Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: ClickCompare Malware auf Win 8 x64

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 05.08.2013, 18:48   #1
elmausi
 
ClickCompare Malware auf Win 8 x64 - Standard

ClickCompare Malware auf Win 8 x64



Hallo an das Forum,

ich habe mir auf einem PC diese "nette" Malware eingefangen, die im Firefox einige Links auf die Seite "clickcompare.info umleitet".

Es wäre nett, wenn mir jemand bei dem Versuch des Entfernens helfen könnte.

Die zuerst benötigten Logfiles sind beigefügt.

Besten Dank

Stephan

edit: Logfiles zu groß, daher als Anhang.

Geändert von elmausi (05.08.2013 um 18:54 Uhr) Grund: Logs leider zu groß, daher als Anhang.

Alt 05.08.2013, 19:17   #2
markusg
/// Malware-holic
 
ClickCompare Malware auf Win 8 x64 - Standard

ClickCompare Malware auf Win 8 x64



Hi,
1. logs bitte immer, wenn möglcih, direkt in die Antwort kopieren.
2. aus der additions.txt:
Empfehlungen fürs Deinstallieren
Bitte kopiere die Liste der installierten Programme aus der additions.txt hier in deinen Thread. Notiere mir bitte
hinter jede Zeile, ob folgendes Kategorie zutrifft: Unbekannt, Nötig, Unnötig
__________________

__________________

Alt 05.08.2013, 19:30   #3
elmausi
 
ClickCompare Malware auf Win 8 x64 - Standard

ClickCompare Malware auf Win 8 x64



Oh, sorry, ich dachte, dass wenn die Logs zu groß sind, dann alle in einer Datei gepackt werden sollen. Kommt nicht wieder vor.

Hier die installierten Programme:

