10:48:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d23bf2b8d226344d8c2370a28dc5122f
# end=init
# utc_time=2015-09-04 08:50:56
# local_time=2015-09-04 10:50:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 25601
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d23bf2b8d226344d8c2370a28dc5122f
# end=updated
# utc_time=2015-09-04 08:57:24
# local_time=2015-09-04 10:57:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=d23bf2b8d226344d8c2370a28dc5122f
# engine=25601
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-09-04 12:16:01
# local_time=2015-09-04 02:16:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 9870833 64352955 0 0
# scanned=472102
# found=16
# cleaned=0
# scan_time=11916
sh=74B20D85BC69DB90D8DA4E0A9F4F79EEE0057E6D ft=1 fh=05fe150a8019ad38 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\hanns-robert\Software\cam\icuii\icuii805.exe"
sh=DD77E4612577A4178DEA50B50512C90030B8DFAD ft=1 fh=a2e12fdcf9a4bc1e vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\hanns-robert\Software\cam\icuii\icuii806.exe"
sh=65779416CECE0926A7C1DEEC1B87ACC9854B70FE ft=1 fh=0c7419563129743e vn="Mehrere Bedrohungen" ac=I fn="C:\Users\hanns-robert\Software\cd\daten_verteilen_auf_dvds_ignition.exe"
sh=EBC0F08FD723F0BED0DB6B1B5495DDAABEFEF4D0 ft=1 fh=7b29519702006b9c vn="Variante von Win32/Injector.RRI Trojaner" ac=I fn="C:\Users\hanns-robert\Software\nolimits\Monsoon.exe"
sh=6E45431B698CDB7BE8F1A41266BE7B327F33AD38 ft=1 fh=e5f91a3476785862 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="C:\Users\hanns-robert\Software\tools\Unlocker1.9.1.exe"
sh=9B06B72A09E080D37C9D84A67B552B6050667D90 ft=1 fh=aa0cb7e2bcfc9fbc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="E:\software\FreeAudioConverter.exe"
sh=078754E88485A37F673AC14E18B95DBC85A9FDA4 ft=1 fh=f509302feaa8a887 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="E:\software\FreeAudioDub.exe"
sh=FDC2EA51B5536494AF21F857A14411077B58EDBB ft=1 fh=04b58d39a0502cf7 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="E:\software\zaSetup_92_106_000_en.exe"
sh=C3547D582A9CEF1F8D4BB4D11D13CE439EFFFC88 ft=1 fh=61ae612f12e7a3af vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\software\internet\ashampoo_clipfinder_hd_e2.18.exe"
sh=740E73A9271E01CFEEBFE54E0156D374A7AEFD7F ft=1 fh=c71c001177bf4673 vn="Win32/BadJoke.AN Trojaner" ac=I fn="G:\pc_alt\jokes\neu\opt_taeuschung\oups.exe"
sh=620A10BFF150F1A2E28ABA89C04466B153DA7DCD ft=1 fh=938b60ab58a7f6a3 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\software\freedownloadmanager_30852.exe"
sh=9C7EC8EB5D7CA43214E25369CBFE1A35E25245FA ft=1 fh=ac1b0e7e2ef325c4 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="G:\software\unlocker1.8.7.exe"
sh=44C75F2F955CFE8650932D5D600397C0712CD10A ft=1 fh=1ed1429be76b2d59 vn="Variante von Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="G:\software\audio\audiograbber\agsetup183se.exe"
sh=74B20D85BC69DB90D8DA4E0A9F4F79EEE0057E6D ft=1 fh=05fe150a8019ad38 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\software\cam\icuii\icuii805.exe"
sh=DD77E4612577A4178DEA50B50512C90030B8DFAD ft=1 fh=a2e12fdcf9a4bc1e vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\software\cam\icuii\icuii806.exe"
sh=EBC0F08FD723F0BED0DB6B1B5495DDAABEFEF4D0 ft=1 fh=7b29519702006b9c vn="Variante von Win32/Injector.RRI Trojaner" ac=I fn="G:\software\nolimits\Monsoon.exe"
Code:
ATTFilter Results of screen317's Security Check version 1.008
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java 8 Update 60
Adobe Flash Player 18.0.0.232
Mozilla Firefox (40.0.3)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2015
durchgeführt von hanns-robert (Administrator) auf hanns-robert-PC (04-09-2015 20:02:22)
Gestartet von C:\Users\hanns-robert\Downloads\trojaner-board
Geladene Profile: hanns-robert (Verfügbare Profile: hanns-robert & admin)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 8\PDFProFiltSrv.exe
(Absolute Software Corp.) C:\Windows\System32\rpcnet.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files\Everything\Everything.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1048576 2014-08-06] ()
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139776 2014-01-27] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4513792 2013-12-19] (Brother Industries, Ltd.)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [2720144 2015-08-09] (Dominik Reichl)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157968 2015-08-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6490904 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1
Tcpip\..\Interfaces\{0119FB2D-7C7E-4258-954F-5A33F8A32915}: [DhcpNameServer] 192.168.123.81 192.168.123.124
Tcpip\..\Interfaces\{677857D5-A830-483C-866D-A51015D17ED7}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{83DC2806-26AE-4D68-B2D8-8A10872F72A9}: [DhcpNameServer] 192.168.192.1
Internet Explorer:
==================
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000 -> {17521AD6-C195-4576-B69C-9A60834CDE99} URL = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
SearchScopes: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000 -> {219D42F1-35A3-4625-8532-82EF0313D5C8} URL = hxxp://ecosia.org/search?q={searchTerms}&addon=opsensearch-ie
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll [2012-07-19] (Zeon Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-01] (Oracle Corporation)
BHO: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-01] (Oracle Corporation)
Toolbar: HKLM - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)
FireFox:
========
FF ProfilePath: C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default
FF DefaultSearchEngine: Ecosia
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.gmx.net
