Ihr PC wurde gesperrt und verschlüsselt......

Jidddooo · 03.01.2016, 15:18

Hallo,

Hab seit gestern auf einem Rechner, jedesmal wenn ich den starten möchte, die Meldung:
das der PC gesperrt und verschlüsselt wurde.
Bitte zahlen Sie x Bitcoin für einen Link damit der Pc wieder genutzt werden kann.

Betriebssystem Windows 10 installiert.

Kann auch nicht im abgesicherten Modus starten.
Sehe nur die o.g. Seite, Meldung und kann nichts mehr machen.

Wer kann helfen?

Vielen Dank schonmal im Voraus

Deathkid535 · 03.01.2016, 16:33

Mein Name ist Dennis und ich werde dir bei der Bereinigung helfen.

Bitte beachte, dass es ein paar Regeln gibt:

Bitte lies meine Posts komplett durch bevor du sie abarbeitest
Wenn ein Problem auftauchen sollte, unterbreche deine Arbeit, poste die entstandenen Logs und schildere dieses so genau wie möglich.
Bitte kein Crossposting
Installiere oder Deinstalliere keine Software ohne Aufforderung
Bitte verwende nur die Tools welche hier im Thread erwähnt werden
Antworte innerhalb von 24h um eine sinnvolle Bereinigung zu ermöglichen
Poste die Logs immer in CODE-Tags (#-Button), zur Not die Logs einfach aufteilen

Sollte ich nicht innerhalb von 48h antworten, schreibe mir eine PM!

Wir benötigen für eine sinnvolle Analyse zuerst ein FRST-Log.

Schritt # 1: FRST

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

Schritt # 2: Bitte Posten

Die FRST.txt

Jidddooo · 04.01.2016, 18:51

Hallo Dennis,

Hier die FRST.txt

FRST Logfile:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
durchgeführt von SYSTEM auf MININT-MLEBL7B (04-01-2016 18:48:12)
Gestartet von E:\Erwin
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11
Start-Modus: Recovery
Standard: ControlSet001
ACHTUNG!:=====> Wenn das System startfähig ist sollte FRST im normalen oder abgesicherten Modus ausgeführt werden, um ein vollständiges Ergebnis zu erhalten.

Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [PPort12reminder] => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDFViewerPlus\pdfpro5hook.exe [1369376 2010-02-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDFViewerPlus\RegistryController.exe [62752 2010-02-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [zinit32] => C:\WINDOWS\ZInit32.exe
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [196648 2014-09-26] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [PMSpeed9.32.10] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMSpeed.EXE [125248 2013-09-26] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-06-01] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-06-01] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [ProductivityBoss EPM Support] => C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\e5medint.exe [11608 2015-11-20] (Mindspark)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [465320 2014-10-29] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1055\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Default\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\Default User\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\Erwin\...\Run: [Agenda-Arbeitsplatz] => C:\AGENDA\AgendaAP\PROG\agendaap32.exe
HKU\Erwin\...\Run: [w1Synt] => C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe [32768 2014-05-27] (Microsoft Corporation)
HKU\Erwin\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\Erwin\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1193176 2013-04-06] ()
HKU\Erwin\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\Erwin\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\Erwin\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1566016 2015-07-27] (Samsung)
HKU\Erwin\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\Erwin\...\Winlogon: [Userinit] C:\Users\Erwin\AppData\Roaming\loadit.exe [671422 2015-12-28] ()
HKU\Erwin\...\Winlogon: [Shell] C:\Users\Erwin\AppData\Roaming\loadit.exe [671422 2015-12-28] () <==== ACHTUNG
HKU\SageMobileControl\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\SSGClient\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\Users\Erwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk [2015-08-16]
ShortcutTarget: AutoStarter.lnk -> F:\Usenext\wizard\Junges Deutsches Amateur Paar hat Anal Spa im Schl\Junges Deutsches Amateur Paar hat Anal Spa im Schlafzimmer.exe (Keine Datei)
Startup: C:\Users\Erwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk [2015-12-28]
ShortcutTarget: ja.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\loadit.exe (Keine Datei)
Startup: C:\Users\Erwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk [2014-08-06]
ShortcutTarget: start.lnk -> C:\windows\system32\config\systemprofile\9zol3d5lnss4\23092.vbs (Keine Datei)

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 Advantage; C:\Program Files (x86)\Extended\ADS11.10\Server\ADS.EXE [3538944 2013-07-25] (iAnywhere Solutions, Inc.)
S2 AgendaUpdate; C:\AGENDA\WinUpdate\Prog\updatedownload.exe [1439848 2013-11-05] (Agenda Informationssysteme GmbH & Co. KG)
S2 AgendaUpdater; C:\AGENDA\WinUpdate\Prog\updateupdater.exe [979048 2013-11-05] (Agenda Informationssysteme GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
S2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-09] (Acer Incorporated)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated)
S2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-09-08] (SEIKO EPSON CORPORATION)
S2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1055\G2AC_Service.exe [309568 2015-03-05] (Citrix Online, a division of Citrix Systems, Inc.)
S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
S2 KMService; C:\WINDOWS\SysWOW64\srvany.exe [8192 2003-04-18] ()
S2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [64552 2014-08-14] (Haufe-Lexware GmbH & Co. KG)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
S2 ProductivityBoss_e5Service; C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\e5barsvc.exe [89432 2015-11-20] (Mindspark)
S2 SageDB 5.0; C:\Program Files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe [5685248 2011-07-18] ()
S2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
S2 TeamViewer; c:\users\erwin\appdata\local\temp\teamviewer\TeamViewer_Service.exe [4175632 2015-04-17] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 KiesAllShare; C:\Program Files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe [X]
S2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-08-20] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-08-20] (Kaspersky Lab)
S5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-08-20] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-08-20] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2015-06-04] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-08-20] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
S1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
S1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-07-29] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-08-20] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-25] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [13920 2016-01-04] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S1 wStLibG64; kein ImagePath
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 pccsmcfd; \SystemRoot\system32\DRIVERS\pccsmcfdx64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-01-04 18:48 - 2016-01-04 18:48 - 00000000 ____D C:\FRST
2016-01-04 18:34 - 2016-01-04 18:34 - 00002754 _____ C:\Windows\System32\Tasks\Start Driver Reviver with delay for ERWINFRIESEN@Erwin
2016-01-04 18:34 - 2016-01-04 18:34 - 00002734 _____ C:\Windows\System32\Tasks\Start WinZip Driver Updater with delay for ERWINFRIESEN@Erwin
2016-01-04 18:34 - 2016-01-04 18:34 - 00000362 _____ C:\Windows\Tasks\Start Driver Reviver with delay for ERWINFRIESEN@Erwin.job
2016-01-04 18:34 - 2016-01-04 18:34 - 00000342 _____ C:\Windows\Tasks\Start WinZip Driver Updater with delay for ERWINFRIESEN@Erwin.job
2015-12-31 10:51 - 2015-12-31 10:53 - 00122662 _____ C:\Windows\ntbtlog.txt
2015-12-31 10:41 - 2015-12-31 10:41 - 4172198784 _____ C:\Windows\MEMORY.DMP
2015-12-28 22:52 - 2015-12-28 22:52 - 00002306 _____ C:\Users\Erwin\Desktop\Sicherer Zahlungsverkehr.lnk
2015-12-27 09:26 - 2015-12-27 09:26 - 00000000 ____D C:\ProgramData\Adobe
2015-12-27 09:16 - 2015-12-27 09:16 - 00000000 ____D C:\ProgramData\EgisTec
2015-12-27 03:13 - 2015-12-27 03:13 - 00000000 ____D C:\ProgramData\EgisTec IPS
2015-12-27 03:04 - 2015-12-28 16:50 - 00000000 ____D C:\ProgramData\TEMP
2015-12-27 03:03 - 2015-12-27 03:07 - 00000000 ____D C:\ProgramData\OEM
2015-12-27 03:03 - 2015-12-27 03:03 - 00000000 ____D C:\ProgramData\WinZip
2015-12-27 03:03 - 2015-12-27 03:03 - 00000000 ____D C:\ProgramData\ReviverSoft
2015-12-27 00:52 - 2016-01-04 18:36 - 00000000 ____D C:\ProgramData\Lexware
2015-12-27 00:08 - 2015-12-27 00:08 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2015-12-26 07:14 - 2015-05-21 07:02 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2015-12-26 07:14 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2015-12-21 10:06 - 2016-01-04 18:37 - 00000316 _____ C:\Windows\Tasks\Start Driver Reviver for ERWINFRIESEN@Erwin(logon).job
2015-12-21 10:06 - 2015-12-21 10:06 - 00003452 _____ C:\Windows\System32\Tasks\Start Driver Reviver Schedule
2015-12-21 10:06 - 2015-12-21 10:06 - 00003384 _____ C:\Windows\System32\Tasks\Start Driver Reviver Update
2015-12-21 10:06 - 2015-12-21 10:06 - 00002596 _____ C:\Windows\System32\Tasks\Start Driver Reviver for ERWINFRIESEN@Erwin(logon)
2015-12-21 10:06 - 2015-12-21 10:06 - 00000000 ____D C:\Program Files\ReviverSoft
2015-12-21 05:12 - 2016-01-04 18:38 - 00013920 _____ C:\Windows\System32\Drivers\SWDUMon.sys
2015-12-21 05:12 - 2016-01-04 18:37 - 00000444 _____ C:\Windows\Tasks\DriverUpdate Startup.job
2015-12-21 05:12 - 2015-12-28 05:12 - 00000518 _____ C:\Windows\Tasks\DriverUpdate Scan.job
2015-12-21 05:12 - 2015-12-21 05:12 - 00003226 _____ C:\Windows\System32\Tasks\DriverUpdate Scan
2015-12-21 05:12 - 2015-12-21 05:12 - 00002850 _____ C:\Windows\System32\Tasks\DriverUpdate Startup
2015-12-21 05:12 - 2015-12-21 05:12 - 00000000 ____D C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc
2015-12-21 02:44 - 2015-12-21 02:46 - 00000000 ____D C:\Users\Erwin\AppData\LocalLow\ProductivityBoss_e5
2015-12-21 02:44 - 2015-12-21 02:44 - 00002501 _____ C:\Users\Public\Desktop\DriverUpdate.lnk
2015-12-21 02:44 - 2015-12-21 02:44 - 00000000 ____D C:\Users\Erwin\AppData\Local\ProductivityBoss_e5
2015-12-21 02:44 - 2015-12-21 02:44 - 00000000 ____D C:\Users\Erwin\AppData\Local\Downloaded Installers
2015-12-21 02:44 - 2015-12-21 02:44 - 00000000 ____D C:\Program Files (x86)\ProductivityBoss_e5
2015-12-21 02:44 - 2015-12-21 02:44 - 00000000 ____D C:\Program Files (x86)\DriverUpdate
2015-12-16 23:27 - 2015-12-16 23:27 - 00003029 _____ C:\Users\Erwin\Desktop\Microsoft Word 2010 (2).lnk
2015-12-15 02:08 - 2015-12-15 02:08 - 00001847 _____ C:\Users\Erwin\Desktop\UseNeXT.lnk
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SETD967.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SETAD84.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SETA91B.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SETA63C.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SETA477.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SETA1C8.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET9FF3.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET9D63.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET9B4F.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET99D8.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET97C5.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET969C.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET94F6.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET93BE.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET91DA.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET8F1A.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET8CE8.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET875A.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET8585.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET845C.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET823A.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET80C3.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET7E23.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET7CBB.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET78FD.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET77D9.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET765E.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET7559.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET73DD.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET7365.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET70EF.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET70E4.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET6F2F.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET6EFB.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET6C9E.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET6C4B.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET6ACA.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET6A38.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET682A.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET6825.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET6655.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET65E3.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET63C5.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET6278.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET61A2.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET6026.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET5F02.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET5D96.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET5C72.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET5B63.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET59A3.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET58D3.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET57BF.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET56CF.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET5686.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET54B1.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET53D2.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET52EC.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET50C5.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET50BA.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET4EE5.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET4C7F.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET4A22.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET48C6.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET486D.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET4679.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET43AA.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET41D5.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET3EE7.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET3B5D.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET389E.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET36B9.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET3477.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET32B2.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET30BE.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET2E1E.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET2BEC.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET298A.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET2506.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET22D4.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET217C.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET1F1B.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET1DD2.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET1B33.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET19EA.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET17F6.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET1651.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET13FF.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET1249.tmp
2015-12-13 15:35 - 2015-12-13 15:35 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-12-13 15:27 - 2015-12-13 15:27 - 00001968 _____ C:\Users\Public\Desktop\Samsung Kies.lnk
2015-12-13 15:27 - 2015-12-13 15:27 - 00000000 ____D C:\Users\Erwin\AppData\Local\Samsung
2015-12-13 15:26 - 2013-06-21 01:07 - 00103448 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET73DA.tmp
2015-12-13 15:26 - 2013-06-21 01:07 - 00103448 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\SET449D.tmp
2015-12-13 15:23 - 2013-07-18 14:33 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2015-12-13 15:23 - 2013-07-18 14:32 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2015-12-13 15:20 - 2015-12-13 15:20 - 00000000 ____D C:\Users\Erwin\AppData\Local\Downloaded Installations
2015-12-09 05:41 - 2015-11-05 09:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys
2015-12-09 05:40 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-12-09 05:40 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-09 05:40 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-09 05:40 - 2015-11-11 16:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-12-09 05:40 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-09 05:40 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-12-09 05:40 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-09 05:40 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-09 05:40 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-09 05:40 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-09 05:40 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-09 05:40 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-09 05:40 - 2015-11-10 00:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-12-09 05:40 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-09 05:40 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-09 05:40 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-09 05:40 - 2015-11-10 00:36 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-09 05:40 - 2015-11-10 00:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-12-09 05:40 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-09 05:40 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-09 05:40 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-09 05:40 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-12-09 05:40 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-12-09 05:40 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-12-09 05:40 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-12-09 05:40 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2015-12-09 05:40 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-12-09 05:40 - 2015-11-08 22:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2015-12-09 05:40 - 2015-11-08 22:25 - 01032704 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2015-12-09 05:40 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2015-12-09 05:40 - 2015-11-08 22:16 - 00372224 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2015-12-09 05:40 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-12-09 05:40 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2015-12-09 05:40 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-12-09 05:40 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-12-09 05:40 - 2015-11-08 21:53 - 02880000 _____ (Microsoft Corporation) C:\Windows\System32\actxprxy.dll
2015-12-09 05:40 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-12-09 05:40 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-12-09 05:40 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2015-12-09 05:39 - 2015-11-22 07:59 - 07455064 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-12-09 05:39 - 2015-11-22 07:59 - 01735000 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2015-12-09 05:39 - 2015-11-22 07:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2015-12-09 05:39 - 2015-11-22 07:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2015-12-09 05:39 - 2015-11-22 07:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2015-12-09 05:39 - 2015-11-22 07:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
2015-12-09 05:39 - 2015-11-22 07:58 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-12-09 05:39 - 2015-11-21 19:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2015-12-09 05:39 - 2015-11-21 18:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-12-09 05:39 - 2015-11-21 17:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\System32\comsvcs.dll
2015-12-09 05:39 - 2015-11-21 17:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-09 05:39 - 2015-11-21 17:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\System32\catsrvut.dll
2015-12-09 05:39 - 2015-11-21 17:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-09 05:39 - 2015-11-20 23:47 - 00136904 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2015-12-09 05:39 - 2015-11-20 19:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2015-12-09 05:39 - 2015-11-20 17:58 - 03706880 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2015-12-09 05:39 - 2015-11-20 17:47 - 00035840 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2015-12-09 05:39 - 2015-11-20 17:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2015-12-09 05:39 - 2015-11-20 17:44 - 00409088 _____ (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll
2015-12-09 05:39 - 2015-11-20 17:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2015-12-09 05:39 - 2015-11-20 17:43 - 00897024 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2015-12-09 05:39 - 2015-11-20 17:42 - 02243584 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2015-12-09 05:39 - 2015-11-20 17:30 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-09 05:39 - 2015-11-20 17:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-09 05:39 - 2015-11-20 17:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-09 05:39 - 2015-11-20 17:27 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-09 05:39 - 2015-11-09 01:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\System32\user32.dll
2015-12-09 05:39 - 2015-11-08 23:30 - 04176384 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-12-09 05:39 - 2015-11-08 22:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2015-12-09 05:39 - 2015-11-08 22:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2015-12-09 05:39 - 2015-11-08 22:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\System32\GdiPlus.dll
2015-12-09 05:39 - 2015-11-08 21:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-09 05:39 - 2015-11-08 21:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-09 05:39 - 2015-11-08 21:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-12-09 05:39 - 2015-10-28 16:49 - 02775552 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2015-12-09 05:39 - 2015-10-28 16:29 - 02462720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-09 05:39 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\kbdgeoqw.dll
2015-12-09 05:39 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDAZST.DLL
2015-12-09 05:39 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDAZEL.DLL
2015-12-09 05:39 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDAZE.DLL
2015-12-09 05:39 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-09 05:39 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL
2015-12-09 05:39 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-09 05:39 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-09 05:39 - 2015-10-22 17:21 - 01200128 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Globalization.dll
2015-12-09 05:39 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\Windows\System32\GlobCollationHost.dll
2015-12-09 05:39 - 2015-10-22 16:58 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-12-09 05:39 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-12-09 05:39 - 2015-10-22 15:08 - 00513456 _____ C:\Windows\SysWOW64\locale.nls
2015-12-09 05:39 - 2015-10-22 15:08 - 00513456 _____ C:\Windows\System32\locale.nls
2015-12-09 05:39 - 2015-10-11 07:34 - 00468824 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS
2015-12-09 05:39 - 2015-10-11 07:34 - 00462168 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2015-12-09 05:39 - 2015-10-11 07:34 - 00443224 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2015-12-09 05:39 - 2015-10-11 07:34 - 00092504 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2015-12-09 05:39 - 2015-10-11 07:34 - 00027992 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2015-12-09 05:39 - 2015-10-10 19:41 - 00037376 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2015-12-09 05:39 - 2015-10-10 19:41 - 00030208 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2015-12-09 05:39 - 2015-10-10 19:40 - 00078848 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\winusb.sys
2015-12-09 05:39 - 2015-10-10 18:20 - 00186880 _____ (Microsoft Corporation) C:\Windows\System32\dpapisrv.dll
2015-12-09 05:39 - 2015-10-08 17:11 - 00060928 _____ (Microsoft Corporation) C:\Windows\System32\PCPKsp.dll
2015-12-09 05:39 - 2015-10-08 16:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
2015-12-09 05:39 - 2015-10-05 19:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\wininit.exe
2015-12-09 05:39 - 2015-10-05 19:25 - 00572928 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2015-12-09 05:39 - 2015-10-03 20:41 - 01385280 _____ (Microsoft Corporation) C:\Windows\System32\msctf.dll
2015-12-09 05:39 - 2015-10-03 20:41 - 01124384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-12-08 19:26 - 2016-01-04 18:37 - 00000296 _____ C:\Windows\Tasks\Start WinZip Driver Updater for ERWINFRIESEN@Erwin(logon).job
2015-12-08 19:26 - 2015-12-08 19:26 - 00003432 _____ C:\Windows\System32\Tasks\Start WinZip Driver Updater Schedule
2015-12-08 19:26 - 2015-12-08 19:26 - 00003364 _____ C:\Windows\System32\Tasks\Start WinZip Driver Updater Update
2015-12-08 19:26 - 2015-12-08 19:26 - 00002576 _____ C:\Windows\System32\Tasks\Start WinZip Driver Updater for ERWINFRIESEN@Erwin(logon)
2015-12-08 19:25 - 2015-12-08 23:27 - 00000000 ____D C:\Program Files\WinZip Driver Updater

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-01-04 18:37 - 2015-06-21 21:22 - 00001140 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-04 18:37 - 2014-08-20 10:19 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-01-04 18:36 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-03 14:10 - 2014-06-17 09:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-03 14:09 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-01-03 14:09 - 2012-07-26 08:59 - 00000000 ____D C:\Windows\CbsTemp
2015-12-31 10:51 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2015-12-31 05:39 - 2015-12-01 18:39 - 00000945 _____ C:\Windows\Tasks\EPSON WF-2650 Series Update {27E55862-C7BB-4743-9435-9B4417B1181F}.job
2015-12-29 13:27 - 2015-06-21 21:22 - 00001144 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-29 09:10 - 2014-06-17 09:38 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-28 22:34 - 2015-10-01 08:40 - 00000042 _____ C:\Users\Erwin\AppData\Roaming\url.txt
2015-12-28 22:34 - 2015-09-18 20:29 - 00000000 ____D C:\Users\Erwin\Documents\UseNeXT
2015-12-28 22:34 - 2015-07-14 08:43 - 00671422 _____ C:\Users\Erwin\AppData\Roaming\loadit.exe
2015-12-28 22:34 - 2014-01-19 18:23 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\UseNeXT
2015-12-28 22:20 - 2014-01-22 22:36 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\vlc
2015-12-28 16:50 - 2014-04-21 11:15 - 00000000 ___RD C:\Users\Erwin\OneDrive
2015-12-28 16:50 - 2014-01-19 13:17 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\.oit
2015-12-28 13:54 - 2014-01-18 12:22 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\ClassicShell
2015-12-28 12:04 - 2014-03-18 11:03 - 01776918 _____ C:\Windows\System32\PerfStringBackup.INI
2015-12-28 12:04 - 2014-03-18 10:25 - 00764340 _____ C:\Windows\System32\perfh007.dat
2015-12-28 12:04 - 2014-03-18 10:25 - 00159160 _____ C:\Windows\System32\perfc007.dat
2015-12-28 11:58 - 2014-01-19 13:21 - 00000000 ____D C:\Users\Erwin\Documents\Eigene PaperPort-Dokumente
2015-12-28 11:34 - 2015-01-28 22:35 - 00000000 ____D C:\Users\Erwin\AppData\Local\Package Cache
2015-12-27 03:25 - 2014-01-17 17:51 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-681885862-1274788781-1503667042-1001
2015-12-27 03:18 - 2012-11-28 13:09 - 00000000 ____D C:\ProgramData\Acer
2015-12-27 03:04 - 2013-04-06 01:49 - 00000000 ____D C:\ProgramData\Intel
2015-12-27 00:30 - 2015-05-08 22:00 - 00000000 ____D C:\ProgramData\Epson
2015-12-26 18:33 - 2013-08-22 14:25 - 00524288 ___SH C:\Windows\System32\config\BBI
2015-12-26 13:25 - 2015-10-05 20:48 - 00655360 _____ C:\Windows\SysWOW64\ꧣ鲁뷦꞉뗦ꒅ藦鲭跧낕跧ꮥ냦ꆉ藦뚁郣꺀胣鲑釧ꆱ뷦꒕闦뎽맦뚕釧꾉맢ꒅ
2015-12-26 12:44 - 2014-01-19 18:14 - 00000000 ____D C:\Users\Erwin\Documents\Mein Steuer-Sparbuch Heute
2015-12-26 09:48 - 2014-12-10 08:46 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-26 09:48 - 2014-12-10 08:46 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-26 00:11 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2015-12-26 00:09 - 2015-05-25 10:44 - 00000000 ___RD C:\Users\Erwin\Desktop\gescannt
2015-12-25 23:40 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\LiveKernelReports
2015-12-25 04:22 - 2014-08-06 16:46 - 00192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-12-24 01:31 - 2014-10-05 21:59 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\dvdcss
2015-12-22 11:14 - 2014-01-19 13:09 - 00001061 _____ C:\Windows\wiso.ini
2015-12-22 11:14 - 2014-01-19 13:07 - 00000000 ____D C:\Program Files (x86)\Steuer 2013
2015-12-22 10:14 - 2014-06-01 18:01 - 00000000 ____D C:\Users\Erwin\AppData\Local\Google
2015-12-20 11:00 - 2015-04-04 04:54 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-20 11:00 - 2015-04-04 04:54 - 00000000 ___SD C:\Windows\System32\GWX
2015-12-19 10:22 - 2014-02-07 00:22 - 00000000 ____D C:\Users\Erwin\AppData\Local\ElevatedDiagnostics
2015-12-18 22:55 - 2015-07-10 07:57 - 00214528 ___SH C:\Users\Erwin\Documents\Thumbs.db
2015-12-18 22:52 - 2014-04-21 11:19 - 00000000 ___DC C:\Windows\Panther
2015-12-16 23:28 - 2015-06-21 21:23 - 00002155 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-14 22:47 - 2014-02-08 00:20 - 01284096 ___SH C:\Users\Erwin\Desktop\Thumbs.db
2015-12-14 22:09 - 2014-04-21 10:26 - 00000000 ____D C:\users\Erwin
2015-12-14 22:01 - 2013-08-22 15:44 - 00508528 _____ C:\Windows\System32\FNTCACHE.DAT
2015-12-14 10:38 - 2015-10-04 07:37 - 00000000 ____D C:\Program Files (x86)\UseNeXT
2015-12-13 15:27 - 2014-12-10 23:55 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\Samsung
2015-12-13 15:26 - 2014-12-10 23:55 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-12-13 15:23 - 2012-11-28 13:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-13 15:21 - 2014-12-10 23:57 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2015-12-13 14:18 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\System32\NDF
2015-12-09 06:50 - 2014-01-20 10:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 06:50 - 2014-01-20 10:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 06:49 - 2014-01-20 10:00 - 00000000 ____D C:\Windows\System32\MRT
2015-12-09 06:34 - 2014-01-20 10:00 - 140158008 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

Einige Dateien in TEMP:
====================
C:\Users\Erwin\AppData\Local\Temp\SecurityReviverSetup.exe
C:\Users\Erwin\AppData\Local\Temp\_is18E1.exe
C:\Users\Erwin\AppData\Local\Temp\_is33FB.exe
C:\Users\Erwin\AppData\Local\Temp\_is93BF.exe
C:\Users\Erwin\AppData\Local\Temp\_isB32E.exe
C:\Users\Erwin\AppData\Local\Temp\_isD11E.exe
C:\Users\Erwin\AppData\Local\Temp\_isE91A.exe


==================== Known DLLs (Nicht auf der Ausnahmeliste) =========================


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\System32\winlogon.exe
[2015-12-09 05:39] - [2015-10-05 19:25] - 0572928 ____A (Microsoft Corporation) 3F8645885823692D93765817759BE21C

C:\Windows\System32\wininit.exe
[2015-12-09 05:39] - [2015-10-05 19:28] - 0146432 ____A (Microsoft Corporation) EC302D06155F8E3C383750993FCB6B27

C:\Windows\explorer.exe
[2015-03-10 22:43] - [2015-01-28 00:47] - 2501368 ____A (Microsoft Corporation) C10A66189DC8C090E7C84873EDCEBC88

C:\Windows\SysWOW64\explorer.exe
[2015-03-10 22:43] - [2015-01-28 00:41] - 2207488 ____A (Microsoft Corporation) 91E24273FCA076EA9E65DAFA98901225

C:\Windows\System32\svchost.exe
[2015-03-03 07:05] - [2014-10-29 05:11] - 0038792 ____A (Microsoft Corporation) E3A2AD05E24105B35E986CF9CB38EC47

C:\Windows\SysWOW64\svchost.exe
[2015-03-03 07:05] - [2014-10-29 04:17] - 0033088 ____A (Microsoft Corporation) D0ABC231C0B3E88C6B612B28ABBF734D

C:\Windows\System32\services.exe
[2015-05-13 06:35] - [2015-04-08 23:55] - 0410128 ____A (Microsoft Corporation) E0C7813A97CA7947FF5C18A8F3B61A45

C:\Windows\System32\User32.dll
[2015-12-09 05:39] - [2015-11-09 01:41] - 1540728 ____A (Microsoft Corporation) 33094E2182C451BCFCFD60F734B1C4EF

C:\Windows\SysWOW64\User32.dll
[2015-12-09 05:39] - [2015-11-08 21:48] - 1376256 ____A (Microsoft Corporation) 72DF14DA8F1CC15F7BE4176DE0404D9E

C:\Windows\System32\userinit.exe
[2015-03-03 07:03] - [2014-10-29 02:28] - 0026112 ____A (Microsoft Corporation) 5C131534A3EA4A461A793FB507A8004F

C:\Windows\SysWOW64\userinit.exe
[2015-03-03 07:04] - [2014-10-29 02:05] - 0022528 ____A (Microsoft Corporation) D10643FC0095434C819316CA6CD748C0

C:\Windows\System32\rpcss.dll
[2015-03-03 15:11] - [2014-10-29 02:19] - 0817664 ____A (Microsoft Corporation) A6F17C299A03BAFEFB9257C462A19E00

C:\Windows\System32\dnsapi.dll
[2015-03-03 15:10] - [2014-10-29 02:30] - 0657920 ____A (Microsoft Corporation) A5675939CF0F99B20B5A3CFCC3C1B46A

C:\Windows\SysWOW64\dnsapi.dll
[2015-03-03 10:55] - [2014-10-29 02:06] - 0498688 ____A (Microsoft Corporation) BD9C7A068C46053F8747CEA73B5930AB

C:\Windows\System32\Drivers\volsnap.sys => MD5 ist legitim

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============


==================== Wiederherstellungspunkte =========================

Wiederherstellungspunkt Datum: 2016-01-03 14:13

==================== Speicherinformationen =========================== 

Prozentuale Nutzung des RAM: 17%
Installierter physikalischer RAM: 3978.69 MB
Verfügbarer physikalischer RAM: 3270.98 MB
Summe virtueller Speicher: 3978.69 MB
Verfügbarer virtueller Speicher: 3300.29 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:223.99 GB) (Free:35.4 GB) NTFS
Drive d: (DATA) (Fixed) (Total:225.17 GB) (Free:206.01 GB) NTFS
Drive e: () (Removable) (Total:58.58 GB) (Free:1.68 GB) FAT32
Drive f: (lfo1900) (CDROM) (Total:0.56 GB) (Free:0 GB) CDFS
Drive g: () (Fixed) (Total:0.44 GB) (Free:0.18 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Size: 58.6 GB) (Disk ID: C2CA892E)
Partition 1: (Not Active) - (Size=58.6 GB) - (Type=0B)


LastRegBack: 2015-10-21 23:24

==================== Ende von FRST.txt ============================

--- --- ---

Deathkid535 · 05.01.2016, 15:59

Hi,

Schritt # 1: FRST-Fix

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\Erwin\...\Winlogon: [Userinit] C:\Users\Erwin\AppData\Roaming\loadit.exe [671422 2015-12-28] ()
HKU\Erwin\...\Winlogon: [Shell] C:\Users\Erwin\AppData\Roaming\loadit.exe [671422 2015-12-28] () <==== ACHTUNG
C:\Users\Erwin\AppData\Roaming\loadit.exe
Startup: C:\Users\Erwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk [2015-08-16]
ShortcutTarget: AutoStarter.lnk -> F:\Usenext\wizard\Junges Deutsches Amateur Paar hat Anal Spa im Schl\Junges Deutsches Amateur Paar hat Anal Spa im Schlafzimmer.exe (Keine Datei)
Startup: C:\Users\Erwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk [2015-12-28]
ShortcutTarget: ja.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\loadit.exe (Keine Datei)
Startup: C:\Users\Erwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk [2014-08-06]
ShortcutTarget: start.lnk -> C:\windows\system32\config\systemprofile\9zol3d5lnss4\23092.vbs (Keine Datei)

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Schritt # 2: Frage

Kannst du jetzt wieder booten?

Schritt # 3: Bitte Posten

Das Fixlog von FRST
Rückmeldung auf meine Frage

Jidddooo · 05.01.2016, 20:27

Nabend Dennis,

erstmal die Antwort auf deine Frage,

ja kann den Rechner wieder booten

und hier der Fixlog.txt

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:31-12-2015
durchgeführt von SYSTEM (2016-01-05 20:04:43) Run:1
Gestartet von E:\Erwin
Start-Modus: Recovery
==============================================

fixlist Inhalt:
*****************
HKU\Erwin\...\Winlogon: [Userinit] C:\Users\Erwin\AppData\Roaming\loadit.exe [671422 2015-12-28] ()
HKU\Erwin\...\Winlogon: [Shell] C:\Users\Erwin\AppData\Roaming\loadit.exe [671422 2015-12-28] () <==== ACHTUNG
C:\Users\Erwin\AppData\Roaming\loadit.exe
Startup: C:\Users\Erwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk [2015-08-16]
ShortcutTarget: AutoStarter.lnk -> F:\Usenext\wizard\Junges Deutsches Amateur Paar hat Anal Spa im Schl\Junges Deutsches Amateur Paar hat Anal Spa im Schlafzimmer.exe (Keine Datei)
Startup: C:\Users\Erwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk [2015-12-28]
ShortcutTarget: ja.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\loadit.exe (Keine Datei)
Startup: C:\Users\Erwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk [2014-08-06]
ShortcutTarget: start.lnk -> C:\windows\system32\config\systemprofile\9zol3d5lnss4\23092.vbs (Keine Datei)
*****************

HKU\Erwin\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Wert erfolgreich entfernt
HKU\Erwin\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Wert erfolgreich entfernt
C:\Users\Erwin\AppData\Roaming\loadit.exe => erfolgreich verschoben
C:\Users\Erwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk => erfolgreich verschoben
F:\Usenext\wizard\Junges Deutsches Amateur Paar hat Anal Spa im Schl\Junges Deutsches Amateur Paar hat Anal Spa im Schlafzimmer.exe => nicht gefunden.
C:\Users\Erwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk => erfolgreich verschoben
C:\windows\system32\config\systemprofile\AppData\Roaming\loadit.exe => nicht gefunden.
C:\Users\Erwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk => erfolgreich verschoben
C:\windows\system32\config\systemprofile\9zol3d5lnss4\23092.vbs => nicht gefunden.

==== Ende von Fixlog 20:04:48 ====

Deathkid535 · 05.01.2016, 20:59

Hi,

Dann mach jetzt mal bitte das:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Jidddooo · 05.01.2016, 22:52

Hi,

hier die frst.txt

FRST Logfile:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
durchgeführt von Erwin (Administrator) auf ERWINFRIESEN (05-01-2016 22:45:35)
Gestartet von C:\Users\Erwin\Desktop
Geladene Profile: Erwin (Verfügbare Profile: Erwin)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Agenda Informationssysteme GmbH & Co. KG) C:\AGENDA\WINUPDATE\PROG\UpdateDownload.exe
(Agenda Informationssysteme GmbH & Co. KG) C:\AGENDA\WINUPDATE\PROG\UpdateUpdater.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(Mindspark) C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\e5barsvc.exe
() C:\Program Files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Users\Erwin\AppData\Local\Temp\TeamViewer\TeamViewer_Service.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Extended\ADS11.10\Server\ads.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
() C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDFViewerPlus\pdfPro5Hook.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMSpeed.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [PPort12reminder] => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDFViewerPlus\pdfpro5hook.exe [1369376 2010-02-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDFViewerPlus\RegistryController.exe [62752 2010-02-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [zinit32] => C:\WINDOWS\ZInit32.exe
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [196648 2014-09-26] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [PMSpeed9.32.10] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMSpeed.EXE [125248 2013-09-26] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-06-01] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-06-01] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [ProductivityBoss EPM Support] => C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\e5medint.exe [11608 2015-11-20] (Mindspark)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1055\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\...\Run: [Agenda-Arbeitsplatz] => C:\AGENDA\AgendaAP\PROG\agendaap32.exe
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\...\Run: [w1Synt] => C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe [32768 2014-05-27] (Microsoft Corporation)
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1193176 2013-04-06] ()
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1566016 2015-07-27] (Samsung)
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMBE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{1059EEBE-3540-4DA8-AC38-0B44013244B7}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.de/
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-681885862-1274788781-1503667042-1001 - (Kein Name) - {cf7c1ceb-1fb1-417f-bb89-821eebc91a22} - C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\e5SrcAs.dll (Mindspark)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-681885862-1274788781-1503667042-1001 -> DefaultScope {310915E3-B627-42E5-84D8-008D3D3E0523} URL = 
SearchScopes: HKU\S-1-5-21-681885862-1274788781-1503667042-1001 -> {310915E3-B627-42E5-84D8-008D3D3E0523} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-08-20] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-16] (Kaspersky Lab ZAO)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-08-20] (Kaspersky Lab ZAO)
BHO: Kein Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> Keine Datei
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => Keine Datei
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-08-20] (Kaspersky Lab ZAO)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Kein Name -> {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} -> Keine Datei
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-08-20] (Kaspersky Lab ZAO)
BHO-x32: Search Assistant BHO -> {5754a7f4-5cb7-4287-8354-170a8c185349} -> C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\e5SrcAs.dll [2015-11-20] (Mindspark)
BHO-x32: Toolbar BHO -> {589cd417-937b-4d56-bb76-55260209dc19} -> C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\e5bar.dll [2015-11-20] (Mindspark)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-16] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-08-20] (Kaspersky Lab ZAO)
BHO-x32: Kein Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> Keine Datei
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-08-20] (Kaspersky Lab ZAO)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - ProductivityBoss - {ea729df7-fea8-443c-8781-327fa3ab7529} - C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\e5bar.dll [2015-11-20] (Mindspark)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  Keine Datei
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  Keine Datei
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  Keine Datei
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Erwin\AppData\Roaming\Mozilla\Firefox\Profiles\oa81718n.default-1424800036395
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: hxxps://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [Keine Datei]
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-26] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [Keine Datei]
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: WEB.DE MailCheck - C:\Users\Erwin\AppData\Roaming\Mozilla\Firefox\Profiles\oa81718n.default-1424800036395\extensions\mailcheck@web.de [2015-08-13]
FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-08-24] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-12-16] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-16] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-12-16] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-12-16] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-12-16] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-05-09] [ist nicht signiert]

Chrome: 
=======
CHR Profile: C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-21]
CHR Extension: (Google Docs) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-21]
CHR Extension: (Google Drive) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30]
CHR Extension: (Kaspersky Protection) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2015-06-21]
CHR Extension: (YouTube) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-05]
CHR Extension: (Google-Suche) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2015-06-21]
CHR Extension: (Google Tabellen) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-21]
CHR Extension: (Avira Browserschutz) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-12-22]
CHR Extension: (Google Docs Offline) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-23]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-05]
CHR Extension: (Google Mail) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-21]
CHR Extension: (Anti-Banner) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2015-06-21]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Advantage; C:\Program Files (x86)\Extended\ADS11.10\Server\ADS.EXE [3538944 2013-07-25] (iAnywhere Solutions, Inc.) [Datei ist nicht signiert]
R2 AgendaUpdate; C:\AGENDA\WinUpdate\Prog\updatedownload.exe [1439848 2013-11-05] (Agenda Informationssysteme GmbH & Co. KG)
R2 AgendaUpdater; C:\AGENDA\WinUpdate\Prog\updateupdater.exe [979048 2013-11-05] (Agenda Informationssysteme GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-09] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-09-08] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1055\G2AC_Service.exe [309568 2015-03-05] (Citrix Online, a division of Citrix Systems, Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [Datei ist nicht signiert]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
S2 KMService; C:\WINDOWS\SysWOW64\srvany.exe [8192 2003-04-18] () [Datei ist nicht signiert]
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [64552 2014-08-14] (Haufe-Lexware GmbH & Co. KG)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
R2 ProductivityBoss_e5Service; C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\e5barsvc.exe [89432 2015-11-20] (Mindspark)
R2 SageDB 5.0; C:\Program Files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe [5685248 2011-07-18] () [Datei ist nicht signiert]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 TeamViewer; c:\users\erwin\appdata\local\temp\teamviewer\TeamViewer_Service.exe [4175632 2015-04-17] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 KiesAllShare; C:\Program Files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe [X]
S2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-08-20] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-08-20] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-08-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-08-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2015-06-04] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-08-20] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-07-29] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-08-20] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-25] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [13920 2016-01-05] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S1 wStLibG64; kein ImagePath
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 pccsmcfd; \SystemRoot\system32\DRIVERS\pccsmcfdx64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-01-05 22:45 - 2016-01-05 22:46 - 00030671 _____ C:\Users\Erwin\Desktop\FRST.txt
2016-01-05 22:44 - 2016-01-05 22:44 - 02370560 _____ (Farbar) C:\Users\Erwin\Desktop\FRST64.exe
2016-01-05 20:21 - 2016-01-05 20:21 - 00000000 ___HD C:\$WINDOWS.~BT
2016-01-04 18:48 - 2016-01-05 22:45 - 00000000 ____D C:\FRST
2015-12-31 10:51 - 2015-12-31 10:53 - 00122662 _____ C:\WINDOWS\ntbtlog.txt
2015-12-31 10:41 - 2015-12-31 10:41 - 4172198784 _____ C:\WINDOWS\MEMORY.DMP
2015-12-28 22:52 - 2015-12-28 22:52 - 00002306 _____ C:\Users\Erwin\Desktop\Sicherer Zahlungsverkehr.lnk
2015-12-27 09:26 - 2015-12-27 09:26 - 00000000 ____D C:\ProgramData\Adobe
2015-12-27 09:16 - 2015-12-27 09:16 - 00000000 ____D C:\ProgramData\EgisTec
2015-12-27 03:13 - 2015-12-27 03:13 - 00000000 ____D C:\ProgramData\EgisTec IPS
2015-12-27 03:04 - 2016-01-05 20:18 - 00000000 ____D C:\ProgramData\TEMP
2015-12-27 03:03 - 2015-12-27 03:07 - 00000000 ____D C:\ProgramData\OEM
2015-12-27 03:03 - 2015-12-27 03:03 - 00000000 ____D C:\ProgramData\WinZip
2015-12-27 00:52 - 2016-01-05 20:30 - 00000000 ____D C:\ProgramData\Lexware
2015-12-27 00:08 - 2015-12-27 00:08 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2015-12-26 07:14 - 2015-05-21 07:02 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2015-12-26 07:14 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2015-12-21 05:12 - 2016-01-05 20:18 - 00013920 _____ C:\WINDOWS\system32\Drivers\SWDUMon.sys
2015-12-21 05:12 - 2015-12-21 05:12 - 00000000 ____D C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc
2015-12-21 02:44 - 2015-12-21 02:46 - 00000000 ____D C:\Users\Erwin\AppData\LocalLow\ProductivityBoss_e5
2015-12-21 02:44 - 2015-12-21 02:44 - 00000000 ____D C:\Users\Erwin\AppData\Local\ProductivityBoss_e5
2015-12-21 02:44 - 2015-12-21 02:44 - 00000000 ____D C:\Users\Erwin\AppData\Local\Downloaded Installers
2015-12-21 02:44 - 2015-12-21 02:44 - 00000000 ____D C:\Program Files (x86)\ProductivityBoss_e5
2015-12-16 23:27 - 2015-12-16 23:27 - 00003029 _____ C:\Users\Erwin\Desktop\Microsoft Word 2010 (2).lnk
2015-12-15 02:08 - 2015-12-15 02:08 - 00001847 _____ C:\Users\Erwin\Desktop\UseNeXT.lnk
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SETD967.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SETAD84.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SETA91B.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SETA63C.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SETA477.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SETA1C8.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET9FF3.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET9D63.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET9B4F.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET99D8.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET97C5.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET969C.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET94F6.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET93BE.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET91DA.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET8F1A.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET8CE8.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET875A.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET8585.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET845C.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET823A.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET80C3.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET7E23.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET7CBB.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET78FD.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET77D9.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET765E.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET7559.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET73DD.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET7365.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET70EF.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET70E4.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6F2F.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6EFB.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6C9E.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6C4B.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6ACA.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6A38.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET682A.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6825.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6655.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET65E3.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET63C5.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6278.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET61A2.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6026.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET5F02.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET5D96.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET5C72.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET5B63.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET59A3.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET58D3.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET57BF.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET56CF.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET5686.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET54B1.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET53D2.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET52EC.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET50C5.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET50BA.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET4EE5.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET4C7F.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET4A22.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET48C6.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET486D.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET4679.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET43AA.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET41D5.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET3EE7.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET3B5D.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET389E.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET36B9.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET3477.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET32B2.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET30BE.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET2E1E.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET2BEC.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET298A.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET2506.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET22D4.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET217C.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET1F1B.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET1DD2.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET1B33.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET19EA.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET17F6.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET1651.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET13FF.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET1249.tmp
2015-12-13 15:35 - 2015-12-13 15:35 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-12-13 15:27 - 2015-12-13 15:27 - 00001968 _____ C:\Users\Public\Desktop\Samsung Kies.lnk
2015-12-13 15:27 - 2015-12-13 15:27 - 00000000 ____D C:\Users\Erwin\AppData\Local\Samsung
2015-12-13 15:26 - 2013-06-21 01:07 - 00103448 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET73DA.tmp
2015-12-13 15:26 - 2013-06-21 01:07 - 00103448 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET449D.tmp
2015-12-13 15:23 - 2013-07-18 14:33 - 04659712 _____ (Dmitry Streblechenko) C:\WINDOWS\SysWOW64\Redemption.dll
2015-12-13 15:23 - 2013-07-18 14:32 - 00821824 _____ (Devguru Co., Ltd.) C:\WINDOWS\SysWOW64\dgderapi.dll
2015-12-13 15:20 - 2015-12-13 15:20 - 00000000 ____D C:\Users\Erwin\AppData\Local\Downloaded Installations
2015-12-09 05:41 - 2015-11-05 09:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-09 05:40 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-09 05:40 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-09 05:40 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-12-09 05:40 - 2015-11-11 16:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-12-09 05:40 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-09 05:40 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-12-09 05:40 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-09 05:40 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-12-09 05:40 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-09 05:40 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-09 05:40 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-09 05:40 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-09 05:40 - 2015-11-10 00:41 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-12-09 05:40 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-12-09 05:40 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-09 05:40 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-09 05:40 - 2015-11-10 00:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-09 05:40 - 2015-11-10 00:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-12-09 05:40 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-09 05:40 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-09 05:40 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-12-09 05:40 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-09 05:40 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-09 05:40 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-09 05:40 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-09 05:40 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-09 05:40 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-12-09 05:40 - 2015-11-08 22:32 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-12-09 05:40 - 2015-11-08 22:25 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-12-09 05:40 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-12-09 05:40 - 2015-11-08 22:16 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-09 05:40 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-09 05:40 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-09 05:40 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-09 05:40 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-09 05:40 - 2015-11-08 21:53 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-12-09 05:40 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-09 05:40 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-09 05:40 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-12-09 05:39 - 2015-11-22 07:59 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-09 05:39 - 2015-11-22 07:59 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-09 05:39 - 2015-11-22 07:59 - 01659568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-12-09 05:39 - 2015-11-22 07:59 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-12-09 05:39 - 2015-11-22 07:59 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-12-09 05:39 - 2015-11-22 07:59 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-12-09 05:39 - 2015-11-22 07:58 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-09 05:39 - 2015-11-21 19:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-12-09 05:39 - 2015-11-21 18:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-12-09 05:39 - 2015-11-21 17:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-09 05:39 - 2015-11-21 17:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-09 05:39 - 2015-11-21 17:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-09 05:39 - 2015-11-21 17:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-09 05:39 - 2015-11-20 23:47 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-09 05:39 - 2015-11-20 19:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-09 05:39 - 2015-11-20 17:58 - 03706880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-09 05:39 - 2015-11-20 17:47 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-12-09 05:39 - 2015-11-20 17:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-12-09 05:39 - 2015-11-20 17:44 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-12-09 05:39 - 2015-11-20 17:44 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-12-09 05:39 - 2015-11-20 17:43 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-12-09 05:39 - 2015-11-20 17:42 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-12-09 05:39 - 2015-11-20 17:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-12-09 05:39 - 2015-11-20 17:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-12-09 05:39 - 2015-11-20 17:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-12-09 05:39 - 2015-11-20 17:27 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-12-09 05:39 - 2015-11-09 01:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-09 05:39 - 2015-11-08 23:30 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-09 05:39 - 2015-11-08 22:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-12-09 05:39 - 2015-11-08 22:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-12-09 05:39 - 2015-11-08 22:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-09 05:39 - 2015-11-08 21:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-12-09 05:39 - 2015-11-08 21:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-09 05:39 - 2015-11-08 21:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-09 05:39 - 2015-10-28 16:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-09 05:39 - 2015-10-28 16:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-09 05:39 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-09 05:39 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-09 05:39 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-09 05:39 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-09 05:39 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-09 05:39 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-09 05:39 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-09 05:39 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-09 05:39 - 2015-10-22 17:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-09 05:39 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-12-09 05:39 - 2015-10-22 16:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-09 05:39 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-12-09 05:39 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-09 05:39 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2015-12-09 05:39 - 2015-10-11 07:34 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-09 05:39 - 2015-10-11 07:34 - 00462168 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-12-09 05:39 - 2015-10-11 07:34 - 00443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-12-09 05:39 - 2015-10-11 07:34 - 00092504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-12-09 05:39 - 2015-10-11 07:34 - 00027992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-12-09 05:39 - 2015-10-10 19:41 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-12-09 05:39 - 2015-10-10 19:41 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-12-09 05:39 - 2015-10-10 19:40 - 00078848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusb.sys
2015-12-09 05:39 - 2015-10-10 18:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-12-09 05:39 - 2015-10-08 17:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2015-12-09 05:39 - 2015-10-08 16:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2015-12-09 05:39 - 2015-10-05 19:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-12-09 05:39 - 2015-10-05 19:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-12-09 05:39 - 2015-10-03 20:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-12-09 05:39 - 2015-10-03 20:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-12-08 19:26 - 2016-01-05 20:18 - 00000296 _____ C:\WINDOWS\Tasks\Start WinZip Driver Updater for ERWINFRIESEN@Erwin(logon).job
2015-12-08 19:26 - 2015-12-08 19:26 - 00003432 _____ C:\WINDOWS\System32\Tasks\Start WinZip Driver Updater Schedule
2015-12-08 19:26 - 2015-12-08 19:26 - 00003364 _____ C:\WINDOWS\System32\Tasks\Start WinZip Driver Updater Update
2015-12-08 19:26 - 2015-12-08 19:26 - 00002576 _____ C:\WINDOWS\System32\Tasks\Start WinZip Driver Updater for ERWINFRIESEN@Erwin(logon)
2015-12-08 19:25 - 2015-12-08 23:27 - 00000000 ____D C:\Program Files\WinZip Driver Updater

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-01-05 22:43 - 2014-01-18 12:22 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\ClassicShell
2016-01-05 21:10 - 2014-06-17 09:38 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-05 20:39 - 2015-12-01 18:39 - 00000945 _____ C:\WINDOWS\Tasks\EPSON WF-2650 Series Update {27E55862-C7BB-4743-9435-9B4417B1181F}.job
2016-01-05 20:27 - 2015-06-21 21:22 - 00001144 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-05 20:22 - 2014-04-21 11:19 - 00000000 ___DC C:\WINDOWS\Panther
2016-01-05 20:20 - 2014-08-20 10:19 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-01-05 20:18 - 2015-06-21 21:22 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-05 20:18 - 2014-04-21 11:15 - 00000000 ___RD C:\Users\Erwin\OneDrive
2016-01-05 20:18 - 2014-01-19 13:17 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\.oit
2016-01-05 20:14 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-01-05 20:11 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-03 14:09 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-31 10:51 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2015-12-29 09:10 - 2014-06-17 09:38 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-12-28 22:34 - 2015-10-01 08:40 - 00000042 _____ C:\Users\Erwin\AppData\Roaming\url.txt
2015-12-28 22:34 - 2015-09-18 20:29 - 00000000 ____D C:\Users\Erwin\Documents\UseNeXT
2015-12-28 22:34 - 2014-01-19 18:23 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\UseNeXT
2015-12-28 22:20 - 2014-01-22 22:36 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\vlc
2015-12-28 12:04 - 2014-03-18 11:03 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-28 12:04 - 2014-03-18 10:25 - 00764340 _____ C:\WINDOWS\system32\perfh007.dat
2015-12-28 12:04 - 2014-03-18 10:25 - 00159160 _____ C:\WINDOWS\system32\perfc007.dat
2015-12-28 11:58 - 2014-01-19 13:21 - 00000000 ____D C:\Users\Erwin\Documents\Eigene PaperPort-Dokumente
2015-12-28 11:34 - 2015-01-28 22:35 - 00000000 ____D C:\Users\Erwin\AppData\Local\Package Cache
2015-12-27 03:25 - 2014-01-17 17:51 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-681885862-1274788781-1503667042-1001
2015-12-27 03:18 - 2012-11-28 13:09 - 00000000 ____D C:\ProgramData\Acer
2015-12-27 03:04 - 2013-04-06 01:49 - 00000000 ____D C:\ProgramData\Intel
2015-12-27 00:30 - 2015-05-08 22:00 - 00000000 ____D C:\ProgramData\Epson
2015-12-26 18:33 - 2013-08-22 14:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-26 13:25 - 2015-10-05 20:48 - 00655360 _____ C:\WINDOWS\SysWOW64\ꧣ鲁뷦꞉뗦ꒅ藦鲭跧낕跧ꮥ냦ꆉ藦뚁郣꺀胣鲑釧ꆱ뷦꒕闦뎽맦뚕釧꾉맢ꒅ
2015-12-26 12:44 - 2014-01-19 18:14 - 00000000 ____D C:\Users\Erwin\Documents\Mein Steuer-Sparbuch Heute
2015-12-26 09:48 - 2014-12-10 08:46 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-26 09:48 - 2014-12-10 08:46 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-26 00:20 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-26 00:09 - 2015-05-25 10:44 - 00000000 ___RD C:\Users\Erwin\Desktop\gescannt
2015-12-25 23:40 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-25 04:22 - 2014-08-06 16:46 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-24 01:31 - 2014-10-05 21:59 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\dvdcss
2015-12-22 11:14 - 2014-01-19 13:09 - 00001061 _____ C:\WINDOWS\wiso.ini
2015-12-22 11:14 - 2014-01-19 13:07 - 00000000 ____D C:\Program Files (x86)\Steuer 2013
2015-12-22 10:14 - 2014-06-01 18:01 - 00000000 ____D C:\Users\Erwin\AppData\Local\Google
2015-12-20 11:00 - 2015-04-04 04:54 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-12-20 11:00 - 2015-04-04 04:54 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-12-19 10:22 - 2014-02-07 00:22 - 00000000 ____D C:\Users\Erwin\AppData\Local\ElevatedDiagnostics
2015-12-18 22:55 - 2015-07-10 07:57 - 00214528 ___SH C:\Users\Erwin\Documents\Thumbs.db
2015-12-16 23:28 - 2015-06-21 21:23 - 00002155 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-14 22:47 - 2014-02-08 00:20 - 01284096 ___SH C:\Users\Erwin\Desktop\Thumbs.db
2015-12-14 22:09 - 2014-04-21 10:26 - 00000000 ____D C:\Users\Erwin
2015-12-14 22:01 - 2013-08-22 15:44 - 00508528 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-14 10:38 - 2015-10-04 07:37 - 00000000 ____D C:\Program Files (x86)\UseNeXT
2015-12-13 15:27 - 2014-12-10 23:55 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\Samsung
2015-12-13 15:26 - 2014-12-10 23:55 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-12-13 15:23 - 2012-11-28 13:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-13 15:21 - 2014-12-10 23:57 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2015-12-13 14:18 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-09 06:50 - 2014-01-20 10:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 06:50 - 2014-01-20 10:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 06:49 - 2014-01-20 10:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-09 06:34 - 2014-01-20 10:00 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-08-29 22:37 - 2015-08-29 22:37 - 0000000 _____ () C:\Program Files (x86)\GUTDECA.tmp
2015-10-01 08:40 - 2015-12-28 22:34 - 0000042 _____ () C:\Users\Erwin\AppData\Roaming\url.txt
2014-06-01 18:15 - 2014-06-01 18:15 - 0003584 _____ () C:\Users\Erwin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-17 10:57 - 2015-01-17 10:57 - 0001453 _____ () C:\Users\Erwin\AppData\Local\recently-used.xbel
2015-06-26 04:34 - 2015-06-26 04:34 - 0007609 _____ () C:\Users\Erwin\AppData\Local\Resmon.ResmonCfg

Einige Dateien in TEMP:
====================
C:\Users\Erwin\AppData\Local\Temp\SecurityReviverSetup.exe
C:\Users\Erwin\AppData\Local\Temp\_is18E1.exe
C:\Users\Erwin\AppData\Local\Temp\_is33FB.exe
C:\Users\Erwin\AppData\Local\Temp\_is93BF.exe
C:\Users\Erwin\AppData\Local\Temp\_isB32E.exe
C:\Users\Erwin\AppData\Local\Temp\_isD11E.exe
C:\Users\Erwin\AppData\Local\Temp\_isE91A.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-10-21 23:24

==================== Ende von FRST.txt ============================

--- --- ---

Jidddooo · 05.01.2016, 22:54

und hier die Additional.txt

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:31-12-2015
durchgeführt von Erwin (2016-01-05 22:46:39)
Gestartet von C:\Users\Erwin\Desktop
Windows 8.1 (X64) (2014-04-21 10:11:54)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-681885862-1274788781-1503667042-500 - Administrator - Disabled)
Erwin (S-1-5-21-681885862-1274788781-1503667042-1001 - Administrator - Enabled) => C:\Users\Erwin
Gast (S-1-5-21-681885862-1274788781-1503667042-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-681885862-1274788781-1503667042-1007 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Disabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Disabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3012 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3124 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3204 - Acer Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Advantage Database Server for Windows v11.10 (HKLM-x32\...\{8F7F5EAD-7785-4246-83F0-C6A9204AF971}) (Version: 11.10.0010 - Sybase, Inc.)
Agenda Software (HKLM-x32\...\Aguninst) (Version:  - )
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.3.2 - Angry IP Scanner)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dakota.ag (HKLM-x32\...\dakota.ag) (Version: 6.0.30 - ITSG GmbH)
dakota.ag (x32 Version: 6.0.30 - ITSG GmbH) Hidden
Druckerdeinstallation für EPSON WF-2650 Series (HKLM\...\EPSON WF-2650 Series) (Version:  - SEIKO EPSON Corporation)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.2.17437 - Landesfinanzdirektion Thüringen)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.70.0000 - EPSON)
Epson Easy Photo Print 2 (HKLM-x32\...\{71E90740-5E5F-4D43-AB8F-CAC1D93DBB5B}) (Version: 2.5.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{E904F572-D7DB-43C1-929F-043F267FC77D}) (Version: 1.22.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.60.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.20.0000 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
EPSON-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)
Fujitsu Cobol 5.0 Run-time (HKLM-x32\...\{C8A195E4-824A-11D3-A28F-0040335395C1}) (Version: 5.0 - Fujitsu)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.1.0.1055 - Citrix Online, a division of Citrix Systems, Inc.)
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.3004 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
InetStat (HKU\S-1-5-21-681885862-1274788781-1503667042-1001\...\InetStat) (Version: 0.5b - InetStat) <==== ACHTUNG
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
KONZ-Steuer-2014 (HKLM-x32\...\InstallShield_{20F1078B-E3B6-4DA1-9570-003DE110890A}) (Version: 1.00.0000 - USM)
KONZ-Steuer-2014 (x32 Version: 1.00.0000 - USM) Hidden
Lexware Elster (x32 Version: 15.23.00.0023 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Elster 2015 (HKLM-x32\...\{3a5efc01-edc5-45bd-bd13-dec736cdc85d}) (Version: 15.23.0.23 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office 2015 (HKLM-x32\...\{5377cb68-4b69-44ff-b21e-201c009cfec9}) (Version: 19.4.0.134 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office 2015 (x32 Version: 19.53.00.0315 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Info Service (x32 Version: 5.00.00.0044 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Installations Dienst (x32 Version: 4.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware online banking (x32 Version: 22.00.00.0035 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware PDF-Export 5 (x32 Version: 5.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 40.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 de)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2.5702 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
MyEpson Portal (x32 Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
MyFreeCodec (HKU\S-1-5-21-681885862-1274788781-1503667042-1001\...\MyFreeCodec) (Version:  - )
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
Nuance PDF Viewer Plus (HKLM-x32\...\{EC00862A-C16F-4ED0-BC06-34538512E730}) (Version: 5.30.3296 - Nuance Communications, Inc)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3202 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3202 - Acer)
Presto! PageManager 9.32  (HKLM-x32\...\{378DD150-B73B-42A2-954C-B27B70167B66}) (Version: 9.32.10 - Newsoft Technology Corporation)
ProductivityBoss Internet Explorer Toolbar (HKLM-x32\...\ProductivityBoss_e5bar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ACHTUNG
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6680 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
SAD-Etikettendrucker v2.13 (HKLM-x32\...\SAD-Etikettendrucker) (Version: 2.13 - S.A.D.)
Sage BankCom (x32 Version: 2.00.0000 - Sage Software GmbH) Hidden
Sage GS SAIP (x32 Version: 1.0.1.130 - Sage Software GmbH) Hidden
Sage GS-Buchhalter (HKLM-x32\...\Sage GS-Buchhalter) (Version: 2015 - Sage Software GmbH)
Sage HBCI-Kontaktverwaltung (HKLM-x32\...\{32BFD212-A55E-4D1A-9E42-DB3764B761B8}) (Version: 3.0 - Sage Software GmbH)
SageDB 5.0 (HKLM-x32\...\SageDB 5.0) (Version:  - )
Sagede.Shared.Elster.Setup (x32 Version: 1.0.0.0.34 - Sage Software GmbH) Hidden
Sagede.Shared.Elster.Setup (x32 Version: 1.0.0.0.35 - Sage Software GmbH) Hidden
Sagede.Shared.Elster.Setup (x32 Version: 1.0.0.0.37 - Sage Software GmbH) Hidden
Sagede.Shared.Elster.Setup (x32 Version: 1.0.0.0.44 - Sage Software GmbH) Hidden
Sagede.Shared.Elster.Setup (x32 Version: 1.0.0.0.47 - Sage Software GmbH) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13074_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13074_14 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION) <==== ACHTUNG
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Steuer 2013 (HKLM-x32\...\{05AEF487-8926-48A9-B5BA-9BED72BC6B1C}) (Version: 21.00.8480 - Buhl Data Service GmbH)
sv.net (HKLM-x32\...\sv.net) (Version: 15.0 - ITSG GmbH)
tax 2015 (HKLM-x32\...\{4CF96070-DEE5-43B5-B6A7-23AC07BC0C77}) (Version: 22.00.8811 - Buhl Data Service GmbH)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 3.0.2.1739 - 1&1 Mail & Media GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WinZip Driver Updater (HKLM\...\WinZip Driver Updater) (Version: 5.3.2.18 - VAPC (Lux) S.a.r.L)
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{C252DC3E-620B-45EE-8A7C-819CBADBBC0E}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{DE778D58-1853-474D-ABD1-BC8C44693C05}) (Version: 22.00.8811 - Buhl Data Service GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {000A0F21-277F-4D58-AA79-6AE36E2347C2} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-20] (CyberLink)
Task: {085DB56C-EF04-44FF-80EB-667BEAEE9E21} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {13DC05A5-8396-4ECD-A6FB-F9BD1370DA99} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {1BBFBFB5-2437-4866-BA2F-C4F35532A194} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {20D0AC5C-AB5E-44E0-8BAA-23A8AB23FA05} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-23] (Acer Incorporated)
Task: {20E732A7-691D-4830-A584-8724EF52FE5D} - System32\Tasks\EPSON WF-2650 Series Update {27E55862-C7BB-4743-9435-9B4417B1181F} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {2ACB0D42-5DF4-44D3-BEE2-DFEAB179DF6C} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2012-09-20] (Acer Incorporated)
Task: {2F28DA94-A5A4-4853-9B6D-FDCFCEDEF4A4} - \Yahoo! Search -> Keine Datei <==== ACHTUNG
Task: {3CC2B2D5-BEE3-495D-8377-E2077D03CE9E} - System32\Tasks\Start WinZip Driver Updater for ERWINFRIESEN@Erwin(logon) => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe [2015-10-14] ()
Task: {4CCC7CE8-309C-43A8-94F1-27C567719027} - System32\Tasks\Start WinZip Driver Updater Schedule => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe [2015-10-14] ()
Task: {54922695-55E7-4226-A432-808469E2BE79} - \avaxvbxvgx -> Keine Datei <==== ACHTUNG
Task: {5640F9F3-F138-44FF-9BBF-CCDB45A81D1C} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {56663C48-EC77-4C1E-9CB0-F01DFBFD1993} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-09] (Microsoft Corporation)
Task: {6D2EE4EF-77C5-438B-8164-785E0623F783} - System32\Tasks\{E3ACF370-EEB8-447F-8E9F-7B0989EA348D} => pcalua.exe -a E:\AUTORUN.EXE -d E:\
Task: {7539F791-12E6-4202-B809-B87CAFA8C768} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-29] (Adobe Systems Incorporated)
Task: {77DFDDB3-A583-4F46-8B49-2959D215E0BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-21] (Google Inc.)
Task: {7C0D51C8-B39B-46AF-A44B-A47D63D20C7A} - System32\Tasks\Start WinZip Driver Updater Update => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe [2015-10-14] ()
Task: {7D975617-00FC-464C-A1F3-7844B1D8A27E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {814F244B-F678-4754-A2B5-5BDAA0A695F7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {87B72BD8-0002-4C92-B259-52E1D78F515D} - System32\Tasks\{DCD2C8E0-2382-44DB-9CFA-6A89628F59E7} => pcalua.exe -a E:\LxStart.exe -d E:\
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {C3720B56-2916-4287-B13A-8B2700C63FF2} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-30] ()
Task: {D161499A-4CCF-4784-8539-46ED85A93ED3} - System32\Tasks\{1D38165E-C702-4F8F-A3BC-34B272D7269F} => pcalua.exe -a "C:\Program Files (x86)\UseNeXT\unins000.exe"
Task: {D4D81D7B-F43D-4634-B55F-F94C968DE745} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-21] (Google Inc.)
Task: {FC7C8FD9-EAAE-4DB1-815E-317EC1B1A0B0} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2012-10-08] (Acer Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\EPSON WF-2650 Series Update {27E55862-C7BB-4743-9435-9B4417B1181F}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE:/EXE:{27E55862-C7BB-4743-9435-9B4417B1181F} /F:UpdateWORKGROUP\ERWINFRIESEN$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Start WinZip Driver Updater for ERWINFRIESEN@Erwin(logon).job => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-06-17 09:53 - 2011-07-18 13:55 - 05685248 _____ () C:\Program Files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe
2015-12-08 19:26 - 2015-10-14 08:12 - 20318720 _____ () C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-01-25 01:22 - 2014-01-25 01:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-04-06 01:54 - 2013-04-06 01:54 - 01193176 _____ () C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
2013-05-08 13:52 - 2013-05-08 13:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-04-06 01:51 - 2012-07-18 19:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-06-17 11:35 - 2013-06-17 11:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2015-12-09 16:49 - 2015-12-09 16:49 - 00960000 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\8ddd8ad15fe3fb05a871ef0115fb84e2\Windows.UI.ni.dll
2015-09-12 07:40 - 2015-09-12 07:40 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\16c3eb7650767d95d002c998d0c73eb5\Windows.Foundation.ni.dll
2014-09-11 13:09 - 2014-09-11 13:09 - 00176168 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2014-09-11 13:09 - 2014-09-11 13:09 - 00043048 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll
2015-05-08 19:52 - 2008-11-17 13:56 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\nsSign.dll
2015-05-08 19:52 - 2014-02-28 09:25 - 00061440 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PerformOcr.dll
2015-05-08 19:52 - 2014-01-23 13:03 - 00065536 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMISM.dll
2015-05-08 19:52 - 2014-01-23 13:02 - 00172032 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMCommon.dll
2015-05-08 19:52 - 2013-07-22 10:08 - 00069632 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PHooKDlg.dll
2015-05-08 19:52 - 2013-10-25 15:21 - 00139264 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMSet.dll
2015-05-08 19:52 - 2011-12-22 12:36 - 00098304 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\Qem.dll
2015-05-08 19:52 - 2014-01-05 14:03 - 01494528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\cairo.dll
2015-05-08 19:52 - 2014-02-17 09:42 - 00135168 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\ComClass.dll
2015-05-08 19:52 - 2014-02-17 09:42 - 00352256 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\CloudManager.dll
2015-05-08 19:52 - 2014-02-17 09:45 - 00118784 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMSave.dll
2015-05-08 19:52 - 2014-02-17 09:43 - 00667648 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMDB_N.dll
2015-05-08 19:52 - 2013-11-27 09:28 - 00049152 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMINSO.dll
2015-05-08 19:52 - 2014-01-23 19:13 - 00147456 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMANO.dll
2015-05-08 19:52 - 2013-04-26 13:06 - 00053248 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMOffice.dll
2015-05-08 19:52 - 2007-03-30 10:08 - 00034896 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\NSWinZip.dll
2015-05-08 19:52 - 2014-03-13 20:22 - 00208896 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\ScanModule.dll
2015-05-08 19:52 - 2014-02-17 09:43 - 00331776 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMTree.dll
2015-05-08 19:52 - 2013-12-25 09:22 - 00110592 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMProp.dll
2015-05-08 19:52 - 2013-07-22 10:12 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMVoice.dll
2015-05-08 19:52 - 2013-06-22 10:10 - 00077824 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\OutlookVBA.dll
2015-05-08 19:52 - 2013-07-31 08:20 - 00344064 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMAppBar.dll
2015-05-08 19:52 - 2014-02-25 08:20 - 04669440 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMView.dll
2015-05-08 19:52 - 2007-03-30 09:01 - 00038992 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\NsOEMKey.dll
2015-05-08 19:52 - 2014-01-26 14:09 - 00442368 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMPageVW.dll
2015-05-08 19:52 - 2014-02-17 09:45 - 00106496 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMDocVW.dll
2015-05-08 19:52 - 2014-01-23 13:03 - 01036288 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\SlideBarDLL.dll
2015-05-08 19:52 - 2014-02-17 09:45 - 00188416 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMImgVW.dll
2015-05-08 19:52 - 2013-07-22 10:16 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMIEVW.dll
2015-05-08 19:52 - 2013-12-25 09:20 - 00049152 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMPDFView.dll
2015-05-08 19:52 - 2013-07-22 10:08 - 00323584 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMAnoSet.dll
2015-05-08 19:52 - 2013-07-22 10:09 - 00098304 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMApSet.dll
2015-05-08 19:52 - 2013-06-22 10:12 - 00065536 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMStatus.dll
2015-05-08 19:52 - 2014-02-28 09:25 - 00323584 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMScnSet.dll
2015-05-08 19:52 - 2013-07-22 10:15 - 00028672 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\Import.dll
2015-05-08 19:52 - 2013-07-22 10:14 - 00098304 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMImageSplitter.dll
2015-05-08 19:52 - 2013-06-22 10:09 - 00081920 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\NetFun2K.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:0B9FB94D