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-01] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: ZEON/PDF,version=2.0 -> C:\Program Files\Nuance\PDF Professional 8\bin\nppdf.dll [2012-07-31] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-1148431976-1086807397-2611512696-1000: www.mydlink.com/Uplayer -> C:\Users\hanns-robert\AppData\Roaming\dlink\Uplayer\1.0.0.33\npUplayer.dll [2015-07-09] (D-LINK CORPORATION)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npatgpc.dll [2015-06-16] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\hanns-robert\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-06-16] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\searchplugins\duckduckgo.xml [2014-01-18]
FF SearchPlugin: C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\searchplugins\ecosia.xml [2015-06-10]
FF Extension: German Dictionary - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-10]
FF Extension: United States English Spellchecker - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\en-US@dictionaries.addons.mozilla.org [2014-04-11]
FF Extension: FireFTP - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-05-31]
FF Extension: Add Bookmark Here ² - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\abhere2@moztw.org.xpi [2014-04-11]
FF Extension: Copy Plain Text 2 - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\copyplaintext@teo.pl.xpi [2014-04-11]
FF Extension: Facebook Disconnect - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\facebook@disconnect.me.xpi [2014-12-15]
FF Extension: Mailvelope - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\jid1-AQqSMBYb0a8ADg@jetpack.xpi [2015-04-22]
FF Extension: DuckDuckGo Plus - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-04-11]
FF Extension: Print/Print Preview - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}.xpi [2014-04-11]
FF Extension: Image Zoom - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2014-04-11]
FF Extension: Ecosia — The search engine that plants trees! - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-04-11]
FF Extension: Adblock Plus - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-11]
FF Extension: Tab Mix Plus - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-10-16]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-01]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-02-19] (Adobe Systems) [Datei ist nicht signiert]
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [Datei ist nicht signiert]
S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1045840 2015-07-21] (Flexera Software LLC.)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [Datei ist nicht signiert]
R2 PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-10-23] (Nuance Communications, Inc.)
R2 rpcnet; C:\Windows\system32\rpcnet.exe [78032 2015-04-16] (Absolute Software Corp.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 eapihdrv; C:\Users\hanns-robert\AppData\Local\Temp\ehdrv.sys [135760 2015-09-04] (ESET)
S3 HTCAND32; C:\Windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-26] (HTC, Corporation) [Datei ist nicht signiert]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
S3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [86408 2012-08-27] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [178568 2012-08-27] (Renesas Electronics Corporation)
R0 PxHelp20; C:\Windows\System32\drivers\PxHelp20.sys [46096 2013-07-19] (Corel Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2014-07-28] (Apple, Inc.) [Datei ist nicht signiert]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-04 10:47 - 2015-09-04 10:47 - 00000000 ____D C:\Program Files\ESET
2015-09-04 10:43 - 2015-09-04 10:43 - 00000056 _____ C:\Windows\setupact.log
2015-09-04 10:43 - 2015-09-04 10:43 - 00000000 _____ C:\Windows\setuperr.log
2015-09-03 11:38 - 2015-09-03 11:38 - 00000000 ____D C:\Users\hanns-robert\Documents\Add-in Express
2015-09-03 10:36 - 2015-09-03 10:39 - 00000000 ____D C:\AdwCleaner
2015-09-03 09:22 - 2015-09-03 09:22 - 00001064 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-09-03 09:22 - 2015-09-03 09:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-09-03 09:22 - 2015-09-03 09:22 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware
2015-09-03 09:22 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-03 09:22 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-02 00:51 - 2015-09-02 00:51 - 06667640 _____ (Piriform Ltd) C:\Users\hanns-robert\Downloads\ccsetup509.exe
2015-09-01 22:03 - 2015-09-03 09:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-01 22:02 - 2015-09-03 09:33 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-01 22:02 - 2015-09-02 00:31 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-01 22:01 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-01 22:00 - 2015-09-01 22:01 - 00000000 ____D C:\Users\admin\Downloads\mbar
2015-09-01 21:57 - 2015-09-01 21:57 - 00000000 ____D C:\Program Files\Common Files\Java
2015-09-01 21:56 - 2015-09-01 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-01 21:56 - 2015-09-01 21:55 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-09-01 21:03 - 2015-09-01 21:03 - 00000000 ____D C:\Users\hanns-robert\AppData\Local\Image Composite Editor
2015-09-01 21:02 - 2015-09-01 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Composite Editor
2015-09-01 21:02 - 2015-09-01 21:02 - 00000000 ____D C:\Program Files\Microsoft Research
2015-09-01 19:25 - 2015-09-04 20:02 - 00000000 ____D C:\FRST
2015-09-01 19:22 - 2015-09-01 19:22 - 00000000 _____ C:\Users\hanns-robert\defogger_reenable
2015-09-01 19:17 - 2015-09-01 19:17 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\Sun