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-681885862-1274788781-1503667042-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\...\StartupApproved\Run: => "Agenda-Arbeitsplatz"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{DD295A62-FFB0-4082-B3D9-C351701BC643}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{ABEAF8D0-B6F0-4F15-BC33-075AAD6A39D9}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{EDA66CD5-7590-4233-866D-CBB95D33F573}] => (Allow) C:\Program Files (x86)\Extended\ADS11.10\Server\ads.exe
FirewallRules: [{218B70F3-B796-40EC-AC8E-7236E15AC33D}] => (Allow) C:\Program Files (x86)\Extended\ADS11.10\Server\ads.exe
FirewallRules: [{D6E25607-A2B2-45E5-A196-852368DD0A73}] => (Allow) C:\Program Files (x86)\Extended\ADS11.10\Server\ads.exe
FirewallRules: [{FC7B186D-67C6-43C4-971A-49F9629F95A6}] => (Allow) C:\Program Files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe
FirewallRules: [{3485F9F4-25B2-4834-AA03-81955DB15CC4}] => (Allow) C:\Program Files (x86)\Sage\GSBuchhalter\GSBuchhalter.exe
FirewallRules: [{AB983AF0-DB80-4577-B594-366553EEF1B9}] => (Allow) C:\Users\Erwin\AppData\Roaming\Allmyapps\Allmyapps.exe
FirewallRules: [{853F9C58-58B2-4D68-9C7C-3FA6931740C9}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{25245D74-A830-4F2F-A5D9-232D39F8A795}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{5A056C01-6A66-4538-9A27-23816A67EA81}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{C0D7201F-3D97-4627-80A6-3D8462952AE4}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{0C3CA32A-AE98-4A98-A21D-CF2CE8995AA9}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{4BCFF073-9AD4-4251-8947-BDF852E2158C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{CFB1E3F2-09E3-45A2-AE64-2205C80AF1C1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{48D4B54C-E8D9-4937-A093-A8A3B32B86F6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{9B532EC4-8949-4918-99CE-36E931CC0EA0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe
FirewallRules: [{011C5526-6FD7-49D7-A725-A07AA340DC67}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{588E533E-A803-43CE-B0FA-25A3F3D3C35B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{3CC9B398-88C0-4C19-AF58-E07942124C59}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{82D83D75-6DEA-4881-85C1-71AD7F00F6BB}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{C9E0FDB1-7A7E-43F0-8F8F-4BF44300DD66}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{00769374-91B8-4A98-B9E7-C88F6DDAB618}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{295F7474-9DC4-4109-B97C-485FB84E6FDC}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{E08A9638-C6AD-470C-9F91-D21EB8E92F64}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{3B60AB2C-4F2D-41AF-8ACC-36D0576AC035}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{E72855DD-2FAC-4482-8586-7B5C35145470}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{194CA2AB-2B66-430A-8365-475E2E6E376F}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{78C8105B-F7FD-486E-9A91-0602EDFE9167}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{C4FEDAB6-541D-49E4-845D-E15DA1E351E1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1CAD3445-2689-4963-8907-758B214A9DD4}] => (Allow) LPort=2869
FirewallRules: [{CB558F18-FA2E-4F0A-98AD-94AED5E27767}] => (Allow) LPort=1900
FirewallRules: [{F3ED86E3-EAC5-4DC0-BE5C-BBD388C87580}] => (Allow) C:\Program Files (x86)\Sage\GSOffice\GSOffice.exe
FirewallRules: [{A13EAE3C-3704-47EE-AF4B-5E6145D48215}] => (Allow) C:\Program Files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe
FirewallRules: [{CAD63421-42A7-46F7-AB13-AABDF4FF5789}] => (Allow) C:\Program Files (x86)\Sage\GSBuchhalter\GSBuchhalter.exe
FirewallRules: [{E44C6140-4C0D-45DE-BD2E-280420DD2581}] => (Allow) C:\Program Files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe
FirewallRules: [{7D5FFEB0-D7BA-41AC-91A6-097DFFEBC439}] => (Allow) C:\Program Files (x86)\Sage\GSBuchhalter\GSBuchhalter.exe
FirewallRules: [{277337BE-3058-4739-9F93-493DF6971017}] => (Allow) C:\Program Files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe
FirewallRules: [{31318983-B0DD-4BBF-9E02-92791B3C5F6C}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{1CD1E2D7-E541-4120-8308-E655F5B41F6E}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{0B149188-8FD8-4BD6-901C-EE93A1272B7B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9DD1E3A4-278F-49EC-9F4C-5BF237BDAC8C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{E6D0954F-8FAA-4072-BDB1-D862A63185BC}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{43B22025-F81E-4EF5-9088-E35559462736}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{D5F23CE2-4307-48ED-AD2D-0F3A474DB266}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{02DC9699-00A5-4143-93B7-00C953F0DB6C}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{66E3E95B-99A7-4143-8D62-BD67EDABA364}] => (Allow) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\LicenseCheck.exe
FirewallRules: [{3E1DD25C-B788-464D-8138-BE5AD9FBC1D9}] => (Allow) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\LicenseCheck.exe
FirewallRules: [{358BF6FF-3A87-4213-839B-F4C66FE5BBD4}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{3154CD78-A011-4175-B2C2-293A54698CAD}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [TCP Query User{5278512F-D014-4AD5-9EF4-953DBE047533}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{F6E2E70C-8146-489F-ACCB-138A04CB07B8}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{49E7B224-E10F-4893-87B8-7616B7763EE3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

03-01-2016 14:09:12 Windows Update
05-01-2016 20:31:17 Removed DriverUpdate

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (01/05/2016 08:30:08 PM) (Source: MsiInstaller) (EventID: 11706) (User: ERWINFRIESEN)
Description: Produkt: Lexware financial office 2015 -- Fehler 1706. Für das Produkt Lexware financial office 2015 wurde kein Installationspaket gefunden. Wiederholen Sie die Installation und verwenden Sie dabei eine gültige Kopie des Installationspakets "financial_office.msi".

Error: (01/05/2016 08:18:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.Systray.exe, Version: 1.1.25.25617, Zeitstempel: 0x5447ad92
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18007, Zeitstempel: 0x55c4bcfc
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00015b68
ID des fehlerhaften Prozesses: 0x13d4
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.Systray.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.Systray.exe1
Pfad des fehlerhaften Moduls: Avira.OE.Systray.exe2
Berichtskennung: Avira.OE.Systray.exe3
Vollständiger Name des fehlerhaften Pakets: Avira.OE.Systray.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Avira.OE.Systray.exe5

Error: (01/05/2016 08:18:38 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.Systray.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Configuration.ConfigurationErrorsException
Stapel:
   bei System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
   bei System.Configuration.BaseConfigurationRecord.GetSection(System.String)
   bei System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)
   bei System.Configuration.ConfigurationManager.get_AppSettings()
   bei Avira.OE.WinCore.OeProductInfo.get_Culture()
   bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
   bei Avira.OE.Systray.Program.Main(System.String[])

Error: (01/05/2016 08:12:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe, Version: 1.1.25.25607, Zeitstempel: 0x5447ad7e
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18007, Zeitstempel: 0x55c4bcfc
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00015b68
ID des fehlerhaften Prozesses: 0xe34
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.ServiceHost.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe1
Pfad des fehlerhaften Moduls: Avira.OE.ServiceHost.exe2
Berichtskennung: Avira.OE.ServiceHost.exe3
Vollständiger Name des fehlerhaften Pakets: Avira.OE.ServiceHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Avira.OE.ServiceHost.exe5

Error: (01/05/2016 08:12:27 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.TypeInitializationException
Stapel:
   bei NLog.Common.InternalLogger.Debug(System.String, System.Object[])
   bei NLog.LogFactory.get_Configuration()
   bei NLog.LogFactory.GetLogger(LoggerCacheKey)
   bei NLog.LogFactory.GetLogger(System.String)
   bei NLog.LogManager.GetLogger(System.String)
   bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (01/05/2016 08:12:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe, Version: 1.1.25.25607, Zeitstempel: 0x5447ad7e
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18007, Zeitstempel: 0x55c4bcfc
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00015b68
ID des fehlerhaften Prozesses: 0xd48
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.ServiceHost.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe1
Pfad des fehlerhaften Moduls: Avira.OE.ServiceHost.exe2
Berichtskennung: Avira.OE.ServiceHost.exe3
Vollständiger Name des fehlerhaften Pakets: Avira.OE.ServiceHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Avira.OE.ServiceHost.exe5

Error: (01/05/2016 08:12:16 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.TypeInitializationException
Stapel:
   bei NLog.Common.InternalLogger.Debug(System.String, System.Object[])
   bei NLog.LogFactory.get_Configuration()
   bei NLog.LogFactory.GetLogger(LoggerCacheKey)
   bei NLog.LogFactory.GetLogger(System.String)
   bei NLog.LogManager.GetLogger(System.String)
   bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (01/05/2016 08:12:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe, Version: 1.1.25.25607, Zeitstempel: 0x5447ad7e
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18007, Zeitstempel: 0x55c4bcfc
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00015b68
ID des fehlerhaften Prozesses: 0x940
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.ServiceHost.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe1
Pfad des fehlerhaften Moduls: Avira.OE.ServiceHost.exe2
Berichtskennung: Avira.OE.ServiceHost.exe3
Vollständiger Name des fehlerhaften Pakets: Avira.OE.ServiceHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Avira.OE.ServiceHost.exe5

Error: (01/05/2016 08:11:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mepService.exe, Version: 1.1.2.0, Zeitstempel: 0x541f882f
Name des fehlerhaften Moduls: mepService.exe, Version: 1.1.2.0, Zeitstempel: 0x541f882f
Ausnahmecode: 0xc000000d
Fehleroffset: 0x0006c33b
ID des fehlerhaften Prozesses: 0x68
Startzeit der fehlerhaften Anwendung: 0xmepService.exe0
Pfad der fehlerhaften Anwendung: mepService.exe1
Pfad des fehlerhaften Moduls: mepService.exe2
Berichtskennung: mepService.exe3
Vollständiger Name des fehlerhaften Pakets: mepService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mepService.exe5

Error: (01/05/2016 08:11:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.2.19.0, Zeitstempel: 0x55e84649
Name des fehlerhaften Moduls: mbamservice.exe, Version: 3.2.19.0, Zeitstempel: 0x55e84649
Ausnahmecode: 0x40000015
Fehleroffset: 0x000ad2a6
ID des fehlerhaften Prozesses: 0x408
Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0
Pfad der fehlerhaften Anwendung: mbamservice.exe1
Pfad des fehlerhaften Moduls: mbamservice.exe2
Berichtskennung: mbamservice.exe3
Vollständiger Name des fehlerhaften Pakets: mbamservice.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbamservice.exe5


Systemfehler:
=============
Error: (01/05/2016 08:12:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (01/05/2016 08:12:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/05/2016 08:12:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/05/2016 08:12:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MyEpson Portal Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/05/2016 08:12:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/05/2016 08:11:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "PDFProFiltSrvPP" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/05/2016 08:09:08 PM) (Source: DCOM) (EventID: 10010) (User: ERWINFRIESEN)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (01/05/2016 08:09:08 PM) (Source: DCOM) (EventID: 10010) (User: ERWINFRIESEN)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (01/05/2016 08:09:08 PM) (Source: DCOM) (EventID: 10010) (User: ERWINFRIESEN)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (01/05/2016 08:07:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.


CodeIntegrity:
===================================
  Date: 2015-07-30 21:14:25.118
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-30 21:14:21.446
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-30 21:11:43.750
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-30 21:09:50.151
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-30 21:09:34.337
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-30 21:09:30.103
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-30 21:09:29.915
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-30 21:09:29.696
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-30 21:09:29.509
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-30 21:09:29.306
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
Prozentuale Nutzung des RAM: 30%
Installierter physikalischer RAM: 3978.69 MB
Verfügbarer physikalischer RAM: 2777.9 MB
Summe virtueller Speicher: 8330.69 MB
Verfügbarer virtueller Speicher: 6196.59 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:223.99 GB) (Free:31.14 GB) NTFS
Drive d: (DATA) (Fixed) (Total:225.17 GB) (Free:206.01 GB) NTFS
Drive e: (lfo1900) (CDROM) (Total:0.56 GB) (Free:0 GB) CDFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt ============================

Gruß Guido

Deathkid535 · 06.01.2016, 00:12

Hi,

Schritt # 1: MBAM

Lade dir, falls nicht schon vorhanden,

Malwarebytes Anti-Malware herunter, installiere und starte es.

Gehe in die Einstellungen, unter Erkennung und Schutz und setze das Hakerl für Suche nach Rootkits
Wechsle ins Amaturenbrett und klicke auf Jetzt Scannen
Nachdem der Suchlauf abgeschlossen ist, verschiebe alle vorhandenen Funde in die Quarantäne.
Nachdem der PC neu gestartet hat, findest du unter dem Punkt Verlauf dein Logfile. Poste mir dieses hier.

Schritt # 2: TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Schritt # 3: FRST

Und noch ein frisches FRST-Log bitte

Schritt # 4: Bitte Posten

Das Log von MBAM
Das Log von TDSS-Killer
Das frische FRST-Log

Jidddooo · 06.01.2016, 20:26

Hi Dennis,

hier der mbam txt

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 06.01.2016
Suchlaufzeit: 19:22
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.0.1024
Malware-Datenbank: v2016.01.06.04
Rootkit-Datenbank: v2016.01.05.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Erwin

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 463957
Abgelaufene Zeit: 31 Min., 58 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 154
PUP.Optional.AudioToAudioToolBar, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ProductivityBoss_e5Service, In Quarantäne, [16562115c3d689ad08669497b848ac54], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{5754a7f4-5cb7-4287-8354-170a8c185349}, In Quarantäne, [b2ba86b01485c076f5ecc8fea75d57a9], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{5754A7F4-5CB7-4287-8354-170A8C185349}, In Quarantäne, [b2ba86b01485c076f5ecc8fea75d57a9], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5754A7F4-5CB7-4287-8354-170A8C185349}, In Quarantäne, [b2ba86b01485c076f5ecc8fea75d57a9], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5754A7F4-5CB7-4287-8354-170A8C185349}, In Quarantäne, [b2ba86b01485c076f5ecc8fea75d57a9], 
PUP.Optional.MindSpark, HKU\S-1-5-21-681885862-1274788781-1503667042-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5754A7F4-5CB7-4287-8354-170A8C185349}, In Quarantäne, [b2ba86b01485c076f5ecc8fea75d57a9], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{5754A7F4-5CB7-4287-8354-170A8C185349}\INPROCSERVER32, In Quarantäne, [b2ba86b01485c076f5ecc8fea75d57a9], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{589cd417-937b-4d56-bb76-55260209dc19}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{589CD417-937B-4D56-BB76-55260209DC19}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{589CD417-937B-4D56-BB76-55260209DC19}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{589CD417-937B-4D56-BB76-55260209DC19}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKU\S-1-5-21-681885862-1274788781-1503667042-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{589CD417-937B-4D56-BB76-55260209DC19}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{ea729df7-fea8-443c-8781-327fa3ab7529}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EA729DF7-FEA8-443C-8781-327FA3AB7529}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EA729DF7-FEA8-443C-8781-327FA3AB7529}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKU\S-1-5-21-681885862-1274788781-1503667042-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EA729DF7-FEA8-443C-8781-327FA3AB7529}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0d8b1859-f5d4-42cd-804f-a77115b59335}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{f67b7f18-0d4d-4512-bbe9-efb219345aaa}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{252F607D-6B63-437F-81E1-E975EE7272B2}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{4BBACE60-3185-4379-9118-631C9447A61A}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{6A113A86-FDE2-4C7B-8767-F1621865EBF5}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{924C16A8-0E44-402F-9517-2E424E7048E3}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{C37884B1-D4F6-4FC9-B12E-68DF687499A5}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{C4EAC027-4D3E-48F7-B4D9-5002E6F5AD5D}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{252F607D-6B63-437F-81E1-E975EE7272B2}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4BBACE60-3185-4379-9118-631C9447A61A}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6A113A86-FDE2-4C7B-8767-F1621865EBF5}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{924C16A8-0E44-402F-9517-2E424E7048E3}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C37884B1-D4F6-4FC9-B12E-68DF687499A5}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C4EAC027-4D3E-48F7-B4D9-5002E6F5AD5D}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{252F607D-6B63-437F-81E1-E975EE7272B2}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4BBACE60-3185-4379-9118-631C9447A61A}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6A113A86-FDE2-4C7B-8767-F1621865EBF5}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{924C16A8-0E44-402F-9517-2E424E7048E3}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C37884B1-D4F6-4FC9-B12E-68DF687499A5}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C4EAC027-4D3E-48F7-B4D9-5002E6F5AD5D}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{f67b7f18-0d4d-4512-bbe9-efb219345aaa}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{f67b7f18-0d4d-4512-bbe9-efb219345aaa}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\ProductivityBoss_e5.SettingsPlugin.1, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\ProductivityBoss_e5.SettingsPlugin, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ProductivityBoss_e5.SettingsPlugin, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ProductivityBoss_e5.SettingsPlugin, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ProductivityBoss_e5.SettingsPlugin.1, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ProductivityBoss_e5.SettingsPlugin.1, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0D8B1859-F5D4-42CD-804F-A77115B59335}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKU\S-1-5-21-681885862-1274788781-1503667042-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0D8B1859-F5D4-42CD-804F-A77115B59335}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{0D8B1859-F5D4-42CD-804F-A77115B59335}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ProductivityBoss_e5bar Uninstall Internet Explorer, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{589CD417-937B-4D56-BB76-55260209DC19}\INPROCSERVER32, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BA49E624-6144-496B-AAAB-79759B6888D1}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\ProductivityBoss_e5.HTMLMenu.1, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\ProductivityBoss_e5.HTMLMenu, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ProductivityBoss_e5.HTMLMenu, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ProductivityBoss_e5.HTMLMenu, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ProductivityBoss_e5.HTMLMenu.1, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ProductivityBoss_e5.HTMLMenu.1, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{BA49E624-6144-496B-AAAB-79759B6888D1}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{BA49E624-6144-496B-AAAB-79759B6888D1}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8d7e32c4-aba8-4c05-9aa4-4a85354ef063}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{f1380a57-0bd5-456d-b0f7-3b499523518a}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{199C163D-4D49-4E9B-9D6C-AC6BB973D4A8}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{9C8E7207-65EE-409D-A886-DAD0BA15E67A}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{A56C23E8-8048-44FB-BBA0-0E6A6341F6FD}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{199C163D-4D49-4E9B-9D6C-AC6BB973D4A8}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9C8E7207-65EE-409D-A886-DAD0BA15E67A}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A56C23E8-8048-44FB-BBA0-0E6A6341F6FD}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{199C163D-4D49-4E9B-9D6C-AC6BB973D4A8}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9C8E7207-65EE-409D-A886-DAD0BA15E67A}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A56C23E8-8048-44FB-BBA0-0E6A6341F6FD}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{f1380a57-0bd5-456d-b0f7-3b499523518a}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{f1380a57-0bd5-456d-b0f7-3b499523518a}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\ProductivityBoss_e5.ToolbarProtector.1, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\ProductivityBoss_e5.ToolbarProtector, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ProductivityBoss_e5.ToolbarProtector, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ProductivityBoss_e5.ToolbarProtector, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ProductivityBoss_e5.ToolbarProtector.1, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ProductivityBoss_e5.ToolbarProtector.1, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8D7E32C4-ABA8-4C05-9AA4-4A85354EF063}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7fe15351-69de-4315-a5fb-559bcfb3e92f}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{efbe7b38-02f1-4dfc-b74a-ad993760b112}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{B8DDB598-E673-466E-AC13-3E191B0ABBF5}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B8DDB598-E673-466E-AC13-3E191B0ABBF5}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B8DDB598-E673-466E-AC13-3E191B0ABBF5}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{efbe7b38-02f1-4dfc-b74a-ad993760b112}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{efbe7b38-02f1-4dfc-b74a-ad993760b112}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7FE15351-69DE-4315-A5FB-559BCFB3E92F}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5f200fb4-8adb-4ce6-a081-b3b77b5abcb5}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{f655d745-b558-422d-af05-bf6d1e95ead0}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{9F477A7E-C0D9-479A-8718-1556D85239AA}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{F03930B1-1F0B-4037-9797-C442FD82B669}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9F477A7E-C0D9-479A-8718-1556D85239AA}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F03930B1-1F0B-4037-9797-C442FD82B669}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9F477A7E-C0D9-479A-8718-1556D85239AA}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F03930B1-1F0B-4037-9797-C442FD82B669}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{f655d745-b558-422d-af05-bf6d1e95ead0}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{f655d745-b558-422d-af05-bf6d1e95ead0}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5F200FB4-8ADB-4CE6-A081-B3B77B5ABCB5}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{55885bd8-e699-4866-9e77-87e9df61b2ee}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{d85cc617-78f3-4d5d-8715-bb52f7e43a77}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{6A9EB0D5-DF8A-40D7-9889-0EF36CBB0408}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{93780D8C-A0F1-4D3C-8AB3-3D7E355D377F}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{C586E391-870F-45DE-9846-82BA88A4E95A}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{D5634648-00CA-4D80-8C8E-84F901EF80B7}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6A9EB0D5-DF8A-40D7-9889-0EF36CBB0408}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{93780D8C-A0F1-4D3C-8AB3-3D7E355D377F}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C586E391-870F-45DE-9846-82BA88A4E95A}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D5634648-00CA-4D80-8C8E-84F901EF80B7}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6A9EB0D5-DF8A-40D7-9889-0EF36CBB0408}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{93780D8C-A0F1-4D3C-8AB3-3D7E355D377F}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C586E391-870F-45DE-9846-82BA88A4E95A}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D5634648-00CA-4D80-8C8E-84F901EF80B7}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{d85cc617-78f3-4d5d-8715-bb52f7e43a77}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{d85cc617-78f3-4d5d-8715-bb52f7e43a77}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{55885BD8-E699-4866-9E77-87E9DF61B2EE}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7a813178-28d6-4455-a4b0-36e538ec7c42}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\ProductivityBoss_e5.PseudoTransparentPlugin.1, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\ProductivityBoss_e5.PseudoTransparentPlugin, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ProductivityBoss_e5.PseudoTransparentPlugin, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ProductivityBoss_e5.PseudoTransparentPlugin, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ProductivityBoss_e5.PseudoTransparentPlugin.1, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ProductivityBoss_e5.PseudoTransparentPlugin.1, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7A813178-28D6-4455-A4B0-36E538EC7C42}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7A813178-28D6-4455-A4B0-36E538EC7C42}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{9b667db4-ae4b-4d59-a2a3-d12a41a2f2cf}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{9B667DB4-AE4B-4D59-A2A3-D12A41A2F2CF}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9B667DB4-AE4B-4D59-A2A3-D12A41A2F2CF}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{06012b99-2f56-4984-8280-f49015649e87}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{cd6d3114-d014-4a6e-84e6-338d7349da37}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{78C0333F-10EA-4BA0-B496-FD8F8E1E61E6}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{EB67B5F7-B21E-4D5C-BB16-F074C6BA350B}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{78C0333F-10EA-4BA0-B496-FD8F8E1E61E6}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EB67B5F7-B21E-4D5C-BB16-F074C6BA350B}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{78C0333F-10EA-4BA0-B496-FD8F8E1E61E6}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EB67B5F7-B21E-4D5C-BB16-F074C6BA350B}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{cd6d3114-d014-4a6e-84e6-338d7349da37}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{cd6d3114-d014-4a6e-84e6-338d7349da37}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\ProductivityBoss_e5.HTMLPanel.1, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\ProductivityBoss_e5.HTMLPanel, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ProductivityBoss_e5.HTMLPanel, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ProductivityBoss_e5.HTMLPanel, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ProductivityBoss_e5.HTMLPanel.1, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ProductivityBoss_e5.HTMLPanel.1, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{06012B99-2F56-4984-8280-F49015649E87}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{06012B99-2F56-4984-8280-F49015649E87}, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.InetStat, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IEXPLORE.EXE, In Quarantäne, [4b211c1a7425ae8851eaa07c0ef6c838], 
PUP.Optional.InetStat, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IEXPLORE.EXE, In Quarantäne, [4b211c1a7425ae8851eaa07c0ef6c838], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\ProductivityBoss_e5, In Quarantäne, [5d0f1323019880b6bb53edd17e8545bb], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{190F204E-0647-415A-8D7D-3E8B8B296BCB}, In Quarantäne, [70fc72c4d6c3b0864a8b0eaf986be51b], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21F21DA6-1B78-4981-9EEF-F03D20AC7C42}, In Quarantäne, [e68660d65a3f31054a8b58659e658779], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6A113A86-FDE2-4C7B-8767-F1621865EBF5}, In Quarantäne, [1953092db8e1dc5abe17e6d72cd76997], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C37884B1-D4F6-4FC9-B12E-68DF687499A5}, In Quarantäne, [165662d4adec5dd9bc19d6e7cf34827e], 
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\SLIMWARE UTILITIES INC\DriverUpdate, In Quarantäne, [75f74ee8029794a25278a90237cc9a66], 
PUP.Optional.MindSpark, HKU\S-1-5-21-681885862-1274788781-1503667042-1001\SOFTWARE\ProductivityBoss_e5, In Quarantäne, [2349db5b8d0c8aac301c0fae996abd43], 
PUP.Optional.MindSpark, HKU\S-1-5-21-681885862-1274788781-1503667042-1001\SOFTWARE\APPDATALOW\SOFTWARE\ProductivityBoss_e5, In Quarantäne, [bab20e286e2b79bd0764a3196f94b848], 

Registrierungswerte: 11
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ProductivityBoss EPM Support, "C:\PROGRA~2\PRODUC~1\bar\1.bin\e5medint.exe" t8EPMSup.dll,S, In Quarantäne, [6ffdb482cacf53e3c61ba5213cc8916f]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{EA729DF7-FEA8-443C-8781-327FA3AB7529}, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.MindSpark, HKU\S-1-5-21-681885862-1274788781-1503667042-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{cf7c1ceb-1fb1-417f-bb89-821eebc91a22}, In Quarantäne, [b2ba092d39600c2a8d6cf08a9270c53b], 
PUP.Optional.MindSpark, HKU\S-1-5-21-681885862-1274788781-1503667042-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{CF7C1CEB-1FB1-417F-BB89-821EEBC91A22}, In Quarantäne, [b2ba092d39600c2a8d6cf08a9270c53b], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{ea729df7-fea8-443c-8781-327fa3ab7529}, In Quarantäne, [4329c4725e3b05319083aac4946e9f61], 
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{190f204e-0647-415a-8d7d-3e8b8b296bcb}|AppPath, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin, In Quarantäne, [70fc72c4d6c3b0864a8b0eaf986be51b]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21f21da6-1b78-4981-9eef-f03d20ac7c42}|AppPath, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin, In Quarantäne, [e68660d65a3f31054a8b58659e658779]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6a113a86-fde2-4c7b-8767-f1621865ebf5}|AppPath, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin, In Quarantäne, [1953092db8e1dc5abe17e6d72cd76997]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9b667db4-ae4b-4d59-a2a3-d12a41a2f2cf}|AppPath, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin, In Quarantäne, [72fa5adc59401521cc09457858ab6f91]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c37884b1-d4f6-4fc9-b12e-68df687499a5}|AppPath, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin, In Quarantäne, [165662d4adec5dd9bc19d6e7cf34827e]
PUP.Optional.MindSpark, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ProductivityBoss_e5Service|ImagePath, C:\PROGRA~2\PRODUC~1\bar\1.bin\e5barsvc.exe, In Quarantäne, [afbdbc7ad0c994a28faed5e958ab09f7]