2015-09-01 19:17 - 2015-09-01 19:17 - 00000000 ____D C:\Users\hanns-robert\.oracle_jre_usage
2015-09-01 19:13 - 2015-09-04 20:02 - 00000000 ____D C:\Users\hanns-robert\Downloads\trojaner-board
2015-09-01 19:12 - 2015-09-01 19:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-01 16:40 - 2015-09-01 16:41 - 23273424 _____ (SUPERAntiSpyware) C:\Users\hanns-robert\Downloads\SUPERAntiSpywarePro.exe
2015-09-01 16:20 - 2015-09-01 16:20 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\TeamViewer
2015-08-25 19:07 - 2015-08-25 19:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-08-25 19:06 - 2015-08-25 19:07 - 00000000 ____D C:\Program Files\QuickTime
2015-08-24 11:54 - 2015-08-11 02:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-24 11:54 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-18 11:39 - 2015-08-18 11:39 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-18 11:39 - 2015-08-18 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-18 11:38 - 2015-08-18 11:39 - 00000000 ____D C:\Program Files\iTunes
2015-08-18 11:38 - 2015-08-18 11:38 - 00000000 ____D C:\Program Files\iPod
2015-08-14 20:07 - 2015-08-14 20:07 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-08-14 20:07 - 2015-08-14 20:07 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-08-13 21:15 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-13 21:15 - 2015-07-30 18:52 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-13 21:15 - 2015-07-30 18:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-13 21:15 - 2015-07-21 02:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-13 21:15 - 2015-07-16 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-13 21:15 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-13 21:15 - 2015-07-16 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-13 21:15 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-13 21:15 - 2015-07-16 21:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-13 21:15 - 2015-07-16 21:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-13 21:15 - 2015-07-16 21:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-13 21:15 - 2015-07-16 21:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-13 21:15 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-13 21:15 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-13 21:15 - 2015-07-16 21:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-13 21:15 - 2015-07-16 21:39 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-13 21:15 - 2015-07-16 21:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-13 21:15 - 2015-07-16 21:32 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-13 21:15 - 2015-07-16 21:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-13 21:15 - 2015-07-16 21:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-13 21:15 - 2015-07-16 21:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-13 21:15 - 2015-07-16 21:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-13 21:15 - 2015-07-16 21:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-13 21:15 - 2015-07-16 21:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-13 21:15 - 2015-07-16 21:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-13 21:15 - 2015-07-16 21:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-13 21:15 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-13 21:15 - 2015-07-16 21:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-13 21:15 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-13 21:15 - 2015-07-16 21:06 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-13 21:15 - 2015-07-16 21:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-13 21:15 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-13 21:15 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-13 21:15 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-13 21:15 - 2015-07-16 17:14 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-13 21:15 - 2015-07-15 19:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-13 21:15 - 2015-07-15 19:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-13 21:15 - 2015-07-15 19:59 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-13 21:15 - 2015-07-15 19:59 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-13 21:15 - 2015-07-15 19:59 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-13 21:15 - 2015-07-15 19:56 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-13 21:15 - 2015-07-15 19:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-13 21:15 - 2015-07-15 19:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-13 21:15 - 2015-07-15 19:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-13 21:15 - 2015-07-15 19:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-13 21:15 - 2015-07-15 19:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-13 21:15 - 2015-07-15 19:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-13 21:15 - 2015-07-15 19:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-13 21:15 - 2015-07-15 19:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-13 21:15 - 2015-07-15 18:36 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-13 21:15 - 2015-07-15 18:36 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-13 21:15 - 2015-07-15 18:36 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-13 21:14 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-13 21:14 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-13 21:11 - 2015-07-10 19:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-13 21:10 - 2015-07-15 04:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-13 21:09 - 2015-07-15 04:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-13 21:09 - 2015-07-15 04:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-13 21:09 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-13 21:09 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 16:28 - 2015-07-30 15:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 16:27 - 2015-07-28 22:04 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 16:27 - 2015-07-28 22:00 - 00952832 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 16:27 - 2015-07-28 21:54 - 00934400 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 02061312 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 16:27 - 2015-07-20 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 16:27 - 2015-07-20 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 16:27 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 16:27 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 16:27 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 16:27 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 16:16 - 2015-08-12 16:17 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\Nvu
2015-08-12 16:15 - 2015-08-12 16:16 - 00001477 _____ C:\Users\hanns-robert\Desktop\nvu.lnk
2015-08-11 15:28 - 2015-08-11 15:30 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\KompoZer
2015-08-11 15:25 - 2015-08-11 15:28 - 00000000 ____D C:\Program Files\KompoZer 0.7.10
2015-08-10 20:44 - 2015-08-10 20:44 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\dlink
2015-08-06 11:43 - 2015-08-06 11:43 - 00094208 _____ (Apple Inc.) C:\Windows\system32\QuickTimeVR.qtx
2015-08-06 11:43 - 2015-08-06 11:43 - 00069632 _____ (Apple Inc.) C:\Windows\system32\QuickTime.qts
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-04 19:10 - 2014-05-06 21:11 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-04 10:58 - 2009-07-14 06:34 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-04 10:58 - 2009-07-14 06:34 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-04 10:46 - 2014-08-20 20:12 - 01247885 _____ C:\Windows\WindowsUpdate.log
2015-09-04 10:44 - 2014-04-13 12:01 - 00381440 ___SH C:\Users\hanns-robert\Desktop\Thumbs.db
2015-09-04 10:43 - 2014-04-13 17:50 - 00078032 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2015-09-04 10:43 - 2014-04-13 17:45 - 00017408 _____ C:\Windows\system32\rpcnetp.exe
2015-09-04 10:43 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-04 10:28 - 2014-10-15 22:47 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\Everything
2015-09-04 10:28 - 2014-05-10 22:04 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\XnView
2015-09-04 09:01 - 2010-11-20 23:01 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-04 07:41 - 2014-10-17 22:15 - 00000000 ___RD C:\Users\hanns-robert\iCloudDrive
2015-09-02 00:52 - 2015-07-23 19:54 - 00000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-02 00:52 - 2014-04-13 17:46 - 00000000 ____D C:\Users\admin
2015-09-02 00:52 - 2014-04-11 01:04 - 00000000 ____D C:\Program Files\CCleaner
2015-09-01 21:58 - 2014-04-15 21:28 - 00000000 ____D C:\ProgramData\Oracle
2015-09-01 21:54 - 2014-04-15 21:31 - 00000000 ____D C:\Program Files\Java
2015-09-01 21:41 - 2014-04-10 22:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-01 21:00 - 2014-04-11 00:56 - 00000000 ____D C:\Users\hanns-robert\Software
2015-09-01 20:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-09-01 20:07 - 2014-05-10 00:19 - 02420736 ___SH C:\Users\hanns-robert\Downloads\Thumbs.db
2015-09-01 19:22 - 2014-04-10 21:37 - 00000000 ____D C:\Users\hanns-robert
2015-08-27 16:42 - 2014-11-04 22:38 - 00000000 ____D C:\Users\hanns-robert\usb
2015-08-26 23:18 - 2014-04-13 11:23 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\KeePass
2015-08-25 23:15 - 2014-04-16 00:55 - 00000000 ____D C:\ProgramData\TEMP
2015-08-25 20:58 - 2014-07-21 20:38 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\UseNeXT
2015-08-25 20:50 - 2015-03-08 10:33 - 00000000 ____D C:\Users\hanns-robert\Downloads\usenext
2015-08-18 11:38 - 2014-09-18 21:25 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-18 10:19 - 2014-04-10 22:43 - 00000000 ____D C:\Windows\system32\MRT
2015-08-18 10:10 - 2014-04-10 22:43 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-14 21:00 - 2014-04-11 08:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-14 21:00 - 2009-07-14 06:33 - 00429392 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-14 20:57 - 2011-04-12 03:29 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2015-08-14 20:57 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-08-14 20:53 - 2015-07-03 22:52 - 00014873 _____ C:\Users\hanns-robert\Downloads\Reiseplan ZA 2015.xlsx
2015-08-14 20:14 - 2014-04-11 08:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-14 20:13 - 2014-04-15 21:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 21:45 - 2014-04-15 21:28 - 00000000 ____D C:\Users\hanns-robert\bilder
2015-08-12 21:13 - 2014-04-26 22:41 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\Notepad++
2015-08-12 21:13 - 2014-04-26 22:41 - 00000000 ____D C:\Program Files\Notepad++
2015-08-12 20:47 - 2014-05-25 14:07 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\vlc
2015-08-12 20:33 - 2014-06-04 22:50 - 00000000 ____D C:\Users\hanns-robert\video
2015-08-12 17:10 - 2014-04-15 20:29 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-12 17:10 - 2014-04-15 20:29 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-12 16:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-12 16:39 - 2015-04-15 11:47 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 16:39 - 2014-05-06 22:30 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 16:05 - 2015-04-15 21:43 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-08-11 16:21 - 2015-04-08 16:09 - 00000000 ____D C:\Windows\system32\data
2015-08-11 15:31 - 2015-05-25 22:13 - 00000000 ____D C:\Users\hanns-robert\Downloads\print