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 25
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Images, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin, Löschen bei Neustart, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\assists, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\assists\Apa, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\assists\Apa\Bar, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\assists\Apa\Dialog, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\assists\ie_default_search_provider, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\assists\ie_enable, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar, Löschen bei Neustart, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\assists, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\gen1, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\Message, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\Settings, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.InetStat, C:\Users\Erwin\AppData\Roaming\InetStat, In Quarantäne, [4b211c1a7425ae8851eaa07c0ef6c838], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5, Löschen bei Neustart, [ef7d85b19dfc78bee3a14f5a5ca6d62a], 
PUP.Optional.MindSpark, C:\Users\Erwin\AppData\LocalLow\ProductivityBoss_e5, In Quarantäne, [f973c4723168cd69fc2e76341fe39a66], 
PUP.Optional.MindSpark, C:\Users\Erwin\AppData\LocalLow\ProductivityBoss_e5\bar, In Quarantäne, [f973c4723168cd69fc2e76341fe39a66], 
PUP.Optional.MindSpark, C:\Users\Erwin\AppData\LocalLow\ProductivityBoss_e5\bar\Assists, In Quarantäne, [f973c4723168cd69fc2e76341fe39a66], 
PUP.Optional.MindSpark, C:\Users\Erwin\AppData\LocalLow\ProductivityBoss_e5\bar\Assists\common, In Quarantäne, [f973c4723168cd69fc2e76341fe39a66], 
PUP.Optional.MindSpark, C:\Users\Erwin\AppData\LocalLow\ProductivityBoss_e5\bar\Settings, In Quarantäne, [f973c4723168cd69fc2e76341fe39a66], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub, In Quarantäne, [2448d85eb8e161d5eed4d0ec9969e41c], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\ORJ-V7C, In Quarantäne, [2448d85eb8e161d5eed4d0ec9969e41c], 

Dateien: 165
PUP.Optional.AudioToAudioToolBar, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\e5barsvc.exe, Löschen bei Neustart, [16562115c3d689ad08669497b848ac54], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\e5medint.exe, In Quarantäne, [6ffdb482cacf53e3c61ba5213cc8916f], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\e5SrcAs.dll, In Quarantäne, [b2ba86b01485c076f5ecc8fea75d57a9], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\e5bar.dll, In Quarantäne, [e785be780d8c68ce9f42dee811f3a65a], 
PUP.Optional.PCMechanic, C:\Users\Erwin\Desktop\Favorites\Downloads\pcmechanicpm.exe, In Quarantäne, [1b5110264f4a300644841f029a671be5], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\ignores.dat, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\rupdates.db, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\settings.db, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\supdates.db, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.cat, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.inf, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.sys, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Images\acer.png, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-23  22-05-31 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-26  23-41-16 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-21  05-12-03 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-21  09-18-35 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-21  17-44-15 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-21  23-08-35 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-22  04-14-39 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-22  09-59-22 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-22  11-50-19 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-22  14-09-43 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-22  18-28-35 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-22  23-41-29 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-23  04-52-29 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-23  09-55-57 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-23  17-54-04 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-24  07-30-02 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-24  23-11-57 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-25  00-22-06 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-25  04-16-28 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-25  05-12-01 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-25  14-43-41 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-25  15-51-16 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-25  19-34-13 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-25  23-06-24 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-26  06-36-13 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-26  09-28-14 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-26  11-59-23 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-26  12-43-34 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-26  18-30-17 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-01-02  09-57-38 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-01-03  14-13-03 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-01-04  18-34-50 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-01-04  18-38-04 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-01-05  20-06-42 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2016-01-05  20-18-20 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-27  00-27-24 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-27  03-03-46 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-27  09-14-26 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-27  22-27-55 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-28  03-35-54 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-28  04-38-23 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-28  05-07-12 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-28  05-12-00 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-28  09-09-19 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-28  13-42-14 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-28  16-50-21 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-28  22-36-03 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-28  22-38-36 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-28  22-41-46 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-29  06-14-16 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-30  09-39-18 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-31  10-22-33 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-31  10-34-21 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-31  10-48-45 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.DriverUpdate, C:\Users\Erwin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-31  10-56-08 0.log, In Quarantäne, [600cdb5b52472e08f4caefbc05feab55], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\logo.bmp, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\e5htmlmu.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\AppIntegrator.exe, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\AppIntegrator64.exe, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\AppIntegratorStub.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\AppIntegratorStub64.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\AssistMonitor.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\AssistMonitor64.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\BAT.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\CrExt.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\CrExtPe5.exe, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\DpnMngr.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\e5bprtct.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\e5dlghk.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\e5dlghk64.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\e5highin.exe, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\e5httpct.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\e5idle.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\e5regiet.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\e5skin.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\e5skplay.exe, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\e5tpinst.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\FF-NativeMessagingDispatcher.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\HiddenToolbarReminder.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\HkFxMgr.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\HkFxMgr64.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\InstallEnabler.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\t8EPMSup.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\T8EXTEX.DLL, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\T8EXTPEX.DLL, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\T8HTML.DLL, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\t8Res.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\T8TICKER.DLL, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\ToolbarGuard.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\ToolbarGuard64.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\TPIManagerConsole.exe, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\Verify.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\assists\Apa\arbiter.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\assists\Apa\arbiter64.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\assists\Apa\Bar\assist.exe, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\assists\Apa\Bar\config.xml, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\assists\Apa\Dialog\assist.exe, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\assists\Apa\Dialog\config.xml, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\assists\ie_default_search_provider\arbiter.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\assists\ie_default_search_provider\arbiter64.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\assists\ie_default_search_provider\assist.exe, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\assists\ie_default_search_provider\config.xml, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\assists\ie_enable\arbiter.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\assists\ie_enable\arbiter64.dll, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\assists\ie_enable\config.xml, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\assists\common.t8s, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\gen1\common.t8s, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\Message\common.t8s, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.MindSpark, C:\Program Files (x86)\ProductivityBoss_e5\bar\Settings\s_pid.dat, In Quarantäne, [6a0275c14f4ad66067d46c7943c09f61], 
PUP.Optional.InetStat, C:\Users\Erwin\AppData\Roaming\InetStat\iexplore.exe, In Quarantäne, [4b211c1a7425ae8851eaa07c0ef6c838], 
PUP.Optional.MindSpark, C:\Users\Erwin\AppData\LocalLow\ProductivityBoss_e5\bar\Assists\common\btmarrow.png, In Quarantäne, [f973c4723168cd69fc2e76341fe39a66], 
PUP.Optional.MindSpark, C:\Users\Erwin\AppData\LocalLow\ProductivityBoss_e5\bar\Assists\common\closebtn.png, In Quarantäne, [f973c4723168cd69fc2e76341fe39a66], 
PUP.Optional.MindSpark, C:\Users\Erwin\AppData\LocalLow\ProductivityBoss_e5\bar\Assists\common\config.js, In Quarantäne, [f973c4723168cd69fc2e76341fe39a66], 
PUP.Optional.MindSpark, C:\Users\Erwin\AppData\LocalLow\ProductivityBoss_e5\bar\Assists\common\dispatch.js, In Quarantäne, [f973c4723168cd69fc2e76341fe39a66], 
PUP.Optional.MindSpark, C:\Users\Erwin\AppData\LocalLow\ProductivityBoss_e5\bar\Assists\common\index.htm, In Quarantäne, [f973c4723168cd69fc2e76341fe39a66], 
PUP.Optional.MindSpark, C:\Users\Erwin\AppData\LocalLow\ProductivityBoss_e5\bar\Assists\common\infobar.js, In Quarantäne, [f973c4723168cd69fc2e76341fe39a66], 
PUP.Optional.MindSpark, C:\Users\Erwin\AppData\LocalLow\ProductivityBoss_e5\bar\Assists\common\jquery.js, In Quarantäne, [f973c4723168cd69fc2e76341fe39a66], 
PUP.Optional.MindSpark, C:\Users\Erwin\AppData\LocalLow\ProductivityBoss_e5\bar\Assists\common\localizedStrings.js, In Quarantäne, [f973c4723168cd69fc2e76341fe39a66], 
PUP.Optional.MindSpark, C:\Users\Erwin\AppData\LocalLow\ProductivityBoss_e5\bar\Assists\common\overlay.js, In Quarantäne, [f973c4723168cd69fc2e76341fe39a66], 
PUP.Optional.MindSpark, C:\Users\Erwin\AppData\LocalLow\ProductivityBoss_e5\bar\Assists\common\pid.js, In Quarantäne, [f973c4723168cd69fc2e76341fe39a66], 
PUP.Optional.MindSpark, C:\Users\Erwin\AppData\LocalLow\ProductivityBoss_e5\bar\Assists\common\qstring.js, In Quarantäne, [f973c4723168cd69fc2e76341fe39a66], 
PUP.Optional.MindSpark, C:\Users\Erwin\AppData\LocalLow\ProductivityBoss_e5\bar\Assists\common\toolbar.js, In Quarantäne, [f973c4723168cd69fc2e76341fe39a66], 
PUP.Optional.MindSpark, C:\Users\Erwin\AppData\LocalLow\ProductivityBoss_e5\bar\Assists\common\yellowbg_100.png, In Quarantäne, [f973c4723168cd69fc2e76341fe39a66], 
PUP.Optional.MindSpark, C:\Users\Erwin\AppData\LocalLow\ProductivityBoss_e5\bar\Assists\common\yellowbg_125.png, In Quarantäne, [f973c4723168cd69fc2e76341fe39a66], 
PUP.Optional.MindSpark, C:\Users\Erwin\AppData\LocalLow\ProductivityBoss_e5\bar\Assists\common\yellowbg_150.png, In Quarantäne, [f973c4723168cd69fc2e76341fe39a66], 
PUP.Optional.MindSpark, C:\Users\Erwin\AppData\LocalLow\ProductivityBoss_e5\bar\Assists\common\zEnable.css, In Quarantäne, [f973c4723168cd69fc2e76341fe39a66], 
PUP.Optional.MindSpark, C:\Users\Erwin\AppData\LocalLow\ProductivityBoss_e5\bar\Assists\common\zEnable.htm, In Quarantäne, [f973c4723168cd69fc2e76341fe39a66], 
PUP.Optional.MindSpark, C:\Users\Erwin\AppData\LocalLow\ProductivityBoss_e5\bar\Assists\common\zEnable.js, In Quarantäne, [f973c4723168cd69fc2e76341fe39a66], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\ORJ-V7C\Stb7f8974ec-55f0-477d-9a3f-045ebf9d7b55.log, In Quarantäne, [2448d85eb8e161d5eed4d0ec9969e41c], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\ORJ-V7C\Msi446b0e7c-6c22-4a7b-816b-b12713ef23ef.log, In Quarantäne, [2448d85eb8e161d5eed4d0ec9969e41c], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\ORJ-V7C\Msi57453703-df3f-4d22-a61a-e76d2509d8b6.log, In Quarantäne, [2448d85eb8e161d5eed4d0ec9969e41c], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\ORJ-V7C\Msi5a16cd0a-b0e4-4620-bdfa-e14530ad1fc8.log, In Quarantäne, [2448d85eb8e161d5eed4d0ec9969e41c], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\ORJ-V7C\Msi83584f05-4f7f-4a42-b1a1-51560201b30f.log, In Quarantäne, [2448d85eb8e161d5eed4d0ec9969e41c], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\ORJ-V7C\Msia9f8536d-8e78-43be-ae83-c4df9e64e6da.log, In Quarantäne, [2448d85eb8e161d5eed4d0ec9969e41c], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\ORJ-V7C\Msic4ba488e-8143-4967-b56f-1a6330cb89e2.log, In Quarantäne, [2448d85eb8e161d5eed4d0ec9969e41c], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\ORJ-V7C\Msie7201df2-4665-4895-934e-dea67e4bb4f9.log, In Quarantäne, [2448d85eb8e161d5eed4d0ec9969e41c], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\ORJ-V7C\Msif3f4a8b7-4f88-4bf0-8742-aa1be702d84b.log, In Quarantäne, [2448d85eb8e161d5eed4d0ec9969e41c], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\ORJ-V7C\Msif4936a09-4d13-4685-ac6a-f0089c6c2c88.log, In Quarantäne, [2448d85eb8e161d5eed4d0ec9969e41c], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\ORJ-V7C\Msif8d4c8b8-d152-4211-88a3-704f6b84e5fb.log, In Quarantäne, [2448d85eb8e161d5eed4d0ec9969e41c], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\ORJ-V7C\Stb446b0e7c-6c22-4a7b-816b-b12713ef23ef.log, In Quarantäne, [2448d85eb8e161d5eed4d0ec9969e41c], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\ORJ-V7C\Stb57453703-df3f-4d22-a61a-e76d2509d8b6.log, In Quarantäne, [2448d85eb8e161d5eed4d0ec9969e41c], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\ORJ-V7C\Stb5a16cd0a-b0e4-4620-bdfa-e14530ad1fc8.log, In Quarantäne, [2448d85eb8e161d5eed4d0ec9969e41c], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\ORJ-V7C\Stb83584f05-4f7f-4a42-b1a1-51560201b30f.log, In Quarantäne, [2448d85eb8e161d5eed4d0ec9969e41c], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\ORJ-V7C\Stba9f8536d-8e78-43be-ae83-c4df9e64e6da.log, In Quarantäne, [2448d85eb8e161d5eed4d0ec9969e41c], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\ORJ-V7C\Stbc4ba488e-8143-4967-b56f-1a6330cb89e2.log, In Quarantäne, [2448d85eb8e161d5eed4d0ec9969e41c], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\ORJ-V7C\Stbc675dbb2-3e0a-4109-9ba0-788229de0d98.log, In Quarantäne, [2448d85eb8e161d5eed4d0ec9969e41c], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\ORJ-V7C\Stbcabc62e1-4574-4dcb-ab4b-87d46768dbd3.log, In Quarantäne, [2448d85eb8e161d5eed4d0ec9969e41c], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\ORJ-V7C\Stbe7201df2-4665-4895-934e-dea67e4bb4f9.log, In Quarantäne, [2448d85eb8e161d5eed4d0ec9969e41c], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\ORJ-V7C\Stbec4a6922-c92c-447c-9e6b-d6b7e25a954d.log, In Quarantäne, [2448d85eb8e161d5eed4d0ec9969e41c], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\ORJ-V7C\Stbf3f4a8b7-4f88-4bf0-8742-aa1be702d84b.log, In Quarantäne, [2448d85eb8e161d5eed4d0ec9969e41c], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\ORJ-V7C\Stbf4936a09-4d13-4685-ac6a-f0089c6c2c88.log, In Quarantäne, [2448d85eb8e161d5eed4d0ec9969e41c], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\ORJ-V7C\Stbf8d4c8b8-d152-4211-88a3-704f6b84e5fb.log, In Quarantäne, [2448d85eb8e161d5eed4d0ec9969e41c], 

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

Jidddooo · 06.01.2016, 20:28

hier der TDSSKiller.log

Code:

ATTFilter

20:09:22.0479 0x063c  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
20:09:22.0479 0x063c  UEFI system
20:09:27.0057 0x063c  ============================================================
20:09:27.0057 0x063c  Current date / time: 2016/01/06 20:09:27.0057
20:09:27.0057 0x063c  SystemInfo:
20:09:27.0057 0x063c  
20:09:27.0057 0x063c  OS Version: 6.3.9600 ServicePack: 0.0
20:09:27.0057 0x063c  Product type: Workstation
20:09:27.0057 0x063c  ComputerName: ERWINFRIESEN
20:09:27.0057 0x063c  UserName: Erwin
20:09:27.0057 0x063c  Windows directory: C:\WINDOWS
20:09:27.0057 0x063c  System windows directory: C:\WINDOWS
20:09:27.0057 0x063c  Running under WOW64
20:09:27.0057 0x063c  Processor architecture: Intel x64
20:09:27.0057 0x063c  Number of processors: 4
20:09:27.0057 0x063c  Page size: 0x1000
20:09:27.0057 0x063c  Boot type: Normal boot
20:09:27.0057 0x063c  ============================================================
20:09:27.0370 0x063c  KLMD registered as C:\WINDOWS\system32\drivers\35942789.sys
20:09:27.0604 0x063c  System UUID: {3255900E-BFD3-B38D-2695-F02E4DC738ED}
20:09:28.0104 0x063c  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:09:28.0120 0x063c  ============================================================
20:09:28.0120 0x063c  \Device\Harddisk0\DR0:
20:09:28.0120 0x063c  GPT partitions:
20:09:28.0120 0x063c  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {66C71457-635D-4660-A3A6-33FDE37253E5}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
20:09:28.0120 0x063c  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {ABED61D8-B182-489F-9580-41754E544337}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x96000
20:09:28.0120 0x063c  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {084F9F0D-2DD7-4BC8-BB97-CBF01AA7F7FB}, Name: Microsoft reserved partition, StartLBA 0x15E800, BlocksNum 0x40000
20:09:28.0120 0x063c  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {A9B99C66-5932-4964-9039-FD50132F5C30}, Name: Basic data partition, StartLBA 0x19E800, BlocksNum 0x1BFFD000
20:09:28.0120 0x063c  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {27287B45-8E70-402C-A5B3-8113D48A4E01}, Name: , StartLBA 0x1C19B800, BlocksNum 0xE1000
20:09:28.0120 0x063c  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {F2C44FD5-672F-4742-AA19-E4BE2A2C68D6}, Name: , StartLBA 0x1C27C800, BlocksNum 0xAF000
20:09:28.0120 0x063c  \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {55F85081-C005-467F-96D9-409E902F8379}, Name: Basic data partition, StartLBA 0x1C32B800, BlocksNum 0x1C259000
20:09:28.0120 0x063c  \Device\Harddisk0\DR0\Partition8: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {71EE3DB5-EAB4-4512-A343-5FAD6C3905D7}, Name: Basic data partition, StartLBA 0x38584800, BlocksNum 0x1E00800
20:09:28.0120 0x063c  MBR partitions:
20:09:28.0120 0x063c  ============================================================
20:09:28.0151 0x063c  C: <-> \Device\Harddisk0\DR0\Partition4
20:09:28.0198 0x063c  D: <-> \Device\Harddisk0\DR0\Partition7
20:09:28.0198 0x063c  ============================================================
20:09:28.0198 0x063c  Initialize success
20:09:28.0198 0x063c  ============================================================
20:10:42.0655 0x0568  ============================================================
20:10:42.0655 0x0568  Scan started
20:10:42.0655 0x0568  Mode: Manual; SigCheck; TDLFS; 
20:10:42.0655 0x0568  ============================================================
20:10:42.0655 0x0568  KSN ping started
20:10:44.0999 0x0568  KSN ping finished: true
20:10:49.0733 0x0568  ================ Scan system memory ========================
20:10:49.0733 0x0568  System memory - ok
20:10:49.0733 0x0568  ================ Scan services =============================
20:10:49.0983 0x0568  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
20:10:50.0046 0x0568  1394ohci - ok
20:10:50.0077 0x0568  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
20:10:50.0077 0x0568  3ware - ok
20:10:50.0124 0x0568  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
20:10:50.0155 0x0568  ACPI - ok
20:10:50.0155 0x0568  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
20:10:50.0171 0x0568  acpiex - ok
20:10:50.0186 0x0568  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
20:10:50.0202 0x0568  acpipagr - ok
20:10:50.0249 0x0568  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
20:10:50.0296 0x0568  AcpiPmi - ok
20:10:50.0311 0x0568  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
20:10:50.0327 0x0568  acpitime - ok
20:10:50.0436 0x0568  [ 5DB2C6B908C50767E2EDAA294A7566B5, 13AE4879D679BB0C6B2A5A5B13910359815A9D2E569BC1DE740B5A387A78CF33 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:10:50.0452 0x0568  AdobeARMservice - ok
20:10:50.0593 0x0568  [ C3E7E1F3C85A6788F3BA078BA214341E, A3D72ACE045730DC1C8A6F4E3937C5C765AB447BF7C573BEC53DE8148EB4A1C8 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:10:50.0593 0x0568  AdobeFlashPlayerUpdateSvc - ok
20:10:50.0640 0x0568  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
20:10:50.0671 0x0568  ADP80XX - ok
20:10:50.0796 0x0568  [ FB3A28998A9B69E6C9790E24AF2A2877, D67F880D22B9C2F4051E8D27F2FBA413E3D1E1670A7439798008ED058F3B313B ] Advantage       C:\Program Files (x86)\Extended\ADS11.10\Server\ADS.EXE
20:10:50.0890 0x0568  Advantage - detected UnsignedFile.Multi.Generic ( 1 )
20:10:54.0327 0x0568  Advantage ( UnsignedFile.Multi.Generic ) - warning
20:10:56.0421 0x0e80  Object required for P2P: [ C3E7E1F3C85A6788F3BA078BA214341E ] AdobeFlashPlayerUpdateSvc
20:10:56.0749 0x0568  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
20:10:56.0827 0x0568  AeLookupSvc - ok
20:10:56.0874 0x0568  [ A460C3AF3755A2A79A3C8EFE72E147B5, 62CEA85DA53D86D3E7B5D79F94095C6126FFF3DEE1427BBF3DEF5EA366B4513B ] AFD             C:\WINDOWS\system32\drivers\afd.sys
20:10:56.0906 0x0568  AFD - ok
20:10:56.0999 0x0568  [ C26D6BED5F709393B75FFAFD9E68D217, D13225BB231715F37209F36FDF7BE368ABD2BC99E3174115D87157860D7F3809 ] AgendaUpdate    C:\AGENDA\WinUpdate\Prog\updatedownload.exe
20:10:57.0031 0x0568  AgendaUpdate - ok
20:10:57.0077 0x0568  [ DC7BC71F223D660C144CA316C6187C56, 42F8A2DF1C29E519571051BF4BBBCFC99ACDB04D9C7A64EE3BC6C33F16795DB1 ] AgendaUpdater   C:\AGENDA\WinUpdate\Prog\updateupdater.exe
20:10:57.0093 0x0568  AgendaUpdater - ok
20:10:57.0109 0x0568  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
20:10:57.0124 0x0568  agp440 - ok
20:10:57.0156 0x0568  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
20:10:57.0187 0x0568  ahcache - ok
20:10:57.0202 0x0568  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\WINDOWS\System32\alg.exe
20:10:57.0234 0x0568  ALG - ok
20:10:57.0265 0x0568  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
20:10:57.0296 0x0568  AmdK8 - ok
20:10:57.0312 0x0568  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
20:10:57.0327 0x0568  AmdPPM - ok
20:10:57.0343 0x0568  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
20:10:57.0359 0x0568  amdsata - ok
20:10:57.0374 0x0568  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
20:10:57.0390 0x0568  amdsbs - ok
20:10:57.0406 0x0568  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
20:10:57.0406 0x0568  amdxata - ok
20:10:57.0437 0x0568  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\WINDOWS\system32\drivers\appid.sys
20:10:57.0468 0x0568  AppID - ok
20:10:57.0499 0x0568  [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
20:10:57.0531 0x0568  AppIDSvc - ok
20:10:57.0546 0x0568  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
20:10:57.0609 0x0568  Appinfo - ok
20:10:57.0640 0x0568  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
20:10:57.0687 0x0568  AppReadiness - ok
20:10:57.0749 0x0568  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
20:10:57.0812 0x0568  AppXSvc - ok
20:10:57.0827 0x0568  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
20:10:57.0843 0x0568  arcsas - ok
20:10:57.0874 0x0568  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
20:10:57.0874 0x0568  atapi - ok
20:10:57.0906 0x0568  [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
20:10:57.0952 0x0568  AudioEndpointBuilder - ok
20:10:57.0999 0x0568  [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
20:10:58.0015 0x0568  Audiosrv - ok
20:10:58.0109 0x0568  [ F21955927D1C99206A8B91DE2CCE85E1, 26A6155CF46123C489CBE19B5B3E3B0D9ED02C9388E57058724B0FFB7D7C08B5 ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
20:10:58.0109 0x0568  Avira.OE.ServiceHost - ok
20:10:58.0156 0x0568  [ 0D2F8F4055903A762AD46204E5A42E86, D3270039E4F066C69D844060388D3F895137C37C0FBE4C106BE1C71AE9DBC17A ] AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
20:10:58.0171 0x0568  AVP - ok
20:10:58.0202 0x0568  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
20:10:58.0249 0x0568  AxInstSV - ok
20:10:58.0343 0x0568  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
20:10:58.0359 0x0568  b06bdrv - ok
20:10:58.0390 0x0568  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
20:10:58.0437 0x0568  BasicDisplay - ok
20:10:58.0437 0x0568  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
20:10:58.0484 0x0568  BasicRender - ok
20:10:58.0499 0x0568  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
20:10:58.0499 0x0568  bcmfn2 - ok
20:10:58.0531 0x0568  [ 4B6F61BD394DCEDA9B06D702836531C2, 83C739467BD9A00FE09BCE83BB9409EA2DA62FCDD2384F9EE98626226223E918 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
20:10:58.0577 0x0568  BDESVC - ok
20:10:58.0609 0x0568  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
20:10:58.0656 0x0568  Beep - ok
20:10:58.0702 0x0568  [ 8F2AD111B47A190F325EE7495D3C1803, C61F1506E74A9EFBB61B8A06B30886B6E891C33211F755F30B924EBA202ECEC5 ] BFE             C:\WINDOWS\System32\bfe.dll
20:10:58.0781 0x0568  BFE - ok
20:10:58.0827 0x0568  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\WINDOWS\System32\qmgr.dll
20:10:58.0890 0x0568  BITS - ok
20:10:58.0921 0x0568  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
20:10:58.0968 0x0568  bowser - ok
20:10:59.0015 0x0568  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
20:10:59.0031 0x0568  BrokerInfrastructure - ok
20:10:59.0062 0x0568  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\WINDOWS\System32\browser.dll
20:10:59.0077 0x0568  Browser - ok
20:10:59.0109 0x0568  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
20:10:59.0156 0x0568  BthAvrcpTg - ok
20:10:59.0187 0x0568  [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum         C:\WINDOWS\system32\DRIVERS\BthEnum.sys
20:10:59.0218 0x0568  BthEnum - ok
20:10:59.0234 0x0568  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
20:10:59.0281 0x0568  BthHFEnum - ok
20:10:59.0281 0x0568  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
20:10:59.0296 0x0568  bthhfhid - ok
20:10:59.0328 0x0568  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
20:10:59.0359 0x0568  BthHFSrv - ok
20:10:59.0359 0x0568  [ 66B791F6B11DC4303DD18A224A501542, 502AE4D6FFC6B0FCED081B0E0F61F699F96F20DFEE737B53828F5DEE3BD0FCB1 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
20:10:59.0421 0x0568  BTHMODEM - ok
20:10:59.0453 0x0568  [ FEA8FC81431AD93F44D5FBFBBF096AA7, C0581DF6B2AD24836604B083F4866F93A3F4D9091D382029948A5E6221EDF788 ] BthPan          C:\WINDOWS\system32\DRIVERS\bthpan.sys
20:10:59.0484 0x0568  BthPan - ok
20:10:59.0578 0x0568  [ 0CC00ADC1B84C93FB46E1A0974E956E1, 64C759244651B916901F4D0C82C3D6034532A20714A72FD26FC9D050B99E230B ] BTHPORT         C:\WINDOWS\System32\Drivers\BTHport.sys
20:10:59.0624 0x0568  BTHPORT - ok
20:10:59.0656 0x0568  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\WINDOWS\system32\bthserv.dll
20:10:59.0703 0x0568  bthserv - ok
20:10:59.0734 0x0568  [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB          C:\WINDOWS\System32\Drivers\BTHUSB.sys
20:10:59.0765 0x0568  BTHUSB - ok
20:10:59.0874 0x0568  [ C559192F03D0881B620DAB3777A62063, E7F94A3D427491E6287B803E18C40EC6C685F749A1B03417C0C30DF75C232674 ] CCDMonitorService C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
20:10:59.0906 0x0568  CCDMonitorService - ok
20:10:59.0906 0x0e80  Object send P2P result: true
20:10:59.0921 0x0568  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
20:10:59.0953 0x0568  cdfs - ok
20:10:59.0968 0x0568  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
20:10:59.0984 0x0568  cdrom - ok
20:11:00.0015 0x0568  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
20:11:00.0062 0x0568  CertPropSvc - ok
20:11:00.0093 0x0568  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
20:11:00.0109 0x0568  circlass - ok
20:11:00.0140 0x0568  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
20:11:00.0156 0x0568  CLFS - ok
20:11:00.0187 0x0568  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
20:11:00.0203 0x0568  CmBatt - ok
20:11:00.0249 0x0568  [ 0DE32A0BB1FE2A773666572F79584520, C417C12476B937265BEDC9A2C3C3F6C50FD19AEC096362337B0921627A2A92EA ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
20:11:00.0265 0x0568  CNG - ok
20:11:00.0281 0x0568  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
20:11:00.0296 0x0568  CompositeBus - ok
20:11:00.0296 0x0568  COMSysApp - ok
20:11:00.0312 0x0568  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
20:11:00.0343 0x0568  condrv - ok
20:11:00.0421 0x0568  [ 6DB7264A95FE984FFA072BA79FA087C8, CF180663B24B1660CD04CB26D8663FB7F357C9CF5731B315635D63B7DB76BCEC ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
20:11:00.0437 0x0568  cphs - ok
20:11:00.0468 0x0568  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
20:11:00.0515 0x0568  CryptSvc - ok
20:11:00.0546 0x0568  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\WINDOWS\system32\drivers\dam.sys
20:11:00.0562 0x0568  dam - ok
20:11:00.0609 0x0568  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
20:11:00.0656 0x0568  DcomLaunch - ok
20:11:00.0687 0x0568  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
20:11:00.0734 0x0568  defragsvc - ok
20:11:00.0781 0x0568  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
20:11:00.0828 0x0568  DeviceAssociationService - ok
20:11:00.0953 0x0568  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
20:11:00.0984 0x0568  DeviceInstall - ok
20:11:01.0031 0x0568  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
20:11:01.0078 0x0568  Dfsc - ok
20:11:01.0078 0x0568  dgderdrv - ok
20:11:01.0093 0x0568  [ 5492F6FB1F32E10AEF02679872AFD194, 470A0C39734E261DC7443C8E59ECE89A7E367ABCFC15AA325EB995452C3973AA ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
20:11:01.0109 0x0568  dg_ssudbus - ok
20:11:01.0203 0x0568  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
20:11:01.0265 0x0568  Dhcp - ok
20:11:01.0328 0x0568  [ 21EDAD8188372C912B7BB9B1C6CB0D38, 4A102745DE8A2A82D2C069B30503BF9FF2312A035A82854F84EF9C27E3533CEE ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
20:11:01.0421 0x0568  DiagTrack - ok
20:11:01.0453 0x0568  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
20:11:01.0468 0x0568  disk - ok
20:11:01.0484 0x0568  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
20:11:01.0531 0x0568  dmvsc - ok
20:11:01.0609 0x0568  [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
20:11:01.0640 0x0568  Dnscache - ok
20:11:01.0656 0x0568  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
20:11:01.0703 0x0568  dot3svc - ok
20:11:01.0750 0x0568  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\WINDOWS\system32\dps.dll
20:11:01.0765 0x0568  DPS - ok
20:11:01.0796 0x0568  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
20:11:01.0796 0x0568  drmkaud - ok
20:11:01.0828 0x0568  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
20:11:01.0843 0x0568  DsmSvc - ok
20:11:01.0906 0x0568  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
20:11:01.0953 0x0568  DXGKrnl - ok
20:11:01.0984 0x0568  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
20:11:02.0015 0x0568  Eaphost - ok
20:11:02.0109 0x0568  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
20:11:02.0218 0x0568  ebdrv - ok
20:11:02.0265 0x0568  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\WINDOWS\System32\lsass.exe
20:11:02.0265 0x0568  EFS - ok
20:11:02.0343 0x0568  [ AD23FC5DB336CA89A6FC2DA1F70E421C, 8C543A0057873B71F19D4D94249D6690F27708FB4D6F4056EC87DF33D7D120EF ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
20:11:02.0343 0x0568  EgisTec Ticket Service - ok
20:11:02.0390 0x0568  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
20:11:02.0390 0x0568  EhStorClass - ok
20:11:02.0421 0x0568  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
20:11:02.0421 0x0568  EhStorTcgDrv - ok
20:11:02.0515 0x0568  [ 3D897AAAAC4BC8D6F069DA3BB65D136D, 65FAD19C638AE65FB29587EF980FB6EF12B528274469403281A5DCDD1E46C1DB ] ePowerSvc       C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
20:11:02.0531 0x0568  ePowerSvc - ok
20:11:02.0578 0x0568  [ 649A7B20A642BC2457E09EC3BB501CFC, E05DDCDE327FB97C161A51D17D9F5817D00CF7577070BE481D9C747CE10BAE22 ] EpsonCustomerResearchParticipation C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
20:11:02.0593 0x0568  EpsonCustomerResearchParticipation - ok
20:11:02.0625 0x0568  [ D315FF43E23DF424ECEC2F6C930203E4, 68940EDA34DC4945CDD0D8018D96A0DA8F99F16A930946D14E4FECEE033FCB80 ] EpsonScanSvc    C:\WINDOWS\system32\EscSvc64.exe
20:11:02.0640 0x0568  EpsonScanSvc - ok
20:11:02.0671 0x0568  [ 86032A47AD0105130FE7808C903E2086, ACCCA35483B7E8F9FC72A65031E024C469DF94FCCF2C5CC37C9B3BED4F1C676E ] EPSON_PM_RPCV4_06 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
20:11:02.0687 0x0568  EPSON_PM_RPCV4_06 - ok
20:11:02.0703 0x0568  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
20:11:02.0718 0x0568  ErrDev - ok
20:11:02.0765 0x0568  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\WINDOWS\system32\es.dll
20:11:02.0812 0x0568  EventSystem - ok
20:11:02.0843 0x0568  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
20:11:02.0906 0x0568  exfat - ok
20:11:02.0921 0x0568  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
20:11:02.0937 0x0568  fastfat - ok
20:11:02.0984 0x0568  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\WINDOWS\system32\fxssvc.exe
20:11:03.0046 0x0568  Fax - ok
20:11:03.0078 0x0568  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
20:11:03.0093 0x0568  fdc - ok
20:11:03.0125 0x0568  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
20:11:03.0156 0x0568  fdPHost - ok
20:11:03.0203 0x0568  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
20:11:03.0218 0x0568  FDResPub - ok
20:11:03.0250 0x0568  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
20:11:03.0281 0x0568  fhsvc - ok
20:11:03.0296 0x0568  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
20:11:03.0312 0x0568  FileInfo - ok
20:11:03.0343 0x0568  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
20:11:03.0359 0x0568  Filetrace - ok
20:11:03.0390 0x0568  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
20:11:03.0421 0x0568  flpydisk - ok
20:11:03.0453 0x0568  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
20:11:03.0468 0x0568  FltMgr - ok
20:11:03.0531 0x0568  [ 2F225BC85B84C04EA01BAB8D8DACFA83, 1F6E20C8F0FFD3FA60BDF556FB8392FE014E6519C3F314D1D22D394DB2A040CA ] FontCache       C:\WINDOWS\system32\FntCache.dll
20:11:03.0593 0x0568  FontCache - ok
20:11:03.0703 0x0568  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:11:03.0703 0x0568  FontCache3.0.0.0 - ok
20:11:03.0734 0x0568  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
20:11:03.0750 0x0568  FsDepends - ok
20:11:03.0765 0x0568  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:11:03.0765 0x0568  Fs_Rec - ok
20:11:03.0796 0x0568  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
20:11:03.0812 0x0568  fvevol - ok
20:11:03.0843 0x0568  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
20:11:03.0859 0x0568  FxPPM - ok
20:11:03.0875 0x0568  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
20:11:03.0890 0x0568  gagp30kx - ok
20:11:03.0921 0x0568  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
20:11:03.0937 0x0568  gencounter - ok
20:11:04.0000 0x0568  [ E870ED6C338C532CA425D4B9F3B116AF, F02E24AAD6C12E48A06700CDD5C5BA15029D4427A44BBB5A486E3DE262B0B355 ] GoToAssist      C:\Program Files (x86)\Citrix\GoToAssist Corporate\1055\G2AC_Service.exe
20:11:04.0015 0x0568  GoToAssist - ok
20:11:04.0031 0x0568  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
20:11:04.0047 0x0568  GPIOClx0101 - ok
20:11:04.0093 0x0568  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
20:11:04.0156 0x0568  gpsvc - ok
20:11:04.0218 0x0568  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:11:04.0218 0x0568  gupdate - ok
20:11:04.0218 0x0568  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:11:04.0234 0x0568  gupdatem - ok
20:11:04.0297 0x0568  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
20:11:04.0328 0x0568  HDAudBus - ok
20:11:04.0359 0x0568  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
20:11:04.0390 0x0568  HidBatt - ok
20:11:04.0422 0x0568  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
20:11:04.0437 0x0568  HidBth - ok
20:11:04.0453 0x0568  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
20:11:04.0468 0x0568  hidi2c - ok
20:11:04.0500 0x0568  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
20:11:04.0500 0x0568  HidIr - ok
20:11:04.0547 0x0568  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\WINDOWS\system32\hidserv.dll
20:11:04.0578 0x0568  hidserv - ok
20:11:04.0609 0x0568  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
20:11:04.0625 0x0568  HidUsb - ok
20:11:04.0672 0x0568  [ 29F981739E50305128022CBE10B3659C, 25060937145B0DCA8CD088E78993BFEF1430CDDFF433E606AFC93993CBBF4B3E ] HipShieldK      C:\WINDOWS\system32\drivers\HipShieldK.sys
20:11:04.0672 0x0568  HipShieldK - ok
20:11:04.0718 0x0568  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
20:11:04.0750 0x0568  hkmsvc - ok
20:11:04.0781 0x0568  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
20:11:04.0828 0x0568  HomeGroupListener - ok
20:11:04.0875 0x0568  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
20:11:04.0890 0x0568  HomeGroupProvider - ok
20:11:04.0937 0x0568  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
20:11:04.0953 0x0568  HpSAMD - ok
20:11:05.0000 0x0568  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
20:11:05.0031 0x0568  HTTP - ok
20:11:05.0062 0x0568  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
20:11:05.0062 0x0568  hwpolicy - ok
20:11:05.0078 0x0568  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
20:11:05.0093 0x0568  hyperkbd - ok
20:11:05.0109 0x0568  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
20:11:05.0125 0x0568  HyperVideo - ok
20:11:05.0156 0x0568  [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
20:11:05.0187 0x0568  i8042prt - ok
20:11:05.0203 0x0568  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
20:11:05.0218 0x0568  iaLPSSi_GPIO - ok
20:11:05.0234 0x0568  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
20:11:05.0234 0x0568  iaLPSSi_I2C - ok
20:11:05.0265 0x0568  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
20:11:05.0281 0x0568  iaStorAV - ok
20:11:05.0312 0x0568  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
20:11:05.0328 0x0568  iaStorV - ok
20:11:05.0703 0x0568  [ ABEFA4BD23329FD9BD47496BF2E58774, 9689D4C6380735EE1CC7F480696CDDC229E0FA511942AC813314D353584D82DD ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
20:11:05.0781 0x0568  IconMan_R - detected UnsignedFile.Multi.Generic ( 1 )
20:11:08.0140 0x0568  Detect skipped due to KSN trusted
20:11:08.0140 0x0568  IconMan_R - ok
20:11:08.0140 0x0568  IEEtwCollectorService - ok
20:11:08.0250 0x0568  [ 0AECABC08F9AB4E504935B7662123B6E, 79D1C801A8FB0920469D6088158C518481485A065E8AF2E580FE4FCC1DE8F39B ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
20:11:08.0390 0x0568  igfx - ok
20:11:08.0437 0x0568  [ AF8A43C376F83A4A1E7DA16461EDE114, EBA10519B074888355A4FC11D52FF1E6A52F88F754B7F1F9863A8313638645CB ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
20:11:08.0484 0x0568  IKEEXT - ok
20:11:08.0515 0x0568  [ F0F581A2299CB2BAB1DF2597BCDDB80F, EE485AF3049C87666BC6D6BFFC8A0EB4B95831D9061EB81848ECEE29C4232BF4 ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
20:11:08.0515 0x0568  intaud_WaveExtensible - ok
20:11:08.0640 0x0568  [ F1A3ECE3809AF333810ED0A872200226, BF1CC3EE64A9BDE41A5139A56016DE79DB87212D130B6024A03206CFCF65AC72 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
20:11:08.0734 0x0568  IntcAzAudAddService - ok
20:11:08.0797 0x0568  [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
20:11:08.0812 0x0568  IntcDAud - ok
20:11:08.0875 0x0568  [ B353F1834FCD36D77BE3F74992C147D4, BFBC42B500FC7D6D2B523F988DD54156D2B6132CBE366EB591BF45556959A8E9 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
20:11:08.0890 0x0568  Intel(R) Capability Licensing Service Interface - ok
20:11:08.0906 0x0568  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
20:11:08.0922 0x0568  intelide - ok
20:11:08.0937 0x0568  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
20:11:08.0953 0x0568  intelpep - ok
20:11:08.0984 0x0568  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
20:11:09.0016 0x0568  intelppm - ok
20:11:09.0047 0x0568  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:11:09.0094 0x0568  IpFilterDriver - ok
20:11:09.0156 0x0568  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
20:11:09.0203 0x0568  iphlpsvc - ok
20:11:09.0234 0x0568  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
20:11:09.0281 0x0568  IPMIDRV - ok
20:11:09.0297 0x0568  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
20:11:09.0328 0x0568  IPNAT - ok
20:11:09.0344 0x0568  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
20:11:09.0359 0x0568  IRENUM - ok
20:11:09.0375 0x0568  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
20:11:09.0375 0x0568  isapnp - ok
20:11:09.0406 0x0568  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
20:11:09.0422 0x0568  iScsiPrt - ok
20:11:09.0453 0x0568  [ C2BC9AC9C6514230A481BDCA6A24BEFD, 84E41675D11EF2EEECED23C8469503C8D12810A2C6B6743D7AA322EB6DF7E68D ] iwdbus          C:\WINDOWS\System32\drivers\iwdbus.sys
20:11:09.0469 0x0568  iwdbus - ok
20:11:09.0516 0x0568  [ 5B7DE9D87B9D2713BDD6A53678DC2A49, E7A0D68FA2ED2730640F40FF59338BE173C8973BFC38286E6320CA332A39C204 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
20:11:09.0531 0x0568  jhi_service - ok
20:11:09.0562 0x0568  [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
20:11:09.0562 0x0568  kbdclass - ok
20:11:09.0578 0x0568  [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
20:11:09.0578 0x0568  kbdhid - ok
20:11:09.0609 0x0568  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
20:11:09.0656 0x0568  kdnic - ok
20:11:09.0672 0x0568  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\WINDOWS\system32\lsass.exe
20:11:09.0687 0x0568  KeyIso - ok
20:11:09.0719 0x0568  KiesAllShare - ok
20:11:09.0750 0x0568  [ 795EC29BA21F1D948FD6FD740C00B599, 780900717A812C5DB78C67057010BD62DF2C756C087599A6F8C67CB4EFA7518C ] kl1             C:\WINDOWS\system32\DRIVERS\kl1.sys
20:11:09.0766 0x0568  kl1 - ok
20:11:09.0781 0x0568  [ 2248A9F2B7704271C72E306001C7FBE0, FEC8E10F4FAB332E36C1C5801396174B4CE21186431A2A234CE49695C4674ACA ] klelam          C:\WINDOWS\system32\DRIVERS\klelam.sys
20:11:09.0781 0x0568  klelam - ok
20:11:09.0828 0x0568  [ E8D6C80D4E11383CEE269F9C27E6464C, 5E9EAD64AE221AE8BF87730A7FDDF8023805184D12A058A147ECD887FA3D3012 ] KLIF            C:\WINDOWS\system32\DRIVERS\klif.sys
20:11:09.0844 0x0568  KLIF - ok
20:11:09.0844 0x0568  [ B6822DEFE601629F19E0A2D7F0D623F2, FD71A2AA3FC4698B5436D185E2F2A3EB6A111AE8F35606E1658E2D18CE744F13 ] KLIM6           C:\WINDOWS\system32\DRIVERS\klim6.sys
20:11:09.0859 0x0568  KLIM6 - ok
20:11:09.0859 0x0568  [ B45DEC5BD71885E833DF3D837CE7C606, 8A81802122EE6BD791E36F9F27D921C9BC4D5B6604C0A79F9F1D806AD44B9869 ] klkbdflt        C:\WINDOWS\system32\DRIVERS\klkbdflt.sys
20:11:09.0859 0x0568  klkbdflt - ok
20:11:09.0875 0x0568  [ 8849D8F6259D3494E8C5C9482EE40A08, 62C60FD28916407AEF3C4F8B8FF7E5FCDFAE261E772E672E3E06F0D0CA6D6729 ] klmouflt        C:\WINDOWS\system32\DRIVERS\klmouflt.sys
20:11:09.0875 0x0568  klmouflt - ok
20:11:09.0891 0x0568  [ 8C0EC95AD65A0DE3D6C040591D02BF02, 272FB83752B73684FA7BDBE256FAFD56138E4755AAEFED9E7EF8F0E3D0ACFAF2 ] klpd            C:\WINDOWS\system32\DRIVERS\klpd.sys
20:11:09.0906 0x0568  klpd - ok
20:11:09.0906 0x0568  [ C66A4C640B7F9606668D35D726D2FF51, B6708A516D55FDDB3C5F018827D4E0B52D2B65D7B0DC33A9AECC301A05A860DE ] klwfp           C:\WINDOWS\system32\DRIVERS\klwfp.sys
20:11:09.0922 0x0568  klwfp - ok
20:11:09.0922 0x0568  KMService - ok
20:11:09.0937 0x0568  [ 91BC1C5B00275A4D7FD669EFF0DDEB2A, B745518E1916441A49565478EA77C8DBC784E7B4D9DAD1EA1F648ED1727F413D ] kneps           C:\WINDOWS\system32\DRIVERS\kneps.sys
20:11:09.0937 0x0568  kneps - ok
20:11:09.0969 0x0568  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
20:11:09.0984 0x0568  KSecDD - ok
20:11:10.0016 0x0568  [ 35C19AF2116F67914712D7C4CBE47B8C, 5F976726880A6E51D7ABFA7E3EF7294C6FB7F383DC5710A2C2EC8DD26DAEC204 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
20:11:10.0031 0x0568  KSecPkg - ok
20:11:10.0062 0x0568  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
20:11:10.0094 0x0568  ksthunk - ok
20:11:10.0109 0x0568  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
20:11:10.0141 0x0568  KtmRm - ok
20:11:10.0266 0x0568  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
20:11:10.0297 0x0568  LanmanServer - ok
20:11:10.0422 0x0568  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
20:11:10.0437 0x0568  LanmanWorkstation - ok
20:11:10.0469 0x0568  [ EAECE4EE45F0AD26E96136BF8A4CFF8E, 729BBE537F2A0A40CFAC26F65B6B2D00A94EB1E63B43E282B31E7936DABB7224 ] Lexware_Update_Service C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
20:11:10.0469 0x0568  Lexware_Update_Service - ok
20:11:10.0531 0x0568  [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
20:11:10.0594 0x0568  lfsvc - ok
20:11:10.0625 0x0568  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
20:11:10.0641 0x0568  lltdio - ok
20:11:10.0703 0x0568  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
20:11:10.0734 0x0568  lltdsvc - ok
20:11:10.0750 0x0568  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
20:11:10.0797 0x0568  lmhosts - ok
20:11:10.0859 0x0568  [ E70FD0D2C95F559A17321D831875593D, 57839ADA7CC6606D98B43FC2F4EC6F5E9B75A2F3EC937C11322201128A161E0D ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:11:10.0859 0x0568  LMS - ok
20:11:10.0906 0x0568  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
20:11:10.0922 0x0568  LSI_SAS - ok
20:11:10.0937 0x0568  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
20:11:10.0937 0x0568  LSI_SAS2 - ok
20:11:10.0953 0x0568  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
20:11:10.0969 0x0568  LSI_SAS3 - ok
20:11:10.0984 0x0568  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
20:11:10.0984 0x0568  LSI_SSS - ok
20:11:11.0047 0x0568  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\WINDOWS\System32\lsm.dll
20:11:11.0094 0x0568  LSM - ok
20:11:11.0109 0x0568  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
20:11:11.0141 0x0568  luafv - ok
20:11:11.0203 0x0568  [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
20:11:11.0203 0x0568  MBAMProtector - ok
20:11:11.0266 0x0568  [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
20:11:11.0312 0x0568  MBAMScheduler - ok
20:11:11.0344 0x0568  [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
20:11:11.0375 0x0568  MBAMService - ok
20:11:11.0406 0x0568  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
20:11:11.0422 0x0568  MBAMSwissArmy - ok
20:11:11.0438 0x0568  [ 08DECFCB9BA97786165A69AB1015BC30, EDC8C8447B57BD412E2DEBCA9B5B1B58C19D40105DC7CE9520DE214081696B05 ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
20:11:11.0469 0x0568  MBAMWebAccessControl - ok
20:11:11.0500 0x0568  [ 034606B82FA5BD3E73AB427B6D55F915, F24AA57D46F3AD5FBBE29CE9E2D8798FA1FC98A9004E10EEED3D651F52A6143B ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe
20:11:11.0516 0x0568  McComponentHostService - ok
20:11:11.0531 0x0568  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
20:11:11.0547 0x0568  megasas - ok
20:11:11.0563 0x0568  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
20:11:11.0578 0x0568  megasr - ok
20:11:11.0625 0x0568  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\WINDOWS\System32\drivers\HECIx64.sys
20:11:11.0625 0x0568  MEIx64 - ok
20:11:11.0656 0x0568  Microsoft SharePoint Workspace Audit Service - ok
20:11:11.0688 0x0568  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\WINDOWS\system32\mmcss.dll
20:11:11.0719 0x0568  MMCSS - ok
20:11:11.0750 0x0568  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
20:11:11.0766 0x0568  Modem - ok
20:11:11.0781 0x0568  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
20:11:11.0813 0x0568  monitor - ok
20:11:11.0844 0x0568  [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
20:11:11.0844 0x0568  mouclass - ok
20:11:11.0891 0x0568  [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
20:11:11.0953 0x0568  mouhid - ok
20:11:11.0984 0x0568  [ 9A788037D768809DFD677F4BA08A224A, E0686B3318F924E440ADA439D6671D44D3FF97C13D45C2E0A3A7B9E23DA38350 ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
20:11:12.0000 0x0568  mountmgr - ok
20:11:12.0031 0x0568  [ 2E1F005987F6C31ADE25B67C2D172DF6, 7DDEA05F80158FECCF37A31F056D04E8E76115B178557450056DEC516D3027C8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:11:12.0031 0x0568  MozillaMaintenance - ok
20:11:12.0063 0x0568  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
20:11:12.0109 0x0568  mpsdrv - ok
20:11:12.0156 0x0568  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
20:11:12.0188 0x0568  MpsSvc - ok
20:11:12.0234 0x0568  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
20:11:12.0266 0x0568  MRxDAV - ok
20:11:12.0297 0x0568  [ 89DE71940A0E7F5BA617AE08321EF5C3, BD056C9E18E902D6F118E59A6AC68415BFA0690A02D2B360F6C111CE3B5EAC67 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:11:12.0359 0x0568  mrxsmb - ok
20:11:12.0406 0x0568  [ BCBD64220AD85C26823453FF1DC3EFBD, 0245E3659E9135B9276F3CCFBEA0CEFFC4F4C0826F6D19B6329057620235F087 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
20:11:12.0438 0x0568  mrxsmb10 - ok
20:11:12.0484 0x0568  [ EE16457030175F449BAB0ABD279F4B6A, DF627054136079553A24AD12DC7374F1ACEEAD782EFFDC278996AD7BCCE98877 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
20:11:12.0500 0x0568  mrxsmb20 - ok
20:11:12.0531 0x0568  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
20:11:12.0547 0x0568  MsBridge - ok
20:11:12.0563 0x0568  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
20:11:12.0578 0x0568  MSDTC - ok
20:11:12.0594 0x0568  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
20:11:12.0625 0x0568  Msfs - ok
20:11:12.0656 0x0568  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
20:11:12.0672 0x0568  msgpiowin32 - ok
20:11:12.0672 0x0568  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
20:11:12.0703 0x0568  mshidkmdf - ok
20:11:12.0719 0x0568  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
20:11:12.0719 0x0568  mshidumdf - ok
20:11:12.0734 0x0568  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
20:11:12.0750 0x0568  msisadrv - ok
20:11:12.0781 0x0568  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
20:11:12.0781 0x0568  MSiSCSI - ok
20:11:12.0781 0x0568  msiserver - ok
20:11:12.0797 0x0568  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:11:12.0828 0x0568  MSKSSRV - ok
20:11:12.0859 0x0568  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
20:11:12.0906 0x0568  MsLldp - ok
20:11:12.0906 0x0568  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:11:12.0938 0x0568  MSPCLOCK - ok
20:11:12.0953 0x0568  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
20:11:12.0984 0x0568  MSPQM - ok
20:11:13.0016 0x0568  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
20:11:13.0031 0x0568  MsRPC - ok
20:11:13.0031 0x0568  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
20:11:13.0047 0x0568  mssmbios - ok
20:11:13.0063 0x0568  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
20:11:13.0063 0x0568  MSTEE - ok
20:11:13.0078 0x0568  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
20:11:13.0094 0x0568  MTConfig - ok
20:11:13.0109 0x0568  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
20:11:13.0125 0x0568  Mup - ok
20:11:13.0141 0x0568  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
20:11:13.0141 0x0568  mvumis - ok
20:11:13.0172 0x0568  [ C009123B206C56854F4E88596035231D, 670403A40B425F77C90ECB048A0C8BC11FB19E40A8CECC2C3DCF79175B745863 ] mwlPSDFilter    C:\WINDOWS\system32\DRIVERS\mwlPSDFilter.sys
20:11:13.0172 0x0568  mwlPSDFilter - ok
20:11:13.0188 0x0568  [ BF3739EEB9F008B1DEBAC115089A53F8, 8546AB69087656259BBE17D6F80F4AB164B04171673CE2BF9FFD1B5C9584E9A4 ] mwlPSDNServ     C:\WINDOWS\system32\DRIVERS\mwlPSDNServ.sys
20:11:13.0188 0x0568  mwlPSDNServ - ok
20:11:13.0203 0x0568  [ 38DD143D95E7A01B86F219DDA9C28779, 5FA8C0595CCF835DBCE1CC5322E8FD4BFB6DFB6CF869BB7CB73F919445D469AA ] mwlPSDVDisk     C:\WINDOWS\system32\DRIVERS\mwlPSDVDisk.sys
20:11:13.0203 0x0568  mwlPSDVDisk - ok
20:11:13.0281 0x0568  [ E605F35F03C881DC46902E0E2F5985B3, C97F0C733377E35B463EF7F6A5B879DA21AB512719899160C09278615FE39A21 ] MyEpson Portal Service C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe
20:11:13.0313 0x0568  MyEpson Portal Service - ok
20:11:13.0344 0x0568  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\WINDOWS\system32\qagentRT.dll
20:11:13.0375 0x0568  napagent - ok
20:11:13.0406 0x0568  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
20:11:13.0438 0x0568  NativeWifiP - ok
20:11:13.0484 0x0568  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
20:11:13.0516 0x0568  NcaSvc - ok
20:11:13.0547 0x0568  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\WINDOWS\System32\ncbservice.dll
20:11:13.0578 0x0568  NcbService - ok
20:11:13.0609 0x0568  [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
20:11:13.0641 0x0568  NcdAutoSetup - ok
20:11:13.0688 0x0568  [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
20:11:13.0734 0x0568  NDIS - ok
20:11:13.0766 0x0568  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
20:11:13.0781 0x0568  NdisCap - ok
20:11:13.0813 0x0568  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
20:11:13.0828 0x0568  NdisImPlatform - ok
20:11:13.0844 0x0568  [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:11:13.0860 0x0568  NdisTapi - ok
20:11:13.0906 0x0568  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:11:13.0953 0x0568  Ndisuio - ok
20:11:13.0953 0x0568  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
20:11:13.0969 0x0568  NdisVirtualBus - ok
20:11:14.0000 0x0568  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:11:14.0031 0x0568  NdisWan - ok
20:11:14.0031 0x0568  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:11:14.0047 0x0568  NdisWanLegacy - ok
20:11:14.0078 0x0568  [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
20:11:14.0094 0x0568  NDProxy - ok
20:11:14.0110 0x0568  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
20:11:14.0172 0x0568  Ndu - ok
20:11:14.0188 0x0568  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
20:11:14.0203 0x0568  NetBIOS - ok
20:11:14.0250 0x0568  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
20:11:14.0281 0x0568  NetBT - ok
20:11:14.0281 0x0568  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\WINDOWS\system32\lsass.exe
20:11:14.0297 0x0568  Netlogon - ok
20:11:14.0328 0x0568  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\WINDOWS\System32\netman.dll
20:11:14.0344 0x0568  Netman - ok
20:11:14.0391 0x0568  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
20:11:14.0406 0x0568  netprofm - ok
20:11:14.0453 0x0568  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:11:14.0469 0x0568  NetTcpPortSharing - ok
20:11:14.0485 0x0568  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\WINDOWS\System32\drivers\netvsc63.sys
20:11:14.0516 0x0568  netvsc - ok
20:11:14.0547 0x0568  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
20:11:14.0610 0x0568  NlaSvc - ok
20:11:14.0641 0x0568  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
20:11:14.0656 0x0568  Npfs - ok
20:11:14.0688 0x0568  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
20:11:14.0735 0x0568  npsvctrig - ok
20:11:14.0766 0x0568  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\WINDOWS\system32\nsisvc.dll
20:11:14.0781 0x0568  nsi - ok
20:11:14.0813 0x0568  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
20:11:14.0844 0x0568  nsiproxy - ok
20:11:14.0922 0x0568  [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
20:11:15.0000 0x0568  Ntfs - ok
20:11:15.0031 0x0568  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
20:11:15.0047 0x0568  Null - ok
20:11:15.0063 0x0568  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
20:11:15.0078 0x0568  nvraid - ok
20:11:15.0094 0x0568  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
20:11:15.0094 0x0568  nvstor - ok
20:11:15.0110 0x0568  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
20:11:15.0125 0x0568  nv_agp - ok
20:11:15.0172 0x0568  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:11:15.0188 0x0568  ose - ok
20:11:15.0360 0x0568  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:11:15.0485 0x0568  osppsvc - ok
20:11:15.0531 0x0568  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
20:11:15.0563 0x0568  p2pimsvc - ok
20:11:15.0594 0x0568  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
20:11:15.0641 0x0568  p2psvc - ok
20:11:15.0688 0x0568  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
20:11:15.0703 0x0568  Parport - ok
20:11:15.0750 0x0568  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
20:11:15.0766 0x0568  partmgr - ok
20:11:15.0813 0x0568  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
20:11:15.0844 0x0568  PcaSvc - ok
20:11:15.0844 0x0568  pccsmcfd - ok
20:11:15.0875 0x0568  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\WINDOWS\system32\drivers\pci.sys
20:11:15.0891 0x0568  pci - ok
20:11:15.0906 0x0568  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
20:11:15.0922 0x0568  pciide - ok
20:11:15.0938 0x0568  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
20:11:15.0953 0x0568  pcmcia - ok
20:11:15.0969 0x0568  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
20:11:15.0969 0x0568  pcw - ok
20:11:16.0000 0x0568  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
20:11:16.0016 0x0568  pdc - ok
20:11:16.0016 0x0568  PDFProFiltSrvPP - ok
20:11:16.0110 0x0568  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
20:11:16.0141 0x0568  PEAUTH - ok
20:11:16.0219 0x0568  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
20:11:16.0266 0x0568  PerfHost - ok
20:11:16.0328 0x0568  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\WINDOWS\system32\pla.dll
20:11:16.0391 0x0568  pla - ok
20:11:16.0438 0x0568  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
20:11:16.0438 0x0568  PlugPlay - ok
20:11:16.0469 0x0568  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
20:11:16.0485 0x0568  PNRPAutoReg - ok
20:11:16.0532 0x0568  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
20:11:16.0547 0x0568  PNRPsvc - ok
20:11:16.0578 0x0568  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
20:11:16.0594 0x0568  PolicyAgent - ok
20:11:16.0625 0x0568  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\WINDOWS\system32\umpo.dll
20:11:16.0688 0x0568  Power - ok
20:11:16.0813 0x0568  [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
20:11:16.0922 0x0568  PrintNotify - ok
20:11:16.0985 0x0568  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
20:11:17.0000 0x0568  Processor - ok
20:11:17.0047 0x0568  [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
20:11:17.0094 0x0568  ProfSvc - ok
20:11:17.0125 0x0568  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
20:11:17.0141 0x0568  Psched - ok
20:11:17.0188 0x0568  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\WINDOWS\system32\qwave.dll
20:11:17.0219 0x0568  QWAVE - ok
20:11:17.0250 0x0568  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
20:11:17.0266 0x0568  QWAVEdrv - ok
20:11:17.0282 0x0568  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:11:17.0313 0x0568  RasAcd - ok
20:11:17.0328 0x0568  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
20:11:17.0360 0x0568  RasAuto - ok
20:11:17.0391 0x0568  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\WINDOWS\System32\rasmans.dll
20:11:17.0422 0x0568  RasMan - ok
20:11:17.0453 0x0568  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:11:17.0469 0x0568  RasPppoe - ok
20:11:17.0500 0x0568  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:11:17.0547 0x0568  rdbss - ok
20:11:17.0578 0x0568  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
20:11:17.0610 0x0568  rdpbus - ok
20:11:17.0625 0x0568  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
20:11:17.0657 0x0568  RDPDR - ok
20:11:17.0688 0x0568  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
20:11:17.0688 0x0568  RdpVideoMiniport - ok
20:11:17.0703 0x0568  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
20:11:17.0719 0x0568  rdyboost - ok
20:11:17.0813 0x0568  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
20:11:17.0844 0x0568  ReFS - ok
20:11:17.0891 0x0568  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
20:11:17.0891 0x0568  RemoteAccess - ok
20:11:17.0907 0x0568  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
20:11:17.0938 0x0568  RemoteRegistry - ok
20:11:17.0969 0x0568  [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM          C:\WINDOWS\system32\DRIVERS\rfcomm.sys
20:11:17.0985 0x0568  RFCOMM - ok
20:11:18.0110 0x0568  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
20:11:18.0141 0x0568  RpcEptMapper - ok
20:11:18.0172 0x0568  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\WINDOWS\system32\locator.exe
20:11:18.0203 0x0568  RpcLocator - ok
20:11:18.0266 0x0568  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
20:11:18.0282 0x0568  RpcSs - ok
20:11:18.0313 0x0568  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
20:11:18.0344 0x0568  rspndr - ok
20:11:18.0391 0x0568  [ 8EB6DCEB7473C232D8BC9A886E3183AC, D81B089443306AD9D89F59DBC5F9C2F5B6A86112B4AB59316B97EE7D8B97D2FA ] RSUSBVSTOR      C:\WINDOWS\System32\Drivers\RtsUVStor.sys
20:11:18.0391 0x0568  RSUSBVSTOR - ok
20:11:18.0438 0x0568  [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168         C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
20:11:18.0453 0x0568  RTL8168 - ok
20:11:18.0469 0x0568  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
20:11:18.0500 0x0568  s3cap - ok
20:11:18.0578 0x0568  SageDB 5.0 - ok
20:11:18.0610 0x0568  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\WINDOWS\system32\lsass.exe
20:11:18.0610 0x0568  SamSs - ok
20:11:18.0657 0x0568  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
20:11:18.0657 0x0568  sbp2port - ok
20:11:18.0688 0x0568  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
20:11:18.0719 0x0568  SCardSvr - ok
20:11:18.0750 0x0568  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
20:11:18.0766 0x0568  ScDeviceEnum - ok
20:11:18.0797 0x0568  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
20:11:18.0813 0x0568  scfilter - ok
20:11:18.0860 0x0568  [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
20:11:18.0922 0x0568  Schedule - ok
20:11:18.0954 0x0568  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
20:11:18.0954 0x0568  SCPolicySvc - ok
20:11:19.0000 0x0568  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
20:11:19.0016 0x0568  sdbus - ok
20:11:19.0032 0x0568  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
20:11:19.0047 0x0568  sdstor - ok
20:11:19.0063 0x0568  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
20:11:19.0094 0x0568  secdrv - ok
20:11:19.0141 0x0568  [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\WINDOWS\system32\seclogon.dll
20:11:19.0172 0x0568  seclogon - ok
20:11:19.0188 0x0568  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\WINDOWS\System32\sens.dll
20:11:19.0219 0x0568  SENS - ok
20:11:19.0250 0x0568  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
20:11:19.0297 0x0568  SensrSvc - ok
20:11:19.0329 0x0568  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
20:11:19.0329 0x0568  SerCx - ok
20:11:19.0375 0x0568  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
20:11:19.0391 0x0568  SerCx2 - ok
20:11:19.0407 0x0568  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
20:11:19.0407 0x0568  Serenum - ok
20:11:19.0422 0x0568  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
20:11:19.0438 0x0568  Serial - ok
20:11:19.0469 0x0568  [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
20:11:19.0485 0x0568  sermouse - ok
20:11:19.0532 0x0568  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
20:11:19.0579 0x0568  SessionEnv - ok
20:11:19.0579 0x0568  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
20:11:19.0594 0x0568  sfloppy - ok
20:11:19.0641 0x0568  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
20:11:19.0672 0x0568  SharedAccess - ok
20:11:19.0688 0x0568  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:11:19.0750 0x0568  ShellHWDetection - ok
20:11:19.0782 0x0568  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
20:11:19.0782 0x0568  SiSRaid2 - ok
20:11:19.0813 0x0568  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
20:11:19.0829 0x0568  SiSRaid4 - ok
20:11:19.0860 0x0568  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\WINDOWS\System32\smphost.dll
20:11:19.0860 0x0568  smphost - ok
20:11:19.0891 0x0568  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
20:11:19.0922 0x0568  SNMPTRAP - ok
20:11:19.0954 0x0568  [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
20:11:19.0969 0x0568  spaceport - ok
20:11:19.0985 0x0568  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
20:11:19.0985 0x0568  SpbCx - ok
20:11:20.0079 0x0568  [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
20:11:20.0125 0x0568  Spooler - ok
20:11:20.0266 0x0568  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
20:11:20.0391 0x0568  sppsvc - ok
20:11:20.0438 0x0568  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
20:11:20.0500 0x0568  srv - ok
20:11:20.0547 0x0568  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
20:11:20.0579 0x0568  srv2 - ok
20:11:20.0594 0x0568  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
20:11:20.0625 0x0568  srvnet - ok
20:11:20.0672 0x0568  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
20:11:20.0704 0x0568  SSDPSRV - ok
20:11:20.0735 0x0568  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
20:11:20.0750 0x0568  SstpSvc - ok
20:11:20.0797 0x0568  [ 627FFBE52FEDF0460C3D7259FC0EDF50, 92CB006CA91E4AF0CAA3ECD74D9329C349650EAFF70D847E62D9D8F2BE38B3B1 ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
20:11:20.0797 0x0568  ssudmdm - ok
20:11:20.0907 0x0568  [ 9DA3B55B17B54789AFB8C657D4ACE4D7, 5E4599E682327E3B8097A88A69ED73F96254A29054744D5DFB782054863F131E ] ss_conn_service C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
20:11:20.0922 0x0568  ss_conn_service - ok
20:11:20.0954 0x0568  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
20:11:20.0954 0x0568  stexstor - ok
20:11:21.0000 0x0568  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
20:11:21.0079 0x0568  stisvc - ok
20:11:21.0125 0x0568  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
20:11:21.0125 0x0568  storahci - ok
20:11:21.0157 0x0568  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
20:11:21.0172 0x0568  storflt - ok
20:11:21.0219 0x0568  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
20:11:21.0219 0x0568  stornvme - ok
20:11:21.0282 0x0568  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
20:11:21.0360 0x0568  StorSvc - ok
20:11:21.0391 0x0568  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
20:11:21.0391 0x0568  storvsc - ok
20:11:21.0438 0x0568  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\WINDOWS\system32\svsvc.dll
20:11:21.0485 0x0568  svsvc - ok
20:11:21.0501 0x0568  [ 04CF20310145DEC63D5387BEAFF77D9A, 5017AF8C2DFBFE1F9946FF5AF229D62D141118EA923EEFA994EB4C7B52DEF208 ] SWDUMon         C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
20:11:21.0516 0x0568  SWDUMon - ok
20:11:21.0547 0x0568  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
20:11:21.0563 0x0568  swenum - ok
20:11:21.0626 0x0568  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\WINDOWS\System32\swprv.dll
20:11:21.0657 0x0568  swprv - ok
20:11:21.0751 0x0568  [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain         C:\WINDOWS\system32\sysmain.dll
20:11:21.0813 0x0568  SysMain - ok
20:11:21.0876 0x0568  [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
20:11:21.0922 0x0568  SystemEventsBroker - ok
20:11:21.0954 0x0568  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
20:11:22.0016 0x0568  TabletInputService - ok
20:11:22.0047 0x0568  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
20:11:22.0079 0x0568  TapiSrv - ok
20:11:22.0172 0x0568  [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
20:11:22.0235 0x0568  Tcpip - ok
20:11:22.0297 0x0568  [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:11:22.0360 0x0568  TCPIP6 - ok
20:11:22.0391 0x0568  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
20:11:22.0407 0x0568  tcpipreg - ok
20:11:22.0438 0x0568  [ E0BD2D83875464FEEEB242CBA8B7E073, A3067165128F36035FA9F3CBA55CFED736E180C495497FA7332B3D97908C3D90 ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
20:11:22.0438 0x0568  tdx - ok
20:11:22.0782 0x0568  [ 932B340778F47D7538574BE4E5AC823D, 716F2318CF08F8F38B2E238632815AB0499F8FDC7CA1D3B556D25337F664C5A0 ] TeamViewer      c:\users\erwin\appdata\local\temp\teamviewer\TeamViewer_Service.exe
20:11:22.0907 0x0568  TeamViewer - ok
20:11:22.0938 0x0568  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
20:11:22.0938 0x0568  terminpt - ok
20:11:23.0001 0x0568  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService     C:\WINDOWS\System32\termsrv.dll
20:11:23.0032 0x0568  TermService - ok
20:11:23.0047 0x0568  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\WINDOWS\system32\themeservice.dll
20:11:23.0063 0x0568  Themes - ok
20:11:23.0094 0x0568  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
20:11:23.0110 0x0568  THREADORDER - ok
20:11:23.0141 0x0568  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
20:11:23.0172 0x0568  TimeBroker - ok
20:11:23.0219 0x0568  [ 80A2FC1A089A71F2DBE5D8394FFB009F, DEA30E751F6EA42E43E16869713FC7E37832B15DAFA0062B1798DFA476981385 ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
20:11:23.0235 0x0568  TPM - ok
20:11:23.0266 0x0568  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
20:11:23.0282 0x0568  TrkWks - ok
20:11:23.0344 0x0568  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
20:11:23.0360 0x0568  TrustedInstaller - ok
20:11:23.0391 0x0568  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
20:11:23.0438 0x0568  TsUsbFlt - ok
20:11:23.0469 0x0568  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
20:11:23.0485 0x0568  TsUsbGD - ok
20:11:23.0501 0x0568  [ E85916632CD3B9E9B546968DB950BF42, DECE3852C763CC6293C7D1B772296C43A0AE1E47BBCC4979C96B3B2AD70413F3 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
20:11:23.0547 0x0568  tunnel - ok
20:11:23.0579 0x0568  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
20:11:23.0594 0x0568  uagp35 - ok
20:11:23.0610 0x0568  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
20:11:23.0610 0x0568  UASPStor - ok
20:11:23.0657 0x0568  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
20:11:23.0673 0x0568  UCX01000 - ok
20:11:23.0704 0x0568  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
20:11:23.0751 0x0568  udfs - ok
20:11:23.0751 0x0568  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
20:11:23.0751 0x0568  UEFI - ok
20:11:23.0798 0x0568  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
20:11:23.0829 0x0568  UI0Detect - ok
20:11:23.0844 0x0568  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
20:11:23.0844 0x0568  uliagpkx - ok
20:11:23.0860 0x0568  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
20:11:23.0860 0x0568  umbus - ok
20:11:23.0891 0x0568  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
20:11:23.0907 0x0568  UmPass - ok
20:11:23.0954 0x0568  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
20:11:24.0001 0x0568  UmRdpService - ok
20:11:24.0110 0x0568  [ C485FB802F6C4A306B8F89BA087E5CA2, DE2E0F4A22D63EC54E23491962282ED3B01C7EB9941774A0C5633A776EAD499A ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:11:24.0110 0x0568  UNS - ok
20:11:24.0157 0x0568  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\WINDOWS\System32\upnphost.dll
20:11:24.0173 0x0568  upnphost - ok
20:11:24.0219 0x0568  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
20:11:24.0219 0x0568  usbccgp - ok
20:11:24.0251 0x0568  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
20:11:24.0266 0x0568  usbcir - ok
20:11:24.0298 0x0568  [ BBFD17B6B954FC9FA02E62D604052069, 47D2B7228EABA7F37F69A1756B69FFFB19F0C2CC2869C5BF674E4FD9257488A2 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
20:11:24.0313 0x0568  usbehci - ok
20:11:24.0344 0x0568  [ CD81683F4553677B9BF5163A922153EB, 6B304B0D68B9BFF0245EC755CDAAF9DF59DF3A081727E32CB66672929F0DBC50 ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
20:11:24.0376 0x0568  usbhub - ok
20:11:24.0469 0x0568  [ 5C90D5379B53590FBB24BBAD4FA682EE, DC036340510C1C0999AB1CB845F8E6EB8B7696BAC9BBE6E936454C0000D1E9D4 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
20:11:24.0485 0x0568  USBHUB3 - ok
20:11:24.0516 0x0568  [ A0F0484C97D6441ED6A75D7426ECCC9E, FF928ADE1C5464E581BF929F7383D5762D110EA6C7E31A6F0887EA7357ADBEFE ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
20:11:24.0563 0x0568  usbohci - ok
20:11:24.0579 0x0568  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
20:11:24.0626 0x0568  usbprint - ok
20:11:24.0641 0x0568  [ 0F030491BA4A27BD46F8B8ACEEE83F1A, 7063855611BEF94D4D229BA1BE507ECBDD89F5861641A407EB3E2919A352F9D4 ] usbscan         C:\WINDOWS\System32\drivers\usbscan.sys
20:11:24.0657 0x0568  usbscan - ok
20:11:24.0688 0x0568  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
20:11:24.0704 0x0568  USBSTOR - ok
20:11:24.0719 0x0568  [ FC974B03C8B87455F44F734C8F31A3C8, D69F6EE8030F7DF96FF151D9EAA6AE65417ACAC5A267C7DB96E9611D5BC42D2C ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
20:11:24.0735 0x0568  usbuhci - ok
20:11:24.0766 0x0568  [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
20:11:24.0782 0x0568  USBXHCI - ok
20:11:24.0813 0x0568  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\WINDOWS\system32\lsass.exe
20:11:24.0813 0x0568  VaultSvc - ok
20:11:24.0844 0x0568  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
20:11:24.0860 0x0568  vdrvroot - ok
20:11:24.0907 0x0568  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\WINDOWS\System32\vds.exe
20:11:24.0969 0x0568  vds - ok
20:11:24.0985 0x0568  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
20:11:24.0985 0x0568  VerifierExt - ok
20:11:25.0016 0x0568  [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
20:11:25.0032 0x0568  vhdmp - ok
20:11:25.0048 0x0568  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
20:11:25.0048 0x0568  viaide - ok
20:11:25.0079 0x0568  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
20:11:25.0094 0x0568  vmbus - ok
20:11:25.0110 0x0568  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
20:11:25.0110 0x0568  VMBusHID - ok
20:11:25.0141 0x0568  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
20:11:25.0173 0x0568  vmicguestinterface - ok
20:11:25.0188 0x0568  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
20:11:25.0204 0x0568  vmicheartbeat - ok
20:11:25.0219 0x0568  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
20:11:25.0235 0x0568  vmickvpexchange - ok
20:11:25.0235 0x0568  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
20:11:25.0251 0x0568  vmicrdv - ok
20:11:25.0266 0x0568  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
20:11:25.0282 0x0568  vmicshutdown - ok
20:11:25.0298 0x0568  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
20:11:25.0313 0x0568  vmictimesync - ok
20:11:25.0329 0x0568  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
20:11:25.0344 0x0568  vmicvss - ok
20:11:25.0360 0x0568  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
20:11:25.0376 0x0568  volmgr - ok
20:11:25.0391 0x0568  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
20:11:25.0407 0x0568  volmgrx - ok
20:11:25.0454 0x0568  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
20:11:25.0469 0x0568  volsnap - ok
20:11:25.0485 0x0568  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
20:11:25.0501 0x0568  vpci - ok
20:11:25.0579 0x0568  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
20:11:25.0594 0x0568  vsmraid - ok
20:11:25.0641 0x0568  [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS             C:\WINDOWS\system32\vssvc.exe
20:11:25.0688 0x0568  VSS - ok
20:11:25.0704 0x0568  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
20:11:25.0719 0x0568  VSTXRAID - ok
20:11:25.0766 0x0568  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
20:11:25.0798 0x0568  vwifibus - ok
20:11:25.0844 0x0568  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\WINDOWS\system32\w32time.dll
20:11:25.0891 0x0568  W32Time - ok
20:11:25.0891 0x0568  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
20:11:25.0907 0x0568  WacomPen - ok
20:11:25.0985 0x0568  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\WINDOWS\system32\wbengine.exe
20:11:26.0032 0x0568  wbengine - ok
20:11:26.0048 0x0568  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
20:11:26.0079 0x0568  WbioSrvc - ok
20:11:26.0110 0x0568  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
20:11:26.0126 0x0568  Wcmsvc - ok
20:11:26.0126 0x0568  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
20:11:26.0157 0x0568  wcncsvc - ok
20:11:26.0173 0x0568  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
20:11:26.0204 0x0568  WcsPlugInService - ok
20:11:26.0235 0x0568  [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
20:11:26.0251 0x0568  WdBoot - ok
20:11:26.0298 0x0568  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
20:11:26.0313 0x0568  Wdf01000 - ok
20:11:26.0345 0x0568  [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
20:11:26.0345 0x0568  WdFilter - ok
20:11:26.0376 0x0568  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
20:11:26.0407 0x0568  WdiServiceHost - ok
20:11:26.0407 0x0568  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
20:11:26.0423 0x0568  WdiSystemHost - ok
20:11:26.0438 0x0568  [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
20:11:26.0454 0x0568  WdNisDrv - ok
20:11:26.0470 0x0568  WdNisSvc - ok
20:11:26.0516 0x0568  [ 40F83492DB9ABBA59773A45FB487C8B2, 0D0DE0B0C9B929FEFD2674CCF17F5F2FC4B16EAB8E1981BBCE51B0305FD7D75E ] WebClient       C:\WINDOWS\System32\webclnt.dll
20:11:26.0532 0x0568  WebClient - ok
20:11:26.0563 0x0568  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
20:11:26.0595 0x0568  Wecsvc - ok
20:11:26.0626 0x0568  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
20:11:26.0641 0x0568  WEPHOSTSVC - ok
20:11:26.0673 0x0568  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
20:11:26.0735 0x0568  wercplsupport - ok
20:11:26.0751 0x0568  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
20:11:26.0782 0x0568  WerSvc - ok
20:11:26.0798 0x0568  [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
20:11:26.0813 0x0568  WFPLWFS - ok
20:11:26.0845 0x0568  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
20:11:26.0860 0x0568  WiaRpc - ok
20:11:26.0876 0x0568  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
20:11:26.0876 0x0568  WIMMount - ok
20:11:26.0891 0x0568  WinDefend - ok
20:11:26.0938 0x0568  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
20:11:26.0954 0x0568  WinHttpAutoProxySvc - ok
20:11:27.0048 0x0568  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
20:11:27.0063 0x0568  Winmgmt - ok
20:11:27.0141 0x0568  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
20:11:27.0220 0x0568  WinRM - ok
20:11:27.0251 0x0568  [ 3AF1FA17F1C4ACBDB660D8F98B1A9C13, 99B0851410B462685F6705EBF832D10943FB9634030B02D15BF5D0C66F26F2C2 ] WinUsb          C:\WINDOWS\System32\drivers\WinUsb.sys
20:11:27.0266 0x0568  WinUsb - ok
20:11:27.0313 0x0568  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
20:11:27.0360 0x0568  WlanSvc - ok
20:11:27.0407 0x0568  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
20:11:27.0438 0x0568  wlidsvc - ok
20:11:27.0470 0x0568  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
20:11:27.0485 0x0568  WmiAcpi - ok
20:11:27.0501 0x0568  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
20:11:27.0516 0x0568  wmiApSrv - ok
20:11:27.0548 0x0568  WMPNetworkSvc - ok
20:11:27.0595 0x0568  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
20:11:27.0595 0x0568  Wof - ok
20:11:27.0673 0x0568  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
20:11:27.0735 0x0568  workfolderssvc - ok
20:11:27.0766 0x0568  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
20:11:27.0766 0x0568  wpcfltr - ok
20:11:27.0798 0x0568  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
20:11:27.0813 0x0568  WPCSvc - ok
20:11:27.0845 0x0568  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
20:11:27.0860 0x0568  WPDBusEnum - ok
20:11:27.0891 0x0568  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
20:11:27.0907 0x0568  WpdUpFltr - ok
20:11:27.0923 0x0568  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
20:11:27.0954 0x0568  ws2ifsl - ok
20:11:27.0985 0x0568  [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
20:11:28.0016 0x0568  wscsvc - ok
20:11:28.0032 0x0568  WSearch - ok
20:11:28.0141 0x0568  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\WINDOWS\System32\WSService.dll
20:11:28.0251 0x0568  WSService - ok
20:11:28.0251 0x0568  wStLibG64 - ok
20:11:28.0376 0x0568  [ 688DAAE720E39DA86822785195646663, DB6E0F89496BB74EDF8378E6AE06364B19249701F6ACD176A0DCA1951E81A63D ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
20:11:28.0501 0x0568  wuauserv - ok
20:11:28.0548 0x0568  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
20:11:28.0579 0x0568  WudfPf - ok
20:11:28.0626 0x0568  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
20:11:28.0657 0x0568  WUDFRd - ok
20:11:28.0657 0x0568  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP    C:\WINDOWS\System32\drivers\WUDFRd.sys
20:11:28.0673 0x0568  WUDFSensorLP - ok
20:11:28.0688 0x0568  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
20:11:28.0704 0x0568  wudfsvc - ok
20:11:28.0720 0x0568  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\WINDOWS\System32\drivers\WUDFRd.sys
20:11:28.0720 0x0568  WUDFWpdFs - ok
20:11:28.0735 0x0568  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp      C:\WINDOWS\System32\drivers\WUDFRd.sys
20:11:28.0735 0x0568  WUDFWpdMtp - ok
20:11:28.0782 0x0568  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
20:11:28.0813 0x0568  WwanSvc - ok
20:11:28.0829 0x0568  ================ Scan global ===============================
20:11:28.0892 0x0568  [ 05B08C20B8428ECE088CB5635696A48D, 471642A2D0E5C3BB235962FC8D86A49AC30D7DDE80B97E348425BBFCDE4DCDC3 ] C:\WINDOWS\system32\basesrv.dll
20:11:28.0892 0x0568  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
20:11:28.0938 0x0568  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
20:11:28.0970 0x0568  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
20:11:28.0985 0x0568  [ Global ] - ok
20:11:28.0985 0x0568  ================ Scan MBR ==================================
20:11:28.0985 0x0568  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
20:11:29.0063 0x0568  \Device\Harddisk0\DR0 - ok
20:11:29.0063 0x0568  ================ Scan VBR ==================================
20:11:29.0095 0x0568  [ 53EAE0762F878A474B437F0A302F6147 ] \Device\Harddisk0\DR0\Partition1
20:11:29.0110 0x0568  \Device\Harddisk0\DR0\Partition1 - ok
20:11:29.0126 0x0568  [ 1A358E313E68AEFB7921326A0892A706 ] \Device\Harddisk0\DR0\Partition2
20:11:29.0126 0x0568  \Device\Harddisk0\DR0\Partition2 - ok
20:11:29.0142 0x0568  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
20:11:29.0142 0x0568  \Device\Harddisk0\DR0\Partition3 - ok
20:11:29.0157 0x0568  [ 92F09925D06F08B648012C742BA7F678 ] \Device\Harddisk0\DR0\Partition4
20:11:29.0173 0x0568  \Device\Harddisk0\DR0\Partition4 - ok
20:11:29.0188 0x0568  [ F3386C420378B9257AED88FA004302BF ] \Device\Harddisk0\DR0\Partition5
20:11:29.0235 0x0568  \Device\Harddisk0\DR0\Partition5 - ok
20:11:29.0251 0x0568  [ 427DFD29A79A395CCB8DB80718EEB8C8 ] \Device\Harddisk0\DR0\Partition6
20:11:29.0251 0x0568  \Device\Harddisk0\DR0\Partition6 - ok
20:11:29.0267 0x0568  [ 8C375D589885FCF82D22DEB577CE7107 ] \Device\Harddisk0\DR0\Partition7
20:11:29.0282 0x0568  \Device\Harddisk0\DR0\Partition7 - ok
20:11:29.0298 0x0568  [ B6C8305F49E9D76A8093164672EE9037 ] \Device\Harddisk0\DR0\Partition8
20:11:29.0313 0x0568  \Device\Harddisk0\DR0\Partition8 - ok
20:11:29.0313 0x0568  ================ Scan generic autorun ======================
20:11:29.0720 0x0568  [ 9CE8442B63A1E45E317E1B55A00FF441, 580517A62B41FB69F52A725895E25538A0FCA527D9ABC376EF56AEAE5BCC2DB9 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
20:11:29.0907 0x0568  RTHDVCPL - ok
20:11:30.0001 0x0568  [ ED77575498921FE61B53A5EBB1F4136B, C52D3451F34E5115A1AAA424DC8F0A7A2AA3468726BA1873F0BCCFE1480FCB57 ] C:\WINDOWS\system32\igfxtray.exe
20:11:30.0017 0x0568  IgfxTray - ok
20:11:30.0048 0x0568  [ F31985811DD87B61708B0E8484E88216, A61C4B48AFF70455FBD989FBAC3C9CF8C4C1425CF1F94296660036CF6E0E2B04 ] C:\WINDOWS\system32\hkcmd.exe
20:11:30.0063 0x0568  HotKeysCmds - ok
20:11:30.0110 0x0568  [ C89C68961854E7A67946BE47D44EFAF4, 954EE4BF56F9602B6275B6F852BBB5F739147B3D1395AC07A02BDE0027828CFF ] C:\WINDOWS\system32\igfxpers.exe
20:11:30.0126 0x0568  Persistence - ok
20:11:30.0142 0x0568  [ 690EB331346D7ADFDA18E50042DEA4B4, 0C219D7A5FCD4E0252C815373E67F843DBD7356FAE7AB836C451068B51438FE7 ] C:\Program Files\Classic Shell\ClassicStartMenu.exe
20:11:30.0157 0x0568  Classic Start Menu - detected UnsignedFile.Multi.Generic ( 1 )
20:11:32.0517 0x0568  Detect skipped due to KSN trusted
20:11:32.0517 0x0568  Classic Start Menu - ok
20:11:32.0595 0x0568  PPort12reminder - ok
20:11:32.0876 0x0568  [ 034387AC85CE422E380A039E4DA4BD60, BB5861FC926AA12D18FA596A23A3230AB94288D60109CDB38D1DFB7721302B4B ] C:\Program Files (x86)\Nuance\PDFViewerPlus\pdfpro5hook.exe
20:11:32.0939 0x0568  PDFHook - ok
20:11:32.0939 0x0568  [ 4DD34DB7C24C91176E673B4AFEDF4E7C, D08459973C8D6C0CE8FEF0674A3784E8C36597D84C5CE2B076860FD4BFA320B5 ] C:\Program Files (x86)\Nuance\PDFViewerPlus\RegistryController.exe
20:11:32.0954 0x0568  PDF5 Registry Controller - ok
20:11:33.0110 0x0568  [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
20:11:33.0142 0x0568  BCSSync - ok
20:11:34.0907 0x0568  [ 9F6F68E5383E5CEA91326CABC98A5D61, 9E0A755E7B5039E3481C38B94A207B17DE4125443719A17CB8F0E67C0453B587 ] C:\WINDOWS\ZInit32.exe
20:11:35.0392 0x0568  zinit32 - ok
20:11:35.0486 0x0568  [ 5909C378DF9132FC91F50AF70A53455A, E13CE76ABAFA459BFDB4B7806E73BF57217D0800206FC24805E66573F3670604 ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
20:11:35.0486 0x0568  Avira Systray - ok
20:11:35.0548 0x0568  [ F513B7920973A120DDF034290626AB51, C120BF47D36DD1DC14AE3E133F033519735CB85D97A78F732B6B0559B3689F7C ] C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
20:11:35.0564 0x0568  LexwareInfoService - ok
20:11:35.0611 0x0568  [ BE3DD2A4A6296FB2DFF0EDC2E0269F64, 8EE1EFCB67D3E9FD08BD7E09174AAC75B018106988B97619F2D0432C86889E40 ] C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMSpeed.EXE
20:11:35.0642 0x0568  PMSpeed9.32.10 - ok
20:11:35.0720 0x0568  [ 359714A81A50EA2B3C8FD5B469AC7D23, AEA7CE88D44809DD0D656FC9B7D57B0993AEA99FB4665136CA0450F1BECEC453 ] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
20:11:35.0751 0x0568  FUFAXRCV - ok
20:11:35.0782 0x0568  [ 0DA6B555222873BB7AD140D9C675DFB7, A7EADD3D6A658D5B8FD208563466BC4E0EE185BB05DE3C0ACE70A8527E7B02F1 ] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
20:11:35.0798 0x0568  FUFAXSTM - ok
20:11:35.0876 0x0568  [ 82F68EBA0FCEA46BA8919D6A264A833E, 093140F47B047134D36A1D195BC01AA1A17B4B0215C7617A3FF846BC405651E6 ] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
20:11:35.0907 0x0568  EEventManager - ok
20:11:35.0970 0x0568  [ 2EA68E33DFF41A10F1BAB15FC3A28076, C971C009F36A87116FBE785E45EB7192EAD9BAF713C43C8A3AC643624144ECF9 ] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
20:11:35.0986 0x0568  KiesTrayAgent - ok
20:11:36.0001 0x0568  Agenda-Arbeitsplatz - ok
20:11:36.0173 0x0568  [ 02F1FDD51EE270ECF0E42DB13C941D2C, C55B1A80373E1F8063C9C1B559ECBC9A9626FA29C8CCB01878FB2DE81CF790EB ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
20:11:36.0236 0x0568  w1Synt - ok
20:11:36.0298 0x0568  ISUSPM - ok
20:11:36.0361 0x0568  [ 0049D80BAB72557E9DD09C223FD71E58, AE98C428233E1494A860013638EE1FF1CE609EA17D2EB2D5829757071C273717 ] C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
20:11:36.0392 0x0568  Spotify Web Helper - ok
20:11:36.0392 0x0568  Web Companion - ok
20:11:36.0439 0x0568  [ 06F6DB72ADABC5E858F38EF69014CE52, B4AEABF3EA6FCABBED879D642BA070DF9C244E28DB5BDC3211205C7B8DB97BFB ] C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
20:11:36.0564 0x0568  OfficeSyncProcess - ok
20:11:36.0642 0x0568  [ F120335CFD86E98967AD5F77905E981D, B401356E48B649070E733F57CBF7092522D5ACE348856EFAE1AA92F7C11DADDB ] C:\Program Files (x86)\Samsung\Kies\Kies.exe
20:11:36.0658 0x0568  KiesPreload - ok
20:11:36.0658 0x0568  KiesAirMessage - ok
20:11:36.0658 0x0568  Waiting for KSN requests completion. In queue: 34
20:11:37.0673 0x0568  Waiting for KSN requests completion. In queue: 34
20:11:38.0689 0x0568  Waiting for KSN requests completion. In queue: 34
20:11:39.0751 0x0568  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x60100 ( disabled : updated )
20:11:39.0767 0x0568  AV detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\wmiav.exe ( 14.0.0.4651 ), 0x44000 ( disabled : updated )
20:11:39.0767 0x0568  FW detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\wmifw.exe ( 14.0.0.4651 ), 0x40010 ( disabled )
20:11:39.0783 0x0568  Win FW state via NFP2: enabled ( trusted )
20:11:52.0143 0x0568  ============================================================
20:11:52.0143 0x0568  Scan finished
20:11:52.0143 0x0568  ============================================================
20:11:52.0143 0x10d0  Detected object count: 1
20:11:52.0143 0x10d0  Actual detected object count: 1
20:12:09.0003 0x10d0  Advantage ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:09.0003 0x10d0  Advantage ( UnsignedFile.Multi.Generic ) - User select action: Skip