2015-08-11 15:13 - 2014-04-13 11:37 - 00000000 ____D C:\Users\hanns-robert\linus
2015-08-10 20:41 - 2014-04-13 10:49 - 00001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2015-08-10 20:41 - 2014-04-13 10:49 - 00000000 ____D C:\Program Files\KeePass Password Safe 2
2015-08-05 21:39 - 2014-05-10 19:50 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\TV-Browser
2015-08-05 11:50 - 2015-06-22 00:11 - 00000093 _____ C:\Users\hanns-robert\Desktop\links.txt
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-04-15 20:56 - 2014-04-15 20:56 - 0000030 _____ () C:\Program Files\Exiferupdate.ini
2015-05-03 11:55 - 2015-05-03 11:55 - 0007610 _____ () C:\Users\hanns-robert\AppData\Local\Resmon.ResmonCfg
2014-04-15 22:56 - 2014-04-15 22:56 - 0000026 ____H () C:\ProgramData\.811261211181235583101118113995
Einige Dateien in TEMP:
====================
C:\Users\hanns-robert\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-09-01 20:40
==================== Ende vom FRST.txt ============================
FRST Additions Logfile: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:31-08-2015
durchgeführt von hanns-robert (2015-09-04 20:03:15)
Gestartet von C:\Users\hanns-robert\Downloads\trojaner-board
Start-Modus: Normal
==========================================================
==================== Konten: =============================
admin (S-1-5-21-1148431976-1086807397-2611512696-1003 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-1148431976-1086807397-2611512696-500 - Administrator - Disabled)
Gast (S-1-5-21-1148431976-1086807397-2611512696-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1148431976-1086807397-2611512696-1002 - Limited - Enabled)
hanns-robert (S-1-5-21-1148431976-1086807397-2611512696-1000 - Administrator - Enabled) => C:\Users\hanns-robert
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.38 beta (HKLM\...\7-Zip) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Creative Suite 2 (HKLM\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version: - )
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
Anti-Twin (Installation 02.10.2014) (HKLM\...\Anti-Twin 2014-10-02 12.49.50) (Version: - Joerg Rosenthal, Germany)
Apple Application Support (32-Bit) (HKLM\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-L2700DW series (HKLM\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 0.0.20.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5666 - CDBurnerXP)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
CUEcards 2000 (HKLM\...\CUEcards 2000) (Version: - Marcus Humann Software-Technik)
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
Duden Home (HKLM\...\{288A423E-D6CA-47C3-B480-D1203EB08949}) (Version: 10.1.0 - Bibliographisches Institut GmbH)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Everything 1.3.4.686 (x86) (HKLM\...\Everything) (Version: - )
Final Draft (HKLM\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.3.120 - Final Draft, Inc.)
Final Draft (HKLM\...\{E8FDC52C-83F4-4A0F-AA65-D0E8C0F3302F}) (Version: 9.0.7.184 - Final Draft, Inc.)
Free YouTube Download version 3.2.46.923 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.46.923 - DVDVideoSoft Ltd.)
iCloud (HKLM\...\{9A07AB4F-6B53-43E9-B7FC-7892E8C26BE3}) (Version: 4.1.1.53 - Apple Inc.)
Image Composite Editor (HKLM\...\{B29E2C62-496A-4F4F-9ED0-239FA15E1CB8}) (Version: 2.0.3 - Microsoft Corporation)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{025E78AC-BD91-4E9E-B165-3C09D4084BA4}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
KeePass Password Safe 2.30 (HKLM\...\KeePassPasswordSafe2_is1) (Version: 2.30 - Dominik Reichl)
LibreOffice 4.4 Help Pack (German) (HKLM\...\{CCC30EC0-253C-4CF3-9A5D-5DE2601CD760}) (Version: 4.4.3.2 - The Document Foundation)
LibreOffice 4.4.3.2 (HKLM\...\{A651A592-2F6C-4D66-AEA8-9BFE4B61BCB3}) (Version: 4.4.3.2 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 40.0.3 (x86 de) (HKLM\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Mp3tag v2.70 (HKLM\...\Mp3tag) (Version: v2.70 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.8.1 - Notepad++ Team)
Nuance PDF Converter Professional 8 (HKLM\...\{35D85791-82E5-443B-B051-8FD85D9D5155}) (Version: 8.10.3267 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 Update x86 (HKLM\...\{7E6CA782-AA41-4E4C-A948-232B7FD82696}) (Version: 8.11.0000 - Nuance Communications, Inc.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
QuickTime 7 (HKLM\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RarZilla Free Unrar (HKLM\...\RarZilla Free Unrar) (Version: 6.50 - Philipp Winterberg)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden
RICOH R5U8xx Media Driver ver.3.64.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
Scansoft PDF Professional (Version: - ) Hidden
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Suite Specific (Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
TimeComX Basic (32-Bit) (HKLM\...\TimeComX Basic 32-Bit) (Version: 1.3.2.7 - Bitdreamers)
TV-Browser 3.3.3 (HKLM\...\tvbrowser) (Version: 3.3.3 - TV-Browser Team)
Twep4Word (HKLM\...\{4A053D91-95D8-42E2-9DC6-6BAA250EFEF6}) (Version: 2.0.0 - Pintexx GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Uplayer (HKLM\...\{89827CE5-AA89-4242-8294-CF1238D5B537}) (Version: 1.0.0.33 - D-LINK CORPORATION)
UseNeXT by Tangysoft (HKLM\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
XnView 2.25 (HKLM\...\XnView_is1) (Version: 2.25 - Gougelet Pierre-e)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{05E7B7BB-C07B-359E-BBE4-75840AC0DC75}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{1C5F6CE5-A4D6-36EF-8943-FFF2DC1DC63C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{1E5A9280-8948-30E9-A3B4-46FE260A2460}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{202B524F-841E-5A9D-8D3F-1010FA1A469E}\InprocServer32 -> C:\Users\hanns-robert\AppData\Roaming\dlink\Uplayer\1.0.0.33\npUplayer.dll (D-LINK CORPORATION)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{35CC930B-6AE9-3190-BF11-D5568CFB31B7}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{397F7E23-D5C5-3471-A7A0-5A327913178F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{4001ED3C-6915-3607-9E11-E9C256C31518}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{4E64FE28-607C-34D5-A724-5AA3F7B78CBE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{51D240C2-930F-3CDF-978F-D8FDBAE6BD4B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{532DF24E-1732-32A2-8FD5-BB628B37C592}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{58BE98A0-BD2F-3569-A762-B8DB59D816D6}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{5AC266CE-2096-3C3D-AE0E-9C225E92C91F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{5FE32F50-9508-3CF5-9E7D-F40990EF6677}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{78910A5C-31FD-3A43-A4C2-E0AF103F8E5B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{7DA6AAC3-DE8B-371C-85CD-9DA44DA48936}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{81844449-F2E9-3741-B170-81FBA7D062F4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{8342197C-FC40-3036-9C2B-3367ED383160}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{8DC91D79-68FD-3C50-BDED-74A0832E6953}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{A27B667C-DB21-3643-A491-20265D781784}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{AA7A8973-9BC9-335D-B2B9-1B9C245EA1EA}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{AFD6BFDC-F329-41BB-9C53-764B965DD483}\InprocServer32 -> C:\Program Files\Duden\Duden Korrektor\adxloader.dll ()
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{B0B7FB30-21B7-30A1-81F5-27B95C842ABB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{B2280F25-0EFD-3884-AE38-F7D356055E54}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{BE24893C-CB61-3529-9ED7-03AC59F9C1B0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{BF30E74C-47D7-32F1-95C0-C9E71AB494EB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{C027615C-6DDA-3D90-84A7-179190AF48F4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{C1DFFCCC-6218-3219-A120-AD500A0F3A8D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{C9223138-E681-3DD6-A571-57B02AE398E6}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{CF41E812-1AE1-332D-9FD2-1E7D0ABCE125}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{CF73B1DC-C662-3F5B-BD96-1A162AABAC23}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{D604058F-0290-327D-BA2C-732FFAC723DA}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{D8B0B600-3293-33B8-9C70-2C68EB83154A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{F2EBCBE9-FF20-4373-A2A7-526CD06E345F}\InprocServer32 -> C:\Users\hanns-robert\AppData\Roaming\Pintexx GmbH\Twep4Word\adxloader.dll ()
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{FB6B7F0B-A4A7-3343-83DF-6A692FFBA0BB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
==================== Wiederherstellungspunkte =========================
04-09-2015 14:40:29 Geplanter Prüfpunkt
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0761B118-79A1-4E76-91BE-3302D3CAF0CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {3D01BD9C-980C-4C83-A5C6-80713863A444} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-08-04] (Oracle Corporation)
Task: {80C06151-618B-41E8-9C17-97187C1FD2F3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-20] (Piriform Ltd)
Task: {BE0B4DB3-0094-44E0-A89B-5A41CFD14F6B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C83AFC1B-8DE0-4D7F-8F80-1FFC26CD2EF5} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {EDBDD5DD-7B92-4456-A5E8-86B8F9C1D6CC} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-08 21:12 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2014-10-15 22:47 - 2014-08-06 03:01 - 01048576 _____ () C:\Program Files\Everything\Everything.exe
2015-08-24 20:28 - 2015-08-24 20:28 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\TEMP:AEC0AC81
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\hanns-robert\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupfolder: C:^Users^hanns-robert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: iCloudDrive => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDF8 Registry Controller => "C:\Program Files\Nuance\PDF Professional 8\RegistryController.exe"
MSCONFIG\startupreg: PDFProHook => "C:\Program Files\Nuance\PDF Professional 8\pdfpro8hook.exe"
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{569F55E5-E4F1-4890-B6D2-54E0182D4511}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{D04A8605-B5D7-41C1-8988-CA7AC65AFB30}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{4B5468E8-65B2-4C9B-97FA-B4AA3D0FB974}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{41F6B5F8-BEA1-4557-9DB2-E31FF7E04315}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\PDFRouter.exe
FirewallRules: [{3A8C2DF6-E86E-4503-8DB2-1A9200C84C2D}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\PDFRouter.exe
FirewallRules: [{9A6A1099-41DE-44BB-AF59-976C6D17580F}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\PdfPro8Hook.exe
FirewallRules: [{7882A56C-ED67-46E9-A039-CB5AB4939E52}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\PdfPro8Hook.exe
FirewallRules: [{26564071-D266-4553-BE97-88C2D966BA03}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\bin\GPDFDirect.exe
FirewallRules: [{1C6B0B8F-D34F-4D4B-AEA9-30E0B89A0F44}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\bin\GPDFDirect.exe