Jidddooo · 06.01.2016, 20:31

und zu guter letzt
der frische frst.log

FRST Logfile:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
durchgeführt von Erwin (Administrator) auf ERWINFRIESEN (06-01-2016 20:21:05)
Gestartet von C:\Users\Erwin\Desktop\Virus
Geladene Profile: Erwin (Verfügbare Profile: Erwin)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Agenda Informationssysteme GmbH & Co. KG) C:\AGENDA\WINUPDATE\PROG\UpdateDownload.exe
(Agenda Informationssysteme GmbH & Co. KG) C:\AGENDA\WINUPDATE\PROG\UpdateUpdater.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Users\Erwin\AppData\Local\Temp\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Extended\ADS11.10\Server\ads.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDFViewerPlus\pdfPro5Hook.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMSpeed.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [PPort12reminder] => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDFViewerPlus\pdfpro5hook.exe [1369376 2010-02-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDFViewerPlus\RegistryController.exe [62752 2010-02-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [zinit32] => C:\WINDOWS\ZInit32.exe
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [196648 2014-09-26] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [PMSpeed9.32.10] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMSpeed.EXE [125248 2013-09-26] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-06-01] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-06-01] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1055\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\...\Run: [Agenda-Arbeitsplatz] => C:\AGENDA\AgendaAP\PROG\agendaap32.exe
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\...\Run: [w1Synt] => C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe [32768 2014-05-27] (Microsoft Corporation)
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1193176 2013-04-06] ()
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1566016 2015-07-27] (Samsung)
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMBE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{1059EEBE-3540-4DA8-AC38-0B44013244B7}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.de/
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-681885862-1274788781-1503667042-1001 -> DefaultScope {310915E3-B627-42E5-84D8-008D3D3E0523} URL = 
SearchScopes: HKU\S-1-5-21-681885862-1274788781-1503667042-1001 -> {310915E3-B627-42E5-84D8-008D3D3E0523} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-08-20] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-16] (Kaspersky Lab ZAO)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-08-20] (Kaspersky Lab ZAO)
BHO: Kein Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> Keine Datei
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => Keine Datei
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-08-20] (Kaspersky Lab ZAO)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Kein Name -> {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} -> Keine Datei
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-08-20] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-16] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-08-20] (Kaspersky Lab ZAO)
BHO-x32: Kein Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> Keine Datei
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-08-20] (Kaspersky Lab ZAO)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  Keine Datei
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  Keine Datei
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  Keine Datei
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Erwin\AppData\Roaming\Mozilla\Firefox\Profiles\oa81718n.default-1424800036395
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: hxxps://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [Keine Datei]
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-26] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [Keine Datei]
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: WEB.DE MailCheck - C:\Users\Erwin\AppData\Roaming\Mozilla\Firefox\Profiles\oa81718n.default-1424800036395\extensions\mailcheck@web.de [2015-08-13]
FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-08-24] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-12-16] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-16] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-12-16] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-12-16] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-12-16] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-05-09] [ist nicht signiert]