FirewallRules: [{3BDE1EFA-DE06-4EC3-88F4-2214C4BC4777}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\bin\GaaihoDoc.exe
FirewallRules: [{CD617E50-791F-48C6-87DE-FF12D90680B8}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\bin\GaaihoDoc.exe
FirewallRules: [{ADA8436A-2330-44A1-A8E6-788CB6D984D0}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\Ereg\Ereg.exe
FirewallRules: [{033BE22F-A422-4061-A2CF-E6EE742E52D2}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\Ereg\Ereg.exe
FirewallRules: [{EF014C62-6D09-4EEA-96AF-A9247E9E9B11}] => (Allow) C:\Program Files\TV-Browser\tvbrowser.exe
FirewallRules: [{75F1F5F1-1369-4A08-9DE3-3998C2FBFF37}] => (Allow) C:\Program Files\TV-Browser\tvbrowser.exe
FirewallRules: [{0A39FC57-F100-4E10-81BF-B20F87E34DD3}] => (Allow) C:\Program Files\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{CD523873-ED27-454D-A7C2-3873F06F4447}] => (Allow) C:\Program Files\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{803F0232-96E2-4DF1-A53D-5692B58BCFA2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DD5A7DEF-8953-45A8-9A6C-ABBD90493E8E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C23AD7B8-731C-4559-93A5-40CC87FA681F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0E619DA5-42F0-4408-ADDA-2F14C7BE603F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E5E3FF1A-3E5B-4B15-8047-F0161348BFB4}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{0486A61B-02CA-45CE-AEE1-6EF63A1E0F26}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{71C1EF93-BB5E-4F9B-9EC9-9492B2A0C0D4}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{1D90E857-42CC-4D31-9311-72B8E89E50F1}] => (Allow) D:\Advanced\autorun.exe
FirewallRules: [{1608D51A-CFD0-4754-9968-4041BEB77EBE}] => (Allow) D:\Advanced\autorun.exe
FirewallRules: [{647677E9-56C2-4E06-A8F5-FA084693CCAD}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/04/2015 10:44:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: PDFCore8.dll, Version: 8.0.0.70, Zeitstempel: 0x512d656e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000a366c
ID des fehlerhaften Prozesses: 0xdf4
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (09/04/2015 10:44:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: PDFCore8.dll, Version: 8.0.0.70, Zeitstempel: 0x512d656e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000a366c
ID des fehlerhaften Prozesses: 0xb88
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (09/04/2015 10:43:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/04/2015 07:40:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/03/2015 10:52:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/03/2015 10:42:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/03/2015 09:32:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/03/2015 08:49:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/01/2015 09:43:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/01/2015 07:06:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Systemfehler:
=============
Error: (09/04/2015 09:36:14 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (09/04/2015 09:36:13 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (09/04/2015 09:36:13 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (09/04/2015 09:36:12 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (09/04/2015 09:36:12 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (09/04/2015 09:33:22 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (09/04/2015 09:33:21 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (09/04/2015 09:33:21 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (09/04/2015 09:33:20 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (09/04/2015 09:33:20 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Microsoft Office:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T5850 @ 2.16GHz
Prozentuale Nutzung des RAM: 44%
Installierter physikalischer RAM: 2046.43 MB
Verfügbarer physikalischer RAM: 1133.14 MB
Summe virtueller Speicher: 4092.86 MB
Verfügbarer virtueller Speicher: 3199.4 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:232.88 GB) (Free:112.99 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive e: (*****) (Fixed) (Total:931.51 GB) (Free:230.1 GB) NTFS
Drive f: (*****) (Fixed) (Total:931.51 GB) (Free:540.13 GB) NTFS
Drive g: (*****) (Fixed) (Total:1863.01 GB) (Free:1539.55 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 945F2211)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 873307EF)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 01808E23)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (Size: 931.5 GB) (Disk ID: 66452DF5)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== Ende vom Addition.txt ============================
|
|
05.09.2015, 13:56
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7: Notebook soll Junkmails verschicken Was ich empfehle tut ja nix zur Sache ESET ist kein schlechtes AV Programm. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\hanns-robert\Software\cam\icuii\icuii805.exe
C:\Users\hanns-robert\Software\cam\icuii\icuii806.exe
C:\Users\hanns-robert\Software\cd\daten_verteilen_auf_dvds_ignition.exe
C:\Users\hanns-robert\Software\nolimits\Monsoon.exe
C:\Users\hanns-robert\Software\tools\Unlocker1.9.1.exe
E:\software\FreeAudioConverter.exe
E:\software\FreeAudioDub.exe
E:\software\zaSetup_92_106_000_en.exe
E:\software\internet\ashampoo_clipfinder_hd_e2.18.exe
G:\pc_alt\jokes\neu\opt_taeuschung\oups.exe
G:\software\freedownloadmanager_30852.exe
G:\software\unlocker1.8.7.exe
G:\software\audio\audiograbber\agsetup183se.exe
G:\software\cam\icuii\icuii805.exe
G:\software\cam\icuii\icuii806.exe
G:\software\nolimits\Monsoon.exe
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren .
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung:Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.09.2015, 19:36
| #9 |
| | Windows 7: Notebook soll Junkmails verschickenCode:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x86) Version:31-08-2015
durchgeführt von hanns-robert (2015-09-05 19:07:10) Run:2
Gestartet von C:\Users\hanns-robert\Downloads\trojaner-board
Geladene Profile: hanns-robert (Verfügbare Profile: hanns-robert & admin)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
C:\Users\hanns-robert\Software\cam\icuii\icuii805.exe
C:\Users\hanns-robert\Software\cam\icuii\icuii806.exe
C:\Users\hanns-robert\Software\cd\daten_verteilen_auf_dvds_ignition.exe
C:\Users\hanns-robert\Software\nolimits\Monsoon.exe
C:\Users\hanns-robert\Software\tools\Unlocker1.9.1.exe
E:\software\FreeAudioConverter.exe
E:\software\FreeAudioDub.exe
E:\software\zaSetup_92_106_000_en.exe
E:\software\internet\ashampoo_clipfinder_hd_e2.18.exe
G:\pc_alt\jokes\neu\opt_taeuschung\oups.exe
G:\software\freedownloadmanager_30852.exe
G:\software\unlocker1.8.7.exe
G:\software\audio\audiograbber\agsetup183se.exe
G:\software\cam\icuii\icuii805.exe
G:\software\cam\icuii\icuii806.exe
G:\software\nolimits\Monsoon.exe
Emptytemp:
*****************
C:\Users\hanns-robert\Software\cam\icuii\icuii805.exe => erfolgreich verschoben
C:\Users\hanns-robert\Software\cam\icuii\icuii806.exe => erfolgreich verschoben
C:\Users\hanns-robert\Software\cd\daten_verteilen_auf_dvds_ignition.exe => erfolgreich verschoben
C:\Users\hanns-robert\Software\nolimits\Monsoon.exe => erfolgreich verschoben
C:\Users\hanns-robert\Software\tools\Unlocker1.9.1.exe => erfolgreich verschoben
E:\software\FreeAudioConverter.exe => erfolgreich verschoben
E:\software\FreeAudioDub.exe => erfolgreich verschoben
E:\software\zaSetup_92_106_000_en.exe => erfolgreich verschoben
E:\software\internet\ashampoo_clipfinder_hd_e2.18.exe => erfolgreich verschoben
G:\pc_alt\jokes\neu\opt_taeuschung\oups.exe => erfolgreich verschoben
G:\software\freedownloadmanager_30852.exe => erfolgreich verschoben
G:\software\unlocker1.8.7.exe => erfolgreich verschoben
G:\software\audio\audiograbber\agsetup183se.exe => erfolgreich verschoben
G:\software\cam\icuii\icuii805.exe => erfolgreich verschoben
G:\software\cam\icuii\icuii806.exe => erfolgreich verschoben
G:\software\nolimits\Monsoon.exe => erfolgreich verschoben
EmptyTemp: => 448.3 MB temporäre Dateien entfernt.
Das System musste neu gestartet werden.
==== Ende vom Fixlog 19:07:13 ====
Code:
ATTFilter defogger_enable by jpshortstuff (23.02.10.1)
Log created at 19:10 on 05/09/2015 (hanns-robert)
Parsing file...
-=E.O.F=-
Code:
ATTFilter # DelFix v1.011 - Datei am 05/09/2015 um 19:20:00 erstellt
# Aktualisiert am 18/08/2015 von Xplode
# Benutzer : hanns-robert - hanns-robert-PC
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
~ Aktiviere die Benutzerkontensteuerung ... OK
~ Entferne die Bereinigungsprogramme ...
Gelöscht : C:\FRST
Gelöscht : C:\AdwCleaner
Gelöscht : C:\TDSSKiller.3.1.0.5_02.09.2015_00.31.54_log.txt
Gelöscht : HKLM\SOFTWARE\AdwCleaner
~ Erstelle ein Backup der Registrierungsdatenbank ... OK
~ Lösche die Wiederherstellungspunkte ...
Gelöscht : RP #224 [Geplanter Prüfpunkt | 09/04/2015 12:40:29]
Gelöscht : RP #225 [Installed LibreOffice 5.0.1.2 | 09/04/2015 18:53:40]
Gelöscht : RP #226 [Installed LibreOffice 5.0 Help Pack (German) | 09/04/2015 19:02:46]
Gelöscht : RP #227 [Windows Update | 09/05/2015 16:43:39]
Ein neuer Wiederherstellungspunkt wurde erstellt !
~ Stelle die Systemeinstellungen wieder her ... OK
########## - EOF - ##########
dankeschön! alles weitere steht unter Lob. :-) |
|
06.09.2015, 07:22
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7: Notebook soll Junkmails verschicken Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7: Notebook soll Junkmails verschicken |
| blockiert, bonjour, converter, cpu, desktop, dnsapi.dll, firefox, flash player, homepage, iexplore.exe, installation, junkmail, launch, malware, mozilla, prozesse, registry, rundll, scan, security, software, starten, svchost.exe, system, udp, usb, verseucht?, viren, windows, windowsoft |
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