Chrome: 
=======
CHR Profile: C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-21]
CHR Extension: (Google Docs) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-21]
CHR Extension: (Google Drive) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30]
CHR Extension: (Kaspersky Protection) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2015-06-21]
CHR Extension: (YouTube) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-05]
CHR Extension: (Google-Suche) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2015-06-21]
CHR Extension: (Google Tabellen) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-21]
CHR Extension: (Avira Browserschutz) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-12-22]
CHR Extension: (Google Docs Offline) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-23]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-05]
CHR Extension: (Google Mail) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-21]
CHR Extension: (Anti-Banner) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2015-06-21]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Advantage; C:\Program Files (x86)\Extended\ADS11.10\Server\ADS.EXE [3538944 2013-07-25] (iAnywhere Solutions, Inc.) [Datei ist nicht signiert]
R2 AgendaUpdate; C:\AGENDA\WinUpdate\Prog\updatedownload.exe [1439848 2013-11-05] (Agenda Informationssysteme GmbH & Co. KG)
R2 AgendaUpdater; C:\AGENDA\WinUpdate\Prog\updateupdater.exe [979048 2013-11-05] (Agenda Informationssysteme GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-09] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-09-08] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1055\G2AC_Service.exe [309568 2015-03-05] (Citrix Online, a division of Citrix Systems, Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [Datei ist nicht signiert]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
S2 KMService; C:\WINDOWS\SysWOW64\srvany.exe [8192 2003-04-18] () [Datei ist nicht signiert]
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [64552 2014-08-14] (Haufe-Lexware GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
R2 SageDB 5.0; C:\Program Files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe [5685248 2011-07-18] () [Datei ist nicht signiert]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 TeamViewer; c:\users\erwin\appdata\local\temp\teamviewer\TeamViewer_Service.exe [4175632 2015-04-17] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 KiesAllShare; C:\Program Files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe [X]
S2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-08-20] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-08-20] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-08-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-08-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2015-06-04] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-08-20] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-07-29] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-08-20] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-06] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [13920 2016-01-05] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S1 wStLibG64; kein ImagePath
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 pccsmcfd; \SystemRoot\system32\DRIVERS\pccsmcfdx64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-01-06 20:09 - 2016-01-06 20:20 - 00234938 _____ C:\TDSSKiller.3.1.0.9_06.01.2016_20.09.22_log.txt
2016-01-06 20:07 - 2016-01-06 20:08 - 00000000 ____D C:\Users\Erwin\Desktop\Virus
2016-01-06 19:15 - 2016-01-06 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-01-06 19:15 - 2016-01-06 19:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-05 20:21 - 2016-01-05 20:21 - 00000000 ___HD C:\$WINDOWS.~BT
2016-01-04 18:48 - 2016-01-06 20:21 - 00000000 ____D C:\FRST
2015-12-31 10:51 - 2015-12-31 10:53 - 00122662 _____ C:\WINDOWS\ntbtlog.txt
2015-12-31 10:41 - 2015-12-31 10:41 - 4172198784 _____ C:\WINDOWS\MEMORY.DMP
2015-12-28 22:52 - 2015-12-28 22:52 - 00002306 _____ C:\Users\Erwin\Desktop\Sicherer Zahlungsverkehr.lnk
2015-12-27 09:26 - 2015-12-27 09:26 - 00000000 ____D C:\ProgramData\Adobe
2015-12-27 09:16 - 2015-12-27 09:16 - 00000000 ____D C:\ProgramData\EgisTec
2015-12-27 03:13 - 2015-12-27 03:13 - 00000000 ____D C:\ProgramData\EgisTec IPS
2015-12-27 03:04 - 2016-01-06 19:59 - 00000000 ____D C:\ProgramData\TEMP
2015-12-27 03:03 - 2015-12-27 03:07 - 00000000 ____D C:\ProgramData\OEM
2015-12-27 00:52 - 2016-01-05 20:30 - 00000000 ____D C:\ProgramData\Lexware
2015-12-27 00:08 - 2015-12-27 00:08 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2015-12-26 07:14 - 2015-05-21 07:02 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2015-12-26 07:14 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2015-12-21 05:12 - 2016-01-05 20:18 - 00013920 _____ C:\WINDOWS\system32\Drivers\SWDUMon.sys
2015-12-21 02:44 - 2015-12-21 02:44 - 00000000 ____D C:\Users\Erwin\AppData\Local\ProductivityBoss_e5
2015-12-21 02:44 - 2015-12-21 02:44 - 00000000 ____D C:\Users\Erwin\AppData\Local\Downloaded Installers
2015-12-15 02:08 - 2015-12-15 02:08 - 00001847 _____ C:\Users\Erwin\Desktop\UseNeXT.lnk
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SETD967.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SETAD84.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SETA91B.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SETA63C.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SETA477.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SETA1C8.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET9FF3.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET9D63.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET9B4F.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET99D8.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET97C5.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET969C.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET94F6.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET93BE.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET91DA.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET8F1A.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET8CE8.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET875A.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET8585.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET845C.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET823A.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET80C3.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET7E23.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET7CBB.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET78FD.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET77D9.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET765E.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET7559.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET73DD.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET7365.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET70EF.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET70E4.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6F2F.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6EFB.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6C9E.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6C4B.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6ACA.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6A38.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET682A.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6825.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6655.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET65E3.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET63C5.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6278.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET61A2.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6026.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET5F02.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET5D96.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET5C72.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET5B63.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET59A3.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET58D3.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET57BF.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET56CF.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET5686.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET54B1.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET53D2.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET52EC.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET50C5.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET50BA.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET4EE5.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET4C7F.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET4A22.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET48C6.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET486D.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET4679.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET43AA.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET41D5.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET3EE7.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET3B5D.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET389E.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET36B9.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET3477.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET32B2.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET30BE.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET2E1E.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET2BEC.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET298A.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET2506.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET22D4.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET217C.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET1F1B.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET1DD2.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET1B33.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET19EA.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET17F6.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET1651.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET13FF.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET1249.tmp
2015-12-13 15:35 - 2015-12-13 15:35 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-12-13 15:27 - 2015-12-13 15:27 - 00001968 _____ C:\Users\Public\Desktop\Samsung Kies.lnk
2015-12-13 15:27 - 2015-12-13 15:27 - 00000000 ____D C:\Users\Erwin\AppData\Local\Samsung
2015-12-13 15:26 - 2013-06-21 01:07 - 00103448 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET73DA.tmp
2015-12-13 15:26 - 2013-06-21 01:07 - 00103448 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET449D.tmp
2015-12-13 15:23 - 2013-07-18 14:33 - 04659712 _____ (Dmitry Streblechenko) C:\WINDOWS\SysWOW64\Redemption.dll
2015-12-13 15:23 - 2013-07-18 14:32 - 00821824 _____ (Devguru Co., Ltd.) C:\WINDOWS\SysWOW64\dgderapi.dll
2015-12-13 15:20 - 2015-12-13 15:20 - 00000000 ____D C:\Users\Erwin\AppData\Local\Downloaded Installations
2015-12-09 05:41 - 2015-11-05 09:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-09 05:40 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-09 05:40 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-09 05:40 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-12-09 05:40 - 2015-11-11 16:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-12-09 05:40 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-09 05:40 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-12-09 05:40 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-09 05:40 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-12-09 05:40 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-09 05:40 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-09 05:40 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-09 05:40 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-09 05:40 - 2015-11-10 00:41 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-12-09 05:40 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-12-09 05:40 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-09 05:40 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-09 05:40 - 2015-11-10 00:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-09 05:40 - 2015-11-10 00:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-12-09 05:40 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-09 05:40 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-09 05:40 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-12-09 05:40 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-09 05:40 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-09 05:40 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-09 05:40 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-09 05:40 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-09 05:40 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-12-09 05:40 - 2015-11-08 22:32 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-12-09 05:40 - 2015-11-08 22:25 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-12-09 05:40 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-12-09 05:40 - 2015-11-08 22:16 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-09 05:40 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-09 05:40 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-09 05:40 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-09 05:40 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-09 05:40 - 2015-11-08 21:53 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-12-09 05:40 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-09 05:40 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-09 05:40 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-12-09 05:39 - 2015-11-22 07:59 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-09 05:39 - 2015-11-22 07:59 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-09 05:39 - 2015-11-22 07:59 - 01659568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-12-09 05:39 - 2015-11-22 07:59 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-12-09 05:39 - 2015-11-22 07:59 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-12-09 05:39 - 2015-11-22 07:59 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-12-09 05:39 - 2015-11-22 07:58 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-09 05:39 - 2015-11-21 19:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-12-09 05:39 - 2015-11-21 18:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-12-09 05:39 - 2015-11-21 17:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-09 05:39 - 2015-11-21 17:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-09 05:39 - 2015-11-21 17:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-09 05:39 - 2015-11-21 17:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-09 05:39 - 2015-11-20 23:47 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-09 05:39 - 2015-11-20 19:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-09 05:39 - 2015-11-20 17:58 - 03706880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-09 05:39 - 2015-11-20 17:47 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-12-09 05:39 - 2015-11-20 17:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-12-09 05:39 - 2015-11-20 17:44 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-12-09 05:39 - 2015-11-20 17:44 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-12-09 05:39 - 2015-11-20 17:43 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-12-09 05:39 - 2015-11-20 17:42 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-12-09 05:39 - 2015-11-20 17:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-12-09 05:39 - 2015-11-20 17:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-12-09 05:39 - 2015-11-20 17:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-12-09 05:39 - 2015-11-20 17:27 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-12-09 05:39 - 2015-11-09 01:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-09 05:39 - 2015-11-08 23:30 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-09 05:39 - 2015-11-08 22:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-12-09 05:39 - 2015-11-08 22:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-12-09 05:39 - 2015-11-08 22:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-09 05:39 - 2015-11-08 21:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-12-09 05:39 - 2015-11-08 21:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-09 05:39 - 2015-11-08 21:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-09 05:39 - 2015-10-28 16:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-09 05:39 - 2015-10-28 16:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-09 05:39 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-09 05:39 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-09 05:39 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-09 05:39 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-09 05:39 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-09 05:39 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-09 05:39 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-09 05:39 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-09 05:39 - 2015-10-22 17:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-09 05:39 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-12-09 05:39 - 2015-10-22 16:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-09 05:39 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-12-09 05:39 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-09 05:39 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2015-12-09 05:39 - 2015-10-11 07:34 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-09 05:39 - 2015-10-11 07:34 - 00462168 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-12-09 05:39 - 2015-10-11 07:34 - 00443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-12-09 05:39 - 2015-10-11 07:34 - 00092504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-12-09 05:39 - 2015-10-11 07:34 - 00027992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-12-09 05:39 - 2015-10-10 19:41 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-12-09 05:39 - 2015-10-10 19:41 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-12-09 05:39 - 2015-10-10 19:40 - 00078848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusb.sys
2015-12-09 05:39 - 2015-10-10 18:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-12-09 05:39 - 2015-10-08 17:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2015-12-09 05:39 - 2015-10-08 16:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2015-12-09 05:39 - 2015-10-05 19:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-12-09 05:39 - 2015-10-05 19:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-12-09 05:39 - 2015-10-03 20:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-12-09 05:39 - 2015-10-03 20:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-01-06 20:10 - 2014-06-17 09:38 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-06 20:01 - 2014-08-20 10:19 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-01-06 19:59 - 2015-06-21 21:22 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-06 19:59 - 2014-08-06 16:46 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-06 19:59 - 2014-04-21 11:15 - 00000000 ___RD C:\Users\Erwin\OneDrive
2016-01-06 19:59 - 2014-01-19 13:17 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\.oit
2016-01-06 19:58 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-06 19:57 - 2014-08-06 16:46 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-01-06 19:57 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager
2016-01-06 19:44 - 2014-01-17 17:51 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-681885862-1274788781-1503667042-1001
2016-01-06 19:39 - 2015-12-01 18:39 - 00000945 _____ C:\WINDOWS\Tasks\EPSON WF-2650 Series Update {27E55862-C7BB-4743-9435-9B4417B1181F}.job
2016-01-06 19:27 - 2015-06-21 21:22 - 00001144 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-06 19:12 - 2014-01-18 12:22 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\ClassicShell
2016-01-05 22:47 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2016-01-05 20:22 - 2014-04-21 11:19 - 00000000 ___DC C:\WINDOWS\Panther
2016-01-05 20:14 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-01-03 14:09 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-29 09:10 - 2014-06-17 09:38 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-12-28 22:34 - 2015-10-01 08:40 - 00000042 _____ C:\Users\Erwin\AppData\Roaming\url.txt
2015-12-28 22:34 - 2015-09-18 20:29 - 00000000 ____D C:\Users\Erwin\Documents\UseNeXT
2015-12-28 22:34 - 2014-01-19 18:23 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\UseNeXT
2015-12-28 22:20 - 2014-01-22 22:36 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\vlc
2015-12-28 12:04 - 2014-03-18 11:03 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-28 12:04 - 2014-03-18 10:25 - 00764340 _____ C:\WINDOWS\system32\perfh007.dat
2015-12-28 12:04 - 2014-03-18 10:25 - 00159160 _____ C:\WINDOWS\system32\perfc007.dat
2015-12-28 11:58 - 2014-01-19 13:21 - 00000000 ____D C:\Users\Erwin\Documents\Eigene PaperPort-Dokumente
2015-12-28 11:34 - 2015-01-28 22:35 - 00000000 ____D C:\Users\Erwin\AppData\Local\Package Cache
2015-12-27 03:18 - 2012-11-28 13:09 - 00000000 ____D C:\ProgramData\Acer
2015-12-27 03:04 - 2013-04-06 01:49 - 00000000 ____D C:\ProgramData\Intel
2015-12-27 00:30 - 2015-05-08 22:00 - 00000000 ____D C:\ProgramData\Epson
2015-12-26 18:33 - 2013-08-22 14:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-26 13:25 - 2015-10-05 20:48 - 00655360 _____ C:\WINDOWS\SysWOW64\ꧣ鲁뷦꞉뗦ꒅ藦鲭跧낕跧ꮥ냦ꆉ藦뚁郣꺀胣鲑釧ꆱ뷦꒕闦뎽맦뚕釧꾉맢ꒅ
2015-12-26 12:44 - 2014-01-19 18:14 - 00000000 ____D C:\Users\Erwin\Documents\Mein Steuer-Sparbuch Heute
2015-12-26 09:48 - 2014-12-10 08:46 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-26 09:48 - 2014-12-10 08:46 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-26 00:20 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-26 00:09 - 2015-05-25 10:44 - 00000000 ___RD C:\Users\Erwin\Desktop\gescannt
2015-12-25 23:40 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-24 01:31 - 2014-10-05 21:59 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\dvdcss
2015-12-22 11:14 - 2014-01-19 13:09 - 00001061 _____ C:\WINDOWS\wiso.ini
2015-12-22 11:14 - 2014-01-19 13:07 - 00000000 ____D C:\Program Files (x86)\Steuer 2013
2015-12-22 10:14 - 2014-06-01 18:01 - 00000000 ____D C:\Users\Erwin\AppData\Local\Google
2015-12-20 11:00 - 2015-04-04 04:54 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-12-20 11:00 - 2015-04-04 04:54 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-12-19 10:22 - 2014-02-07 00:22 - 00000000 ____D C:\Users\Erwin\AppData\Local\ElevatedDiagnostics
2015-12-18 22:55 - 2015-07-10 07:57 - 00214528 ___SH C:\Users\Erwin\Documents\Thumbs.db
2015-12-16 23:28 - 2015-06-21 21:23 - 00002155 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-14 22:47 - 2014-02-08 00:20 - 01284096 ___SH C:\Users\Erwin\Desktop\Thumbs.db
2015-12-14 22:09 - 2014-04-21 10:26 - 00000000 ____D C:\Users\Erwin
2015-12-14 22:01 - 2013-08-22 15:44 - 00508528 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-14 10:38 - 2015-10-04 07:37 - 00000000 ____D C:\Program Files (x86)\UseNeXT
2015-12-13 15:27 - 2014-12-10 23:55 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\Samsung
2015-12-13 15:26 - 2014-12-10 23:55 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-12-13 15:23 - 2012-11-28 13:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-13 15:21 - 2014-12-10 23:57 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2015-12-13 14:18 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-09 06:50 - 2014-01-20 10:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 06:50 - 2014-01-20 10:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 06:49 - 2014-01-20 10:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-09 06:34 - 2014-01-20 10:00 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-08-29 22:37 - 2015-08-29 22:37 - 0000000 _____ () C:\Program Files (x86)\GUTDECA.tmp
2015-10-01 08:40 - 2015-12-28 22:34 - 0000042 _____ () C:\Users\Erwin\AppData\Roaming\url.txt
2014-06-01 18:15 - 2014-06-01 18:15 - 0003584 _____ () C:\Users\Erwin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-17 10:57 - 2015-01-17 10:57 - 0001453 _____ () C:\Users\Erwin\AppData\Local\recently-used.xbel
2015-06-26 04:34 - 2015-06-26 04:34 - 0007609 _____ () C:\Users\Erwin\AppData\Local\Resmon.ResmonCfg

Einige Dateien in TEMP:
====================
C:\Users\Erwin\AppData\Local\Temp\SecurityReviverSetup.exe
C:\Users\Erwin\AppData\Local\Temp\_is18E1.exe
C:\Users\Erwin\AppData\Local\Temp\_is33FB.exe
C:\Users\Erwin\AppData\Local\Temp\_is93BF.exe
C:\Users\Erwin\AppData\Local\Temp\_isB32E.exe
C:\Users\Erwin\AppData\Local\Temp\_isD11E.exe
C:\Users\Erwin\AppData\Local\Temp\_isE91A.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-10-21 23:24

==================== Ende von FRST.txt ============================

--- --- ---

Gruß Guido

Deathkid535 · 07.01.2016, 13:33

Hi,

schaut schon viel besser aus

. Verschlüsselte Daten oder ähnliches hast du hoffentlich nicht?

Schritt # 1: AdwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt # 2: ESET

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt # 3: FRST

Bitte noch ein frisches FRST-Log.

Schritt # 4: Bitte Posten

Das Log von AdwCleaner
Das Log von ESET
Das frische FRST-Log

Jidddooo · 07.01.2016, 23:10

Hallo

hier der AdwClean txt

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v5.028 - Bericht erstellt am 07/01/2016 um 20:17:01
# Aktualisiert am 04/01/2016 von Xplode
# Datenbank : 2016-01-04.2 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Erwin - ERWINFRIESEN
# Gestartet von : C:\Users\Erwin\Desktop\Virus\AdwCleaner_5.028.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****

[-] Dienst Gelöscht : wStLibG64
[-] Dienst Gelöscht : swdumon

***** [ Ordner ] *****

[-] Ordner Gelöscht : C:\Program Files (x86)\RegClean Pro
[-] Ordner Gelöscht : C:\Program Files (x86)\SearchProtect
[-] Ordner Gelöscht : C:\Program Files (x86)\myfree codec
[-] Ordner Gelöscht : C:\Users\Erwin\AppData\Roaming\Systweak

***** [ Dateien ] *****

[-] Datei Gelöscht : C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.driverupdate.net_0.localstorage
[-] Datei Gelöscht : C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.driverupdate.net_0.localstorage-journal
[-] Datei Gelöscht : C:\WINDOWS\SysNative\drivers\swdumon.sys
[-] Datei Gelöscht : C:\WINDOWS\SysWOW64\lavasofttcpservice.dll

***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
[-] Schlüssel Gelöscht : HKLM\System\CurrentControlSet\Services\Eventlog\Application\Util RightSurf
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Schlüssel Gelöscht : HKCU\Software\Classes\CLSID\{CF7C1CEB-1FB1-417F-BB89-821EEBC91A22}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{238C041C-0E51-495E-B7AA-68C6B62F8909}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2A216D95-E4D1-4C17-B06C-9B9F68357F10}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C7333289-3CC2-40DB-98ED-4B5CB281D26F}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A4F32137-598E-41B6-B601-9965084C8F08}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{238C041C-0E51-495E-B7AA-68C6B62F8909}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2A216D95-E4D1-4C17-B06C-9B9F68357F10}
[-] Schlüssel Gelöscht : HKCU\Software\APN PIP
[-] Schlüssel Gelöscht : HKCU\Software\distromatic
[-] Schlüssel Gelöscht : HKCU\Software\Myfree Codec
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
[-] Schlüssel Gelöscht : HKCU\Software\simplytech
[-] Schlüssel Gelöscht : HKCU\Software\Kromtech
[-] Schlüssel Gelöscht : HKCU\Software\AppDataLow\RightSurf
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\SpeedBit
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\AIM Toolbar
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\InetStat
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\usenext.softonic.de

***** [ Internetbrowser ] *****

[-] [C:\Users\Erwin\AppData\Roaming\Mozilla\Firefox\Profiles\oa81718n.default-1424800036395\prefs.js] [Preference] Gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");

*************************

:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [6122 Bytes] ##########

--- --- ---

[/CODE]

hier der ESET.log

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=337cc7f6d635194fb246ee3ab0312caa
# end=init
# utc_time=2016-01-07 07:22:34
# local_time=2016-01-07 08:22:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 27537
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=337cc7f6d635194fb246ee3ab0312caa
# end=updated
# utc_time=2016-01-07 07:27:31
# local_time=2016-01-07 08:27:31 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=337cc7f6d635194fb246ee3ab0312caa
# engine=27537
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-01-07 09:55:08
# local_time=2016-01-07 10:55:08 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1292 16777213 100 100 12993 83681730 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 85 12813628 15993278 0 0
# scanned=327265
# found=116
# cleaned=0
# scan_time=8856
sh=4E625E1536AE21EF16121F600E6D2CD519A78F88 ft=1 fh=f22fcd0c28258089 vn="Variante von Win32/Packed.Komodia.A verdÃ¤chtige Datei" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\SysWOW64\lavasofttcpservice.dll.vir"
sh=24579085F65362AB4A2537FE4F288FF100A4B3E6 ft=1 fh=3d69c2bf6aafb9bd vn="Mehrere Bedrohungen" ac=I fn="C:\FRST\Quarantine\C\Users\Erwin\AppData\Roaming\loadit.exe.xBAD"
sh=6E0F88C9C2B032C3506C597AA97416CFEE1C7B16 ft=0 fh=0000000000000000 vn="Variante von Win32/AdWare.Adpeak.I Anwendung" ac=I fn="C:\temp\t.msi"
sh=3CF7D311C8FB04CD7366CFF1059CD1E4DD00278B ft=1 fh=2ddb2024a8e35c63 vn="Variante von Win32/UniBlue.F evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Erwin\AppData\Local\Microsoft\Windows\FileHistory\Data\4598\C\Users\Erwin\Desktop\Favorites\Downloads\pcmechanicpm.exe"
sh=B1DF8A70212813F3742BEADF3CF8A1021F49266C ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\AppData\Local\Microsoft\Windows\FileHistory\Data\4606\C\Users\Erwin\Documents\UseNeXT\JuliaHerz Telefonsex mit Versicherungsangestellten (2).rar"
sh=4A816FC49328AA8237004838A50977259A0792DA ft=0 fh=0000000000000000 vn="Variante von MSIL/Kryptik.BLB Trojaner" ac=I fn="C:\Users\Erwin\AppData\Local\Microsoft\Windows\FileHistory\Data\4606\C\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica.voyeurism\2 FKK Girls im Pool.rar"
sh=8C6590998CEB013F06A265C24B1272472C764F7F ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\AppData\Local\Microsoft\Windows\FileHistory\Data\4606\C\Users\Erwin\Documents\UseNeXT\alt.binaries.nl\CaroCream Der etwas andere Telefonsex.rar"
sh=4FB8D30930E90AA24F04EF3D37A25A178154FEE7 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\AppData\Local\Microsoft\Windows\FileHistory\Data\4606\C\Users\Erwin\Documents\UseNeXT\alt.binaries.nl\Geschwister denken nur an das eine sobald eltern aus haus sind wildloses rum gef.rar"
sh=44A75978A3891E5B334BCF93A07E28C29E3E661A ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\AppData\Local\Microsoft\Windows\FileHistory\Data\4606\C\Users\Erwin\Documents\UseNeXT\alt.binaries.nl\Inzest Die Mutter Der Apfel flt nicht weit vom Stamm Dies zeigen Mutter und T.rar"
sh=23BE725DE0B718CC248A16281B948097001C557F ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\AppData\Local\Microsoft\Windows\FileHistory\Data\4606\C\Users\Erwin\Documents\UseNeXT\alt.binaries.nl\Sohn FamilienVater bestellen Hobby nutte Mutter die mit der 18j Tochter kommt .rar"
sh=A03ECBE506850080B965A142F200B216583FA0EC ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.IQI Trojaner" ac=I fn="C:\Users\Erwin\AppData\Local\Microsoft\Windows\FileHistory\Data\4606\C\Users\Erwin\Documents\UseNeXT\alt.binaries.pictures.erotica\fkk big boobs.rar"
sh=A6E731D4CC064A074635E12894AF87469A0FEE51 ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.GPS Trojaner" ac=I fn="C:\Users\Erwin\AppData\Local\Microsoft\Windows\FileHistory\Data\4606\C\Users\Erwin\Documents\UseNeXT\alt.binaries.pictures.erotica.breasts.saggy\Geile Nutten live beim Telefonsex.rar"
sh=A6097EEBA3450635DE57BDC48CD22EAA6A8B82E2 ft=0 fh=0000000000000000 vn="Variante von MSIL/TrojanDropper.Agent.BCM Trojaner" ac=I fn="C:\Users\Erwin\AppData\Local\Microsoft\Windows\FileHistory\Data\4606\C\Users\Erwin\Documents\UseNeXT\alt.binaries.u-4all\Die BrÃ¼cke nach Terabithia.rar"
sh=5D295FE4CCC1330582B4953AED9F35A7C2BBF640 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\AppData\Local\Microsoft\Windows\FileHistory\Data\4606\C\Users\Erwin\Documents\UseNeXT\alt.binaries.uzenet\2 Geschwister ficken ihren Reichen stiefdaddy fr taschengeld um shoppen zu gehen.rar"
sh=4C713D9D136391308AFC49D88672DC966DFB1AF9 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\AppData\Local\Microsoft\Windows\FileHistory\Data\4606\C\Users\Erwin\Documents\UseNeXT\alt.binaries.uzenet\Mutter schiebt der 18j tochter ein dildo in die fotze damit sie erfahrung macht .rar"
sh=5625DC408BBBE78847B3CC1513FA2C1F8A95EA6D ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\AppData\Local\Microsoft\Windows\FileHistory\Data\4606\C\Users\Erwin\Documents\UseNeXT\alt.binaries.uzenet\Nachbarin wird vom Vermieter zum sex gezwungen sonst fliegt sie aus der wohnung .rar"
sh=94164025B5474A53DB714F14FEC66B0A09B1E4C6 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\AppData\Local\Microsoft\Windows\FileHistory\Data\4606\C\Users\Erwin\Documents\UseNeXT\alt.binaries.uzenet\Sohn FamilienVater bestellen Hobby nutte Mutter die mit der 18j Tochter kommt .rar"
sh=61DA4F8FAB37C828F205DCAEBAC02F06988C3034 ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.IQI Trojaner" ac=I fn="C:\Users\Erwin\AppData\Local\Microsoft\Windows\FileHistory\Data\4606\C\Users\Erwin\Documents\UseNeXT\alt.binaries.warez.ibm-pc\2 FKK Girls im Pool.rar"
sh=7C61848A4D99B4A20407C7DAFEA237601B98EAF6 ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.FDT Trojaner" ac=I fn="C:\Users\Erwin\AppData\Local\Microsoft\Windows\FileHistory\Data\4606\C\Users\Erwin\Documents\UseNeXT\alt.binaries.warez.ibm-pc.german\_ On the Road 2012 HDRip.rar"
sh=24579085F65362AB4A2537FE4F288FF100A4B3E6 ft=1 fh=3d69c2bf6aafb9bd vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\AppData\Local\Microsoft\Windows\INetCache\IE\TNANM5UU\loadit[1].exe"
sh=11D35FC2BF64657AAEB951B71E286E779163B3D6 ft=1 fh=6d25d798aea42b9b vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Erwin\AppData\Local\Temp\SecurityReviverSetup.exe"
sh=B1DF8A70212813F3742BEADF3CF8A1021F49266C ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\JuliaHerz Telefonsex mit Versicherungsangestellten (2).rar"
sh=2D4C8F84C9EDC5A8C8DB415C5A690A24CE357421 ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.GPS Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.barefoot\Strassenflirts.rar"
sh=0D02AFF477A39C2D15BAD50F9F3CFFA4487A7B56 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.de\REAL INCEST Mutter Tochter und Vater kommt vorbei.rar"
sh=57E1C7C0D0CA3ED89A059A7934715E94064209E0 ft=0 fh=0000000000000000 vn="Variante von Win32/Injector.BMDO Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.de\Strassenflirts.72.German.XXX.DVDRiP.x264-TattooLovers.rar"
sh=A708BAEA6192521BE9E7EA479B2EE0A1E4A94938 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.de\Versaute Mutter peppelt das Liebeslebens 18j Tochter auf indem sie ihren Freund .rar"
sh=CF83ACF687E8AA442BFBEBE277F025C40AA970B1 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.deutsch\Deutsche Blondine wird vom Vermieter beim Baden berrascht der unbedingt die Miet.rar"
sh=D00FD3C8052567C3EC4FBBC364BB53A9974F1908 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.deutsch\Klinik Vom Doktor ausgenutzt Horny Heaven.rar"
sh=B4E86F3794A196EBB2A843F31E0D8D45652388EF ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.deutsch\Mutter und Sohn gnnen sich einen Fick.rar"
sh=F6E98F41EA7E88D88C4573B144000DF53FE29942 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.deutsch\Mutter und Tochter gehen zusammen anschaffen und lassen sich in alle Lscher fick.rar"
sh=C4B2575E0939E160A8C5A9FCD9798751244BC62D ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.deutsch\Mutter und Tochter vernaschen Jungen Bengel.rar"
sh=BFA82B501DCEABE302875D81749F0EB070530243 ft=0 fh=0000000000000000 vn="Variante von MSIL/TrojanDropper.Agent.BCM Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.deutsch\Realgar Auriloquio (2009).rar"
sh=DAAE1B82919F27BB925D1351DAD6C447B326F306 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.deutsch\Se Studentin bezahlt Ihren Vermieter.rar"
sh=1BE190341A892A40FAFEF36ED44AA9A525717F09 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.deutsch\Strenge mutter Erwischt Tochter und Freund im Ehebett der Mutter und fickt Unerw.rar"
sh=4A816FC49328AA8237004838A50977259A0792DA ft=0 fh=0000000000000000 vn="Variante von MSIL/Kryptik.BLB Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.erotica\2 FKK Girls im Pool.rar"
sh=078CDCD44C6A9B9D38B59E799FAAE73637B4CDAD ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.erotica\Heie Mutter erwischt ihren Sohn beim wixxen.rar"
sh=4379659BA163692BC1679405071D35A67880D1C8 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.erotica\Inzest Skandale Verbotenes Familienficken.rar"
sh=16311040F77EE1AAB7CDB18D1FBFC0ABD35EEEC8 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Autoit.R verdÃ¤chtige Datei" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.erotica\Klinik Maedchen Zum ersten Mal beim Frauenarzt.rar"
sh=D55530D6456B5EB0B84D71378AAFB5F028C4BED0 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.erotica\Milf Mutter spreitzt die Beine fr nen Fick mit Sohn ihres Freundes.rar"
sh=AFC642016D3CEDE481AE41760EC43F824136E02A ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.erotica\Mit Krankenschwester Pueppy wird es nie langweilig.rar"
sh=C227CFF8871DDD9A161DFE847929BE2AD844244E ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.erotica\Real Incest 2 geile Schwestern.rar"
sh=054CD8746FA2B220A868DAD91785ED0237654B47 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.erotica\REAL INCEST BruderSchwesterMutter.rar"
sh=ADAC63143FDCFCFD9C9D305122A58B95A864234F ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.erotica\Strassenflirts.80.German.XXX.DVDRip.x264-CiCXXX.rar"
sh=73F322B134A6A4EF4E4D6CA94B28DB147191DBA9 ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.IGV Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.erotica.divx\Amateur Germany - amateurcommunity.de - 2_Supermuschis - Der Anal Praktikant.rar"
sh=AD5E9205B54ECAA724A7CA30231F972A35842BF9 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.erotica.divx\Incest Dream Mother Forbidden Son Swap 2012 DVDRip.rar"
sh=556C9D4E191C185F2C268408ABCE845A7F69DAE3 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.erotica.divx\Mother and Son best incest 296.rar"
sh=50200D87D15DA95F8A6C4E859EB16E2463FBA0DA ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.erotica.divx\Mutter erwischt Sohn beim wixxen.rar"
sh=F9BE241CBC951EBA0C41C5F100B7476A51E2E4D6 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.erotica.divx\Tochter und Muter ficken mit Bruder und Vater.rar"
sh=4A816FC49328AA8237004838A50977259A0792DA ft=0 fh=0000000000000000 vn="Variante von MSIL/Kryptik.BLB Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.erotica.female\2 FKK Girls im Pool.rar"
sh=6FFCC55FC88906EA8DF14DAB6AED33BA62731E0B ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.GPS Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.erotica.pornstars.80s\Blondine will Sperma schlucken.rar"
sh=4FCD58A4E9BAF96792E75D48B6A849C0C90FF9E0 ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.CSD Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.mom\Strassenflirts.72.German.XXX.DVDRiP.x264-TattooLovers.rar"
sh=57D33D1DC199E1D507E7756B46F410A0E7D5EACA ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.movies\Als mir der Vermieter nen Zwangsentrmpeler schickt bekomme ich Panik Um nicht.rar"
sh=649DF6C48AF640CAFCF1CB15F7C888BFAE8C3819 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.movies\Oma ficken Inzest Sohn.rar"
sh=B70376F10AA45FE169DAA86711ADA356F5FE35BF ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.movies\Real Incest Vater und Tochter.rar"
sh=D42638969EA6C67430A1F43426E090E769D6A2CA ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.movies\Reife Deutsche Weiber bestellen sich 3 Callboys nach Hauser weil ihre Mnner sie  (2).rar"
sh=4CC3E932571AB5B709F3F2FCCB14C487CE3EBF7C ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.movies\Reife Deutsche Weiber bestellen sich 3 Callboys nach Hauser weil ihre Mnner sie .rar"
sh=4E41188E9C8EA4215B0AD097C6480914FFA6C50D ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.movies\Telefonsex mit Versicherungsangestellten.rar"
sh=CD05C35B677A8DF644D5C70D85130CD1A265FDC2 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.movies\Whrend er Telefonsex mit seiner Freundin macht blst und fickt ihn die geile Deut (2).rar"
sh=CD05C35B677A8DF644D5C70D85130CD1A265FDC2 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.movies\Whrend er Telefonsex mit seiner Freundin macht blst und fickt ihn die geile Deut.rar"
sh=1D6E5DA2C3B079081A811E2D96D2272801497A28 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia\Mutter verfhrt Sohn und wird vollgespritzt.rar"
sh=8A1BEB89483C7D398D89EC300B45FB015308C3D7 ft=0 fh=0000000000000000 vn="Variante von MSIL/Kryptik.CVR Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia\Strassenflirts 80 (2015) (COMPRESSED).rar"
sh=E44433930F6B711A9092D85A09EB9C635B71B516 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica\Inzest Die Mutter Der Apfel flt nicht weit vom Stamm Dies zeigen Mutter und T.rar"
sh=36DCE88F90AE5DF7D8340F7F40DDB88E9A433E46 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica\Inzest Skandale Verbotenes Familienficken.rar"
sh=B4BC4D91914913ED6B525AA723F90019F55A63A0 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica\Rassige geile Mutter bringt ihrer 18j tochter das richtige ficken mit ihren Jung.rar"
sh=F3A66EF2DB989588EF7AF1C6F43408FF0D89527B ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica\Real Incest Vater und Tochter.rar"
sh=6E48ED9CE520E7DFCE6160AE18083BA7E4B3FEA2 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica\Telefonsex (2).rar"
sh=6E48ED9CE520E7DFCE6160AE18083BA7E4B3FEA2 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica\Telefonsex.rar"
sh=B195ED29E4F7CF897FA3E57EC773876BBCFCBF81 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica\Whrend er Telefonsex mit seiner Freundin macht blst und fickt ihn die geile Deut (2).rar"
sh=34B7EDD5BE714921ADD06B017D93E744E7DA545C ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica\Whrend er Telefonsex mit seiner Freundin macht blst und fickt ihn die geile Deut.rar"
sh=5029E910BBCE9EE7B797221CE7198419B50A7320 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica\Zwei Sex hungrige Blonde Krankenschwestern verfhren den Chefarzt.rar"
sh=09EFA8ECCB626318EDAF1C33914C6E0AE18E5085 ft=0 fh=0000000000000000 vn="MSIL/Arcdoor.AK Wurm" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica.asian\Geile Nutten live beim Telefonsex.rar"
sh=B08D83270A0C6FB544C8AAE18553DC279CF59B01 ft=0 fh=0000000000000000 vn="Variante von Win32/TrojanDownloader.Autoit.NNL Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica.lesbians\18jhrige Teenie Maus hat Sex und geniesst es auch Anal.rar"
sh=341CC621472598A9B19AF9F4A287C9954DFF5F5A ft=0 fh=0000000000000000 vn="Variante von Win32/TrojanDownloader.Autoit.NNL Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica.lesbians\2 Lesbische Mitschuelerinnen auf der Klassenfahrt nackt im Bad gefilmt und geil .rar"
sh=530252F07A39099513EE48D9100B3473262A9B25 ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.GPS Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica.lesbians\Amateur - 19 J. Christine dreht ihren ersten Pornofilm.rar"
sh=4A0F614A354F6C82D0FCFA171057060F247BB4D1 ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.GPS Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica.lesbians\Amateur - Burschen fickt die Nachbarin in den Arsch.rar"
sh=1D41E6C60D1C8566834080018AD3F93513A090AD ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.GPS Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica.lesbians\Blonde Haussklavin erzogen.rar"
sh=5105975DE765DD9F0A76BACA12DEDF35F6155914 ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.GPS Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica.lesbians\Blonder Nachwuchs aus Budapest will unbedingt zum Film XxX.rar"
sh=3FA5DF06082E3D1B42E3567CEBCADBDF298B559B ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.GPS Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica.lesbians\Deutsche Blonde Sau wichst mich hart.rar"
sh=2E3FCCC3FB88B1E80CD464F5FFF7C73755087757 ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.GPS Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica.lesbians\Deutsche Ehefrau macht Gangbang im Hotel mit.rar"
sh=032940D31B82096F24E3CB92D068D3D791EE155D ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.GPS Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica.lesbians\Deutsche kurzhaarige Granny braucht ihren Sex.rar"
sh=3AE9E2026766CB67E9A8758F30530C11B73E7EE2 ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.GPS Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica.lesbians\Deutscher Onkel fickt seine Nichte kostenlos.rar"
sh=3893A945B8D81FBB1A4C0F4FB7FCA96CA8ED4CB2 ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.GPS Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica.lesbians\Deutsches Webcam Girl mit super Arsch.rar"
sh=EDB714B78C24707E866B69A0AB4588C74868EFA9 ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.GPS Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica.lesbians\Die beiden Schoenheiten haben Sex Abenteuer fur ihren Hintern gefunden.rar"
sh=00A0F43FC55845AA970EBD5B908FA7943D089734 ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.GPS Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica.lesbians\Die wohl geilsten Titten der Welt.rar"
sh=D3194D40246DC7741AE1B8ACF7298B70D94D39CC ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.GPS Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica.lesbians\Drei extrem wilde Frauen beschaeftigen einen Mann XXX.rar"
sh=FB8089AF7A3A013B0A119ADF3026AA3AA53FA65E ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.GPS Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica.lesbians\Einfach nur Ficken.rar"
sh=E6FEA9E47F461E962F3C5D4E5C8B3894ADE35216 ft=0 fh=0000000000000000 vn="Variante von Win32/TrojanDownloader.Autoit.NNL Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica.lesbians\Family Seductions Get playful with Mommy.rar"
sh=8EF1213AA0B49DB0098A8F45DA094D1847980941 ft=0 fh=0000000000000000 vn="Variante von Win32/TrojanDownloader.Autoit.NNL Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica.lesbians\First time foot fisting in the ass Roxy Alysha.rar"
sh=5EBE6A8D42CB4B57F65371E2AAFCD4E683A981FF ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.GPS Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica.lesbians\Hausmuttis und ihre Notgeilen Toechter.rar"
sh=205084F846AE2D18E1D7ABF96507D0713FC097B0 ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.GPS Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica.lesbians\Private lebende Wichsvorlage.rar"
sh=B10AEEE7583B449A08CEDC10C8B3C28ED5870B5A ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.GPS Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica.lesbians\Reife blonde Mutter steht auf junge harte Schwaenze im Bett.rar"
sh=03E6BCEB05131493DBD806A6B18E4D49BF54F5A9 ft=0 fh=0000000000000000 vn="MSIL/Arcdoor.AO Wurm" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica.lesbians\Schlafendes Teen zum Sex gezwungen.rar"
sh=2354BE87E408E7B4BA500683493D0DD4B6572946 ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.GPS Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica.lesbians\Schwester und Mutter in den Arsch gefickt.rar"
sh=810EDD6583B176ED83BF18F4469892F14F965632 ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.GPS Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica.lesbians\Was mit Lesbensex beginnt.rar"
sh=4A816FC49328AA8237004838A50977259A0792DA ft=0 fh=0000000000000000 vn="Variante von MSIL/Kryptik.BLB Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.multimedia.erotica.voyeurism\2 FKK Girls im Pool.rar"
sh=8C6590998CEB013F06A265C24B1272472C764F7F ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.nl\CaroCream Der etwas andere Telefonsex.rar"
sh=4FB8D30930E90AA24F04EF3D37A25A178154FEE7 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.nl\Geschwister denken nur an das eine sobald eltern aus haus sind wildloses rum gef.rar"
sh=44A75978A3891E5B334BCF93A07E28C29E3E661A ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.nl\Inzest Die Mutter Der Apfel flt nicht weit vom Stamm Dies zeigen Mutter und T.rar"
sh=23BE725DE0B718CC248A16281B948097001C557F ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.nl\Sohn FamilienVater bestellen Hobby nutte Mutter die mit der 18j Tochter kommt .rar"
sh=A03ECBE506850080B965A142F200B216583FA0EC ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.IQI Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.pictures.erotica\fkk big boobs.rar"
sh=A6E731D4CC064A074635E12894AF87469A0FEE51 ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.GPS Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.pictures.erotica.breasts.saggy\Geile Nutten live beim Telefonsex.rar"
sh=A6097EEBA3450635DE57BDC48CD22EAA6A8B82E2 ft=0 fh=0000000000000000 vn="Variante von MSIL/TrojanDropper.Agent.BCM Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.u-4all\Die BrÃ¼cke nach Terabithia.rar"
sh=5D295FE4CCC1330582B4953AED9F35A7C2BBF640 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.uzenet\2 Geschwister ficken ihren Reichen stiefdaddy fr taschengeld um shoppen zu gehen.rar"
sh=4C713D9D136391308AFC49D88672DC966DFB1AF9 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.uzenet\Mutter schiebt der 18j tochter ein dildo in die fotze damit sie erfahrung macht .rar"
sh=5625DC408BBBE78847B3CC1513FA2C1F8A95EA6D ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.uzenet\Nachbarin wird vom Vermieter zum sex gezwungen sonst fliegt sie aus der wohnung .rar"
sh=94164025B5474A53DB714F14FEC66B0A09B1E4C6 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.uzenet\Sohn FamilienVater bestellen Hobby nutte Mutter die mit der 18j Tochter kommt .rar"
sh=61DA4F8FAB37C828F205DCAEBAC02F06988C3034 ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.IQI Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.warez.ibm-pc\2 FKK Girls im Pool.rar"
sh=7C61848A4D99B4A20407C7DAFEA237601B98EAF6 ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.FDT Trojaner" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\alt.binaries.warez.ibm-pc.german\_ On the Road 2012 HDRip.rar"
sh=B042DCDC19B4C2C726D92416BDE0355BF73AE0F4 ft=1 fh=c71c0011e34b843d vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\wizard\Mutter schiebt der 18j tochter ein dildo in die fo\Mutter schiebt der 18j tochter ein dildo in die fotze damit sie erfahrung macht .exe"
sh=879727B8E1303641E1524AEED846A3409D2D115E ft=1 fh=c71c0011dc576030 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\wizard\Rassige geile Mutter bringt ihrer 18j tochter das\Rassige geile Mutter bringt ihrer 18j tochter das richtige ficken mit ihren Jung.exe"
sh=879727B8E1303641E1524AEED846A3409D2D115E ft=1 fh=c71c0011dc576030 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\wizard\Rassige geile Mutter bringt ihrer 18j tochter das (2)\Rassige geile Mutter bringt ihrer 18j tochter das richtige ficken mit ihren Jung.exe"
sh=3F897B93E8E5B386B2A5535547958FA01B63D528 ft=1 fh=c71c001153aaf031 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Erwin\Documents\UseNeXT\wizard\Versaute Mutter peppelt das Liebeslebens 18j Tocht\Versaute Mutter peppelt das Liebeslebens 18j Tochter auf indem sie ihren Freund .exe"
sh=0A424791F99F9B1D1406511CE630E1B51832DDE7 ft=1 fh=e1d6163059729c0a vn="Variante von Win64/Packed.Komodia.A verdÃ¤chtige Datei" ac=I fn="C:\Windows\System32\LavasoftTcpService64.dll"
sh=7746C316F45CDD06545188CC7959564DD4E8B58D ft=0 fh=0000000000000000 vn="Variante von MSIL/Kryptik.OI Trojaner" ac=I fn="D:\$RECYCLE.BIN\S-1-5-21-681885862-1274788781-1503667042-1001\$RNR5SX3.barefoot\Perfekt gebaute blonde Hure.rar"
sh=F80223F4720915834484BD3EFB61350631A5C8D6 ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Autoit.NNL Trojaner" ac=I fn="D:\UserNext_neu\alt.binaries.mom.xxx\German - Junge Deutsche Mutter posiert und wird hart gefickt\German - Junge Deutsche Mutter posiert und wird hart gefickt.rar"
sh=6900F2AE17FE8899AC15DBDA491D6E185C164CD8 ft=0 fh=0000000000000000 vn="Variante von Win32/TrojanDownloader.Autoit.NNL Trojaner" ac=I fn="D:\UserNext_neu\alt.binaries.movies.french.xxx\PublicSexAdventures Extreme Sex in a Quiet Park Angelica -..VIRUS\PublicSexAdventures Extreme Sex in a Quiet Park Angelica.rar"

und hier der frische FRST.log

FRST Logfile:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
durchgeführt von Erwin (Administrator) auf ERWINFRIESEN (07-01-2016 23:08:36)
Gestartet von C:\Users\Erwin\Desktop\Virus
Geladene Profile: Erwin (Verfügbare Profile: Erwin)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Agenda Informationssysteme GmbH & Co. KG) C:\AGENDA\WINUPDATE\PROG\UpdateDownload.exe
(Agenda Informationssysteme GmbH & Co. KG) C:\AGENDA\WINUPDATE\PROG\UpdateUpdater.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Users\Erwin\AppData\Local\Temp\TeamViewer\TeamViewer_Service.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Extended\ADS11.10\Server\ads.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDFViewerPlus\pdfPro5Hook.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMSpeed.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [PPort12reminder] => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDFViewerPlus\pdfpro5hook.exe [1369376 2010-02-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDFViewerPlus\RegistryController.exe [62752 2010-02-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [zinit32] => C:\WINDOWS\ZInit32.exe
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [196648 2014-09-26] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [PMSpeed9.32.10] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.32\PMSpeed.EXE [125248 2013-09-26] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-06-01] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-06-01] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1055\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\...\Run: [Agenda-Arbeitsplatz] => C:\AGENDA\AgendaAP\PROG\agendaap32.exe
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\...\Run: [w1Synt] => C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe [32768 2014-05-27] (Microsoft Corporation)
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1193176 2013-04-06] ()
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1566016 2015-07-27] (Samsung)
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMBE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{1059EEBE-3540-4DA8-AC38-0B44013244B7}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.de/
HKU\S-1-5-21-681885862-1274788781-1503667042-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-681885862-1274788781-1503667042-1001 -> DefaultScope {310915E3-B627-42E5-84D8-008D3D3E0523} URL = 
SearchScopes: HKU\S-1-5-21-681885862-1274788781-1503667042-1001 -> {310915E3-B627-42E5-84D8-008D3D3E0523} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-08-20] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-16] (Kaspersky Lab ZAO)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-08-20] (Kaspersky Lab ZAO)
BHO: Kein Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> Keine Datei
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => Keine Datei
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-08-20] (Kaspersky Lab ZAO)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-08-20] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-16] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-08-20] (Kaspersky Lab ZAO)
BHO-x32: Kein Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> Keine Datei
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-08-20] (Kaspersky Lab ZAO)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  Keine Datei
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  Keine Datei
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  Keine Datei
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Erwin\AppData\Roaming\Mozilla\Firefox\Profiles\oa81718n.default-1424800036395
FF Homepage: hxxps://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [Keine Datei]
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-26] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [Keine Datei]
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: WEB.DE MailCheck - C:\Users\Erwin\AppData\Roaming\Mozilla\Firefox\Profiles\oa81718n.default-1424800036395\extensions\mailcheck@web.de [2015-08-13]
FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-08-24] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-12-16] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-16] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-12-16] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-12-16] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-12-16] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-05-09] [ist nicht signiert]

Chrome: 
=======
CHR Profile: C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-21]
CHR Extension: (Google Docs) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-21]
CHR Extension: (Google Drive) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30]
CHR Extension: (Kaspersky Protection) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2015-06-21]
CHR Extension: (YouTube) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-05]
CHR Extension: (Google-Suche) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2015-06-21]
CHR Extension: (Google Tabellen) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-21]
CHR Extension: (Avira Browserschutz) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-12-22]
CHR Extension: (Google Docs Offline) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-23]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-05]
CHR Extension: (Google Mail) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-21]
CHR Extension: (Anti-Banner) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2015-06-21]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Advantage; C:\Program Files (x86)\Extended\ADS11.10\Server\ADS.EXE [3538944 2013-07-25] (iAnywhere Solutions, Inc.) [Datei ist nicht signiert]
R2 AgendaUpdate; C:\AGENDA\WinUpdate\Prog\updatedownload.exe [1439848 2013-11-05] (Agenda Informationssysteme GmbH & Co. KG)
R2 AgendaUpdater; C:\AGENDA\WinUpdate\Prog\updateupdater.exe [979048 2013-11-05] (Agenda Informationssysteme GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-09] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-09-08] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1055\G2AC_Service.exe [309568 2015-03-05] (Citrix Online, a division of Citrix Systems, Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [Datei ist nicht signiert]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
S2 KMService; C:\WINDOWS\SysWOW64\srvany.exe [8192 2003-04-18] () [Datei ist nicht signiert]
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [64552 2014-08-14] (Haufe-Lexware GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
R2 SageDB 5.0; C:\Program Files (x86)\Sage\SageDB 5.0\bin\mysqld-nt.exe [5685248 2011-07-18] () [Datei ist nicht signiert]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 TeamViewer; c:\users\erwin\appdata\local\temp\teamviewer\TeamViewer_Service.exe [4175632 2015-04-17] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 KiesAllShare; C:\Program Files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe [X]
S2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-08-20] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-08-20] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-08-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-08-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2015-06-04] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-08-20] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-07-29] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-08-20] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-07] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 pccsmcfd; \SystemRoot\system32\DRIVERS\pccsmcfdx64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-01-07 20:22 - 2016-01-07 20:22 - 00000000 ____D C:\Program Files (x86)\ESET
2016-01-07 20:11 - 2016-01-07 20:17 - 00000000 ____D C:\AdwCleaner
2016-01-06 20:09 - 2016-01-06 20:20 - 00234938 _____ C:\TDSSKiller.3.1.0.9_06.01.2016_20.09.22_log.txt
2016-01-06 20:07 - 2016-01-07 23:03 - 00000000 ____D C:\Users\Erwin\Desktop\Virus
2016-01-06 19:15 - 2016-01-06 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-01-06 19:15 - 2016-01-06 19:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-05 20:21 - 2016-01-05 20:21 - 00000000 ___HD C:\$WINDOWS.~BT
2016-01-04 18:48 - 2016-01-07 23:08 - 00000000 ____D C:\FRST
2015-12-31 10:51 - 2015-12-31 10:53 - 00122662 _____ C:\WINDOWS\ntbtlog.txt
2015-12-31 10:41 - 2015-12-31 10:41 - 4172198784 _____ C:\WINDOWS\MEMORY.DMP
2015-12-28 22:52 - 2015-12-28 22:52 - 00002306 _____ C:\Users\Erwin\Desktop\Sicherer Zahlungsverkehr.lnk
2015-12-27 09:26 - 2015-12-27 09:26 - 00000000 ____D C:\ProgramData\Adobe
2015-12-27 09:16 - 2015-12-27 09:16 - 00000000 ____D C:\ProgramData\EgisTec
2015-12-27 03:13 - 2015-12-27 03:13 - 00000000 ____D C:\ProgramData\EgisTec IPS
2015-12-27 03:04 - 2016-01-07 20:19 - 00000000 ____D C:\ProgramData\TEMP
2015-12-27 03:03 - 2015-12-27 03:07 - 00000000 ____D C:\ProgramData\OEM
2015-12-27 00:52 - 2016-01-05 20:30 - 00000000 ____D C:\ProgramData\Lexware
2015-12-27 00:08 - 2015-12-27 00:08 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2015-12-26 07:14 - 2015-05-21 07:02 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2015-12-26 07:14 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2015-12-21 02:44 - 2015-12-21 02:44 - 00000000 ____D C:\Users\Erwin\AppData\Local\ProductivityBoss_e5
2015-12-21 02:44 - 2015-12-21 02:44 - 00000000 ____D C:\Users\Erwin\AppData\Local\Downloaded Installers
2015-12-15 02:08 - 2015-12-15 02:08 - 00001847 _____ C:\Users\Erwin\Desktop\UseNeXT.lnk
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SETD967.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SETAD84.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SETA91B.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SETA63C.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SETA477.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SETA1C8.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET9FF3.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET9D63.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET9B4F.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET99D8.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET97C5.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET969C.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET94F6.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET93BE.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET91DA.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET8F1A.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET8CE8.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET875A.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET8585.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET845C.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET823A.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET80C3.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET7E23.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET7CBB.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET78FD.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET77D9.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET765E.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET7559.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET73DD.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET7365.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET70EF.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET70E4.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6F2F.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6EFB.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6C9E.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6C4B.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6ACA.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6A38.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET682A.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6825.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6655.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET65E3.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET63C5.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6278.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET61A2.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET6026.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET5F02.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET5D96.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET5C72.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET5B63.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET59A3.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET58D3.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET57BF.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET56CF.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET5686.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET54B1.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET53D2.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET52EC.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET50C5.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET50BA.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET4EE5.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET4C7F.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET4A22.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET48C6.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET486D.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET4679.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET43AA.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET41D5.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET3EE7.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET3B5D.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET389E.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET36B9.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET3477.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET32B2.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET30BE.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET2E1E.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET2BEC.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET298A.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET2506.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET22D4.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET217C.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET1F1B.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET1DD2.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET1B33.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET19EA.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET17F6.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET1651.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET13FF.tmp
2015-12-13 21:27 - 2015-05-21 07:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET1249.tmp
2015-12-13 15:35 - 2015-12-13 15:35 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-12-13 15:27 - 2015-12-13 15:27 - 00001968 _____ C:\Users\Public\Desktop\Samsung Kies.lnk
2015-12-13 15:27 - 2015-12-13 15:27 - 00000000 ____D C:\Users\Erwin\AppData\Local\Samsung
2015-12-13 15:26 - 2013-06-21 01:07 - 00103448 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET73DA.tmp
2015-12-13 15:26 - 2013-06-21 01:07 - 00103448 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\SET449D.tmp
2015-12-13 15:23 - 2013-07-18 14:33 - 04659712 _____ (Dmitry Streblechenko) C:\WINDOWS\SysWOW64\Redemption.dll
2015-12-13 15:23 - 2013-07-18 14:32 - 00821824 _____ (Devguru Co., Ltd.) C:\WINDOWS\SysWOW64\dgderapi.dll
2015-12-13 15:20 - 2015-12-13 15:20 - 00000000 ____D C:\Users\Erwin\AppData\Local\Downloaded Installations
2015-12-09 05:41 - 2015-11-05 09:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-09 05:40 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-09 05:40 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-09 05:40 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-12-09 05:40 - 2015-11-11 16:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-12-09 05:40 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-09 05:40 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-12-09 05:40 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-09 05:40 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-12-09 05:40 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-09 05:40 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-09 05:40 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-09 05:40 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-09 05:40 - 2015-11-10 00:41 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-12-09 05:40 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-12-09 05:40 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-09 05:40 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-09 05:40 - 2015-11-10 00:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-09 05:40 - 2015-11-10 00:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-12-09 05:40 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-09 05:40 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-09 05:40 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-12-09 05:40 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-09 05:40 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-09 05:40 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-09 05:40 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-09 05:40 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-09 05:40 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-12-09 05:40 - 2015-11-08 22:32 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-12-09 05:40 - 2015-11-08 22:25 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-12-09 05:40 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-12-09 05:40 - 2015-11-08 22:16 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-09 05:40 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-09 05:40 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-09 05:40 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-09 05:40 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-09 05:40 - 2015-11-08 21:53 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-12-09 05:40 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-09 05:40 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-09 05:40 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-12-09 05:39 - 2015-11-22 07:59 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-09 05:39 - 2015-11-22 07:59 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-09 05:39 - 2015-11-22 07:59 - 01659568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-12-09 05:39 - 2015-11-22 07:59 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-12-09 05:39 - 2015-11-22 07:59 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-12-09 05:39 - 2015-11-22 07:59 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-12-09 05:39 - 2015-11-22 07:58 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-09 05:39 - 2015-11-21 19:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-12-09 05:39 - 2015-11-21 18:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-12-09 05:39 - 2015-11-21 17:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-09 05:39 - 2015-11-21 17:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-09 05:39 - 2015-11-21 17:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-09 05:39 - 2015-11-21 17:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-09 05:39 - 2015-11-20 23:47 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-09 05:39 - 2015-11-20 19:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-09 05:39 - 2015-11-20 17:58 - 03706880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-09 05:39 - 2015-11-20 17:47 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-12-09 05:39 - 2015-11-20 17:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-12-09 05:39 - 2015-11-20 17:44 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-12-09 05:39 - 2015-11-20 17:44 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-12-09 05:39 - 2015-11-20 17:43 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-12-09 05:39 - 2015-11-20 17:42 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-12-09 05:39 - 2015-11-20 17:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-12-09 05:39 - 2015-11-20 17:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-12-09 05:39 - 2015-11-20 17:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-12-09 05:39 - 2015-11-20 17:27 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-12-09 05:39 - 2015-11-09 01:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-09 05:39 - 2015-11-08 23:30 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-09 05:39 - 2015-11-08 22:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-12-09 05:39 - 2015-11-08 22:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-12-09 05:39 - 2015-11-08 22:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-09 05:39 - 2015-11-08 21:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-12-09 05:39 - 2015-11-08 21:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-09 05:39 - 2015-11-08 21:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-09 05:39 - 2015-10-28 16:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-09 05:39 - 2015-10-28 16:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-09 05:39 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-09 05:39 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-09 05:39 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-09 05:39 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-09 05:39 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-09 05:39 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-09 05:39 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-09 05:39 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-09 05:39 - 2015-10-22 17:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-09 05:39 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-12-09 05:39 - 2015-10-22 16:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-09 05:39 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-12-09 05:39 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-09 05:39 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2015-12-09 05:39 - 2015-10-11 07:34 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-09 05:39 - 2015-10-11 07:34 - 00462168 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-12-09 05:39 - 2015-10-11 07:34 - 00443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-12-09 05:39 - 2015-10-11 07:34 - 00092504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-12-09 05:39 - 2015-10-11 07:34 - 00027992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-12-09 05:39 - 2015-10-10 19:41 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-12-09 05:39 - 2015-10-10 19:41 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-12-09 05:39 - 2015-10-10 19:40 - 00078848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusb.sys
2015-12-09 05:39 - 2015-10-10 18:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-12-09 05:39 - 2015-10-08 17:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2015-12-09 05:39 - 2015-10-08 16:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2015-12-09 05:39 - 2015-10-05 19:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-12-09 05:39 - 2015-10-05 19:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-12-09 05:39 - 2015-10-03 20:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-12-09 05:39 - 2015-10-03 20:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-01-07 22:39 - 2015-12-01 18:39 - 00000945 _____ C:\WINDOWS\Tasks\EPSON WF-2650 Series Update {27E55862-C7BB-4743-9435-9B4417B1181F}.job
2016-01-07 22:36 - 2014-01-18 12:22 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\ClassicShell
2016-01-07 21:27 - 2015-06-21 21:22 - 00001144 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-07 21:10 - 2014-06-17 09:38 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-07 20:24 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-01-07 20:21 - 2014-08-20 10:19 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-01-07 20:19 - 2015-06-21 21:22 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-07 20:19 - 2014-08-06 16:46 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-07 20:19 - 2014-04-21 11:15 - 00000000 ___RD C:\Users\Erwin\OneDrive
2016-01-07 20:19 - 2014-01-19 13:17 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\.oit
2016-01-07 20:18 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-06 19:57 - 2014-08-06 16:46 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-01-06 19:57 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager
2016-01-06 19:44 - 2014-01-17 17:51 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-681885862-1274788781-1503667042-1001
2016-01-05 22:47 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2016-01-05 20:22 - 2014-04-21 11:19 - 00000000 ___DC C:\WINDOWS\Panther
2016-01-03 14:09 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-29 09:10 - 2014-06-17 09:38 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-12-28 22:34 - 2015-10-01 08:40 - 00000042 _____ C:\Users\Erwin\AppData\Roaming\url.txt
2015-12-28 22:34 - 2015-09-18 20:29 - 00000000 ____D C:\Users\Erwin\Documents\UseNeXT
2015-12-28 22:34 - 2014-01-19 18:23 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\UseNeXT
2015-12-28 22:20 - 2014-01-22 22:36 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\vlc
2015-12-28 12:04 - 2014-03-18 11:03 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-28 12:04 - 2014-03-18 10:25 - 00764340 _____ C:\WINDOWS\system32\perfh007.dat
2015-12-28 12:04 - 2014-03-18 10:25 - 00159160 _____ C:\WINDOWS\system32\perfc007.dat
2015-12-28 11:58 - 2014-01-19 13:21 - 00000000 ____D C:\Users\Erwin\Documents\Eigene PaperPort-Dokumente
2015-12-28 11:34 - 2015-01-28 22:35 - 00000000 ____D C:\Users\Erwin\AppData\Local\Package Cache
2015-12-27 03:18 - 2012-11-28 13:09 - 00000000 ____D C:\ProgramData\Acer
2015-12-27 03:04 - 2013-04-06 01:49 - 00000000 ____D C:\ProgramData\Intel
2015-12-27 00:30 - 2015-05-08 22:00 - 00000000 ____D C:\ProgramData\Epson
2015-12-26 18:33 - 2013-08-22 14:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-26 13:25 - 2015-10-05 20:48 - 00655360 _____ C:\WINDOWS\SysWOW64\ꧣ鲁뷦꞉뗦ꒅ藦鲭跧낕跧ꮥ냦ꆉ藦뚁郣꺀胣鲑釧ꆱ뷦꒕闦뎽맦뚕釧꾉맢ꒅ
2015-12-26 12:44 - 2014-01-19 18:14 - 00000000 ____D C:\Users\Erwin\Documents\Mein Steuer-Sparbuch Heute
2015-12-26 09:48 - 2014-12-10 08:46 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-26 09:48 - 2014-12-10 08:46 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-26 00:20 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-26 00:09 - 2015-05-25 10:44 - 00000000 ___RD C:\Users\Erwin\Desktop\gescannt
2015-12-25 23:40 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-24 01:31 - 2014-10-05 21:59 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\dvdcss
2015-12-22 11:14 - 2014-01-19 13:09 - 00001061 _____ C:\WINDOWS\wiso.ini
2015-12-22 11:14 - 2014-01-19 13:07 - 00000000 ____D C:\Program Files (x86)\Steuer 2013
2015-12-22 10:14 - 2014-06-01 18:01 - 00000000 ____D C:\Users\Erwin\AppData\Local\Google
2015-12-20 11:00 - 2015-04-04 04:54 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-12-20 11:00 - 2015-04-04 04:54 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-12-19 10:22 - 2014-02-07 00:22 - 00000000 ____D C:\Users\Erwin\AppData\Local\ElevatedDiagnostics
2015-12-18 22:55 - 2015-07-10 07:57 - 00214528 ___SH C:\Users\Erwin\Documents\Thumbs.db
2015-12-16 23:28 - 2015-06-21 21:23 - 00002155 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-14 22:47 - 2014-02-08 00:20 - 01284096 ___SH C:\Users\Erwin\Desktop\Thumbs.db
2015-12-14 22:09 - 2014-04-21 10:26 - 00000000 ____D C:\Users\Erwin
2015-12-14 22:01 - 2013-08-22 15:44 - 00508528 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-14 10:38 - 2015-10-04 07:37 - 00000000 ____D C:\Program Files (x86)\UseNeXT
2015-12-13 15:27 - 2014-12-10 23:55 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\Samsung
2015-12-13 15:26 - 2014-12-10 23:55 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-12-13 15:23 - 2012-11-28 13:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-13 15:21 - 2014-12-10 23:57 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2015-12-13 14:18 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-09 06:50 - 2014-01-20 10:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 06:50 - 2014-01-20 10:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 06:49 - 2014-01-20 10:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-09 06:34 - 2014-01-20 10:00 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-08-29 22:37 - 2015-08-29 22:37 - 0000000 _____ () C:\Program Files (x86)\GUTDECA.tmp
2015-10-01 08:40 - 2015-12-28 22:34 - 0000042 _____ () C:\Users\Erwin\AppData\Roaming\url.txt
2014-06-01 18:15 - 2014-06-01 18:15 - 0003584 _____ () C:\Users\Erwin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-17 10:57 - 2015-01-17 10:57 - 0001453 _____ () C:\Users\Erwin\AppData\Local\recently-used.xbel
2015-06-26 04:34 - 2015-06-26 04:34 - 0007609 _____ () C:\Users\Erwin\AppData\Local\Resmon.ResmonCfg

Einige Dateien in TEMP:
====================
C:\Users\Erwin\AppData\Local\Temp\SecurityReviverSetup.exe
C:\Users\Erwin\AppData\Local\Temp\sqlite3.dll
C:\Users\Erwin\AppData\Local\Temp\_is18E1.exe
C:\Users\Erwin\AppData\Local\Temp\_is33FB.exe
C:\Users\Erwin\AppData\Local\Temp\_is93BF.exe
C:\Users\Erwin\AppData\Local\Temp\_isB32E.exe
C:\Users\Erwin\AppData\Local\Temp\_isD11E.exe
C:\Users\Erwin\AppData\Local\Temp\_isE91A.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-10-21 23:24

==================== Ende von FRST.txt ============================

--- --- ---

Deathkid535 · 07.01.2016, 23:51

Hi,

hast du noch Probleme auf dem Rechner?

07.01.2016, 23:51	#15
Deathkid535 /// Malwareteam	Ihr PC wurde gesperrt und verschlüsselt...... Hi, hast du noch Probleme auf dem Rechner? __________________ mfg, Dennis Lob, Kritik oder Wünsche Unterstütze uns mit einer kleinen Spende

Ihr PC wurde gesperrt und verschlüsselt......

Plagegeister aller Art und deren Bekämpfung: Ihr PC wurde gesperrt und verschlüsselt......