Code:
ATTFilter
µTorrent (x32 Version: 3.3.0.29126) - nötig
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) - nötig
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.7) - nötig
Adobe AIR (x32 Version: 3.7.0.2090) - unnötig
Adobe Community Help (x32 Version: 3.0.0) - unnötig
Adobe Community Help (x32 Version: 3.0.0.400) - unnötig
Adobe Creative Suite 5 Master Collection (x32 Version: 5.0) - nötig
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) - nötig
Adobe Media Player (x32 Version: 1.8) - nötig
Adobe Photoshop Lightroom 3.4.1 64-bit (Version: 3.4.2) - nötig
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) - nötig
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122) - unnötig
AMD Accelerated Video Transcoding (Version: 12.5.100.21116) - unbekannt
AMD APP SDK Runtime (Version: 10.0.937.2) - unbekannt
AMD Catalyst Install Manager (Version: 8.0.877.0) - nötig
AMD Drag and Drop Transcoding (Version: 2.00.0000) - unbekannt
AMD Media Foundation Decoders (Version: 1.0.71116.1554) - unbekannt
AnyDVD (x32 Version: 7.1.4.5) - nötig
Apple Application Support (x32 Version: 2.3.4) - nötig
Apple Mobile Device Support (Version: 6.1.0.13) - nötig
Apple Software Update (x32 Version: 2.1.3.127) - nötig
ATI AVIVO64 Codecs (Version: 11.6.0.10419)- unbekannt
avast! Free Antivirus (x32 Version: 8.0.1489.0) - nötig
AVCHDCoder (x32 Version: 11.12.27) - unbekannt
AviSynth 2.5 (x32) - unbekannt
Bonjour (Version: 3.0.0.10) - unnötig
Cas Studio 9.1.0 (x32 Version: 9.1.0) - nötig
Catalyst Control Center - Branding (x32 Version: 1.00.0000) - nötig
Catalyst Control Center (x32 Version: 2012.1116.1515.27190) - nötig
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1116.1515.27190) - nötig
Catalyst Control Center InstallProxy (x32 Version: 2012.1116.1515.27190) - nötig
Catalyst Control Center Localization All (x32 Version: 2012.1116.1515.27190) - nötig
CCC Help Chinese Standard (x32 Version: 2012.1116.1514.27190) - unnötig
CCC Help Chinese Traditional (x32 Version: 2012.1116.1514.27190) - unnötig
CCC Help Czech (x32 Version: 2012.1116.1514.27190) - unnötig
CCC Help Danish (x32 Version: 2012.1116.1514.27190) - unnötig
CCC Help Dutch (x32 Version: 2012.1116.1514.27190) - unnötig
CCC Help English (x32 Version: 2012.1116.1514.27190) - unnötig
CCC Help Finnish (x32 Version: 2012.1116.1514.27190) - unnötig - unnötig
CCC Help French (x32 Version: 2012.1116.1514.27190) - unnötig
CCC Help German (x32 Version: 2012.1116.1514.27190) - nötig
CCC Help Greek (x32 Version: 2012.1116.1514.27190) - unnötig
CCC Help Hungarian (x32 Version: 2012.1116.1514.27190) - unnötig
CCC Help Italian (x32 Version: 2012.1116.1514.27190) - unnötig
CCC Help Japanese (x32 Version: 2012.1116.1514.27190) - unnötig
CCC Help Korean (x32 Version: 2012.1116.1514.27190) - unnötig
CCC Help Norwegian (x32 Version: 2012.1116.1514.27190) - unnötig
CCC Help Polish (x32 Version: 2012.1116.1514.27190) - unnötig
CCC Help Portuguese (x32 Version: 2012.1116.1514.27190) - unnötig
CCC Help Russian (x32 Version: 2012.1116.1514.27190) - unnötig
CCC Help Spanish (x32 Version: 2012.1116.1514.27190) - unnötig
CCC Help Swedish (x32 Version: 2012.1116.1514.27190) - unnötig
CCC Help Thai (x32 Version: 2012.1116.1514.27190) - unnötig
CCC Help Turkish (x32 Version: 2012.1116.1514.27190) - unnötig
ccc-utility64 (Version: 2012.1116.1515.27190) - unbekannt
cera Product Library (Version: 2.0.0713) - unbekannt
Classic Shell (Version: 3.6.8) - nötig
CloneDVD2 (x32 Version: 2.9.3.0) - unnötig
CyberLink PowerDVD 11 (x32 Version: 11.0.1719.51) - nötig
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) - unbekannt
DivX Tech Preview: MKV on Windows 7 (x32) - nötig
DivX-Setup (x32 Version: 2.6.1.44) - unbekannt
DVDFab (remove only) (x32) - unnötig
ElsterFormular (x32 Version: 14.1.11318) - nötig
File Type Assistant (x32 Version: 2013.4.8.0) - unbekannt
Final Media Player 2012 (x32 Version: 2012.10.9.0)
Google Earth (x32 Version: 7.1.1.1888) - nötig
Google Update Helper (x32 Version: 1.3.21.153) - unbekannt
ImgBurn (x32 Version: 2.5.7.0) - nötig
IrfanView (remove only) (x32 Version: 4.35) - nötig
iSafe (x32) - nötig
iTunes (Version: 11.0.4.4) - nötig
Java 7 Update 25 (x32 Version: 7.0.250) - nötig
Java Auto Updater (x32 Version: 2.1.9.5) - unbekannt
K-Lite Codec Pack 9.9.4 (Full) (x32 Version: 9.9.4) - nötig
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) - nötig
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Office 2010 Service Pack 1 (SP1) (x32) - nötig
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) - nötig
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) - nötig
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000) - nötig
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) - nötig
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) - nötig
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) - nötig
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) - nötig
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) - nötig
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) - nötig
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) - nötig
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) - nötig
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) - nötig
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) - nötig
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) - nötig
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) - nötig
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000) - nötig
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) - nötig
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0) - nötig
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) - nötig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) - nötig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) - nötig
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319) - nötig
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053) - nötig
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053) - nötig
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) - nötig
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053) - nötig
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053) - nötig
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053) - nötig
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053) - nötig
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053) - nötig
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000) - nötig
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000) - nötig
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) - nötig
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000) - nötig
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000) - nötig
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000) - nötig
MOV Download Tool 1.2.1 (x32 Version: 1.2.1) - nötig
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) - nötig
Mozilla Maintenance Service (x32 Version: 22.0) - nötig
Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7) - nötig
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) - unbekannt
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) - unbekannt
PDF Settings CS5 (x32 Version: 10.0) - unbekannt
PDF-XChange Lite 4 (Version: 4.0.195.0) - nötig
QuickTime (x32 Version: 7.74.80.86) - nötig
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6383) - nötig
Samsung Kies (x32 Version: 2.5.2.13021_10) - nötig
Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1) - nötig
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.24.0) - nötig
swMSM (x32 Version: 12.0.0.1) - unbekannt
System Requirements Lab for Intel (x32 Version: 4.5.13.0) - unbekannt
TeamViewer 8 Host (x32 Version: 8.0.17396) - nötig
Unlocker 1.9.1-x64 (Version: 1.9.1) - unnötig
Update for Microsoft Office 2010 (KB2494150) (x32) - nötig
Update for Microsoft Office 2010 (KB2553065) (x32) - nötig
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) - nötig
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) - nötig
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32) - nötig
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) - nötig
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) - nötig
Update for Microsoft Office 2010 (KB2566458) (x32) - nötig
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) - nötig
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) - nötig
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) - nötig
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) - nötig
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) - nötig
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) - nötig
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) - nötig
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) - nötig
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) - nötig
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) - nötig
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) - nötig
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) - nötig
VaudiX (Version: 1.0) - unbekannt
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0) - unbekannt
VIO Player version 1.0.1 (x32 Version: 1.0.1) - nötig
VirtualCloneDrive (x32) - unnötig
VLC media player 2.0.2 (x32 Version: 2.0.2) - nötig
VueScan - nötig
VueScan x64 - nötig
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8) - nötig
         
__________________

Alt 06.08.2013, 17:50   #4
markusg
/// Malware-holic
 
ClickCompare Malware auf Win 8 x64 - Standard

ClickCompare Malware auf Win 8 x64



Hi,
ok, wenn sie zu groß sind, erst mal in Codetaks versuchen, sonst natürlich packen :-)

Es sind 2 Logs zu erstellen, poste diese möglichst gleichzeitig.
1.
Deinstaliere:
Adobe: alle unnötigen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:

CloneDVD2
DVDFab
Unlocker
starte neu.
2.
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


3.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.08.2013, 21:23   #5
elmausi
 
ClickCompare Malware auf Win 8 x64 - Standard

ClickCompare Malware auf Win 8 x64



Hallo Markus,

hier die beiden Logfiles.

Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-08-07.01 - Stephan 07.08.2013  20:58:29.1.2 - x64
Microsoft Windows 8 Pro  6.2.9200.0.1252.49.1031.18.6143.4777 [GMT 2:00]
ausgeführt von:: c:\users\Stephan\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Stephan\AppData\Local\Temp\any.exe
c:\users\Stephan\AppData\Roaming\Ceydp
c:\users\Stephan\AppData\Roaming\Ceydp\etyn.evg
c:\users\Stephan\AppData\Roaming\inst.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-07-07 bis 2013-08-07  ))))))))))))))))))))))))))))))
.
.
2013-08-05 16:23 . 2013-08-05 16:23	--------	d-----w-	C:\FRST
2013-08-04 20:42 . 2013-08-04 20:45	--------	d-----w-	c:\programdata\HitmanPro
2013-08-04 20:07 . 2013-08-04 20:07	--------	d-----w-	c:\windows\SysWow64\wbem\Logs
2013-08-04 20:03 . 2013-08-04 20:03	90	----a-w-	c:\windows\DeleteOnReboot.bat
2013-08-02 21:43 . 2013-08-02 21:43	--------	d-----w-	c:\users\Stephan\AppData\Roaming\eCyber
2013-08-02 21:42 . 2013-08-02 21:42	--------	d-----w-	c:\windows\system32\log
2013-08-02 21:42 . 2013-08-07 19:06	--------	d-----w-	c:\program files (x86)\iSafe
2013-08-02 21:42 . 2013-08-04 19:43	--------	d-----w-	c:\users\Stephan\AppData\Roaming\iSafe
2013-08-02 16:15 . 2013-08-02 16:15	--------	d-----w-	c:\users\Stephan\AppData\Roaming\Malwarebytes
2013-08-02 16:15 . 2013-08-02 16:15	--------	d-----w-	c:\programdata\Malwarebytes
2013-08-02 16:15 . 2013-08-02 16:15	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-02 16:15 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-07-31 18:54 . 2013-07-31 18:54	262832	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10212.bin
2013-07-28 08:46 . 2013-06-16 22:41	997632	----a-w-	c:\windows\system32\drivers\ndis.sys
2013-07-20 22:01 . 2013-07-20 22:01	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-17 15:55 . 2013-05-15 22:35	144384	----a-w-	c:\windows\system32\tssdisai.dll
2013-07-16 20:14 . 2013-05-02 04:23	203672	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2013-07-16 20:14 . 2013-05-02 04:23	103064	----a-w-	c:\windows\system32\drivers\ssudbus.sys
2013-07-14 11:00 . 2013-06-27 22:04	78200	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-13 12:22 . 2013-07-13 13:21	--------	d-----w-	c:\users\Stephan\AppData\Roaming\vlc
2013-07-13 12:22 . 2013-07-13 12:22	--------	d-----w-	c:\program files (x86)\VideoLAN
2013-07-12 20:48 . 2013-04-10 22:35	1617920	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2013-07-12 20:48 . 2013-04-10 22:35	2035200	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2013-07-12 20:48 . 2013-04-10 22:35	1318912	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2013-07-12 20:48 . 2013-04-10 22:35	1306112	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2013-07-12 20:48 . 2013-04-10 22:35	1272320	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-12 20:48 . 2013-04-11 04:12	1029632	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2013-07-12 20:48 . 2013-04-11 04:12	1413632	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2013-07-11 20:36 . 2013-07-11 20:36	--------	d-----w-	c:\program files\Classic Shell
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-28 12:16 . 2012-07-26 00:40	245760	----a-w-	c:\windows\SysWow64\LocationApi.dll
2013-07-28 12:16 . 2012-07-26 00:38	312832	----a-w-	c:\windows\system32\LocationApi.dll
2013-07-20 22:01 . 2012-06-09 19:19	867240	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-07-20 22:01 . 2012-06-09 19:19	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-07-12 20:42 . 2011-06-11 14:34	78185248	----a-w-	c:\windows\system32\MRT.exe
2013-06-28 21:27 . 2013-03-01 21:41	189936	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-06-28 21:27 . 2013-02-10 18:01	378944	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-06-28 21:27 . 2013-02-10 18:01	1030952	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-06-27 22:04 . 2013-02-20 19:46	693112	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-30 23:24 . 2013-06-16 13:50	1257472	----a-w-	c:\windows\system32\kernel32.dll
2013-05-23 23:01 . 2013-06-16 13:50	1300992	----a-w-	c:\windows\system32\gdi32.dll
2013-05-23 22:27 . 2013-06-16 13:50	1022464	----a-w-	c:\windows\SysWow64\gdi32.dll
2013-05-23 20:15 . 2012-07-26 08:13	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-20 18:27 . 2013-05-20 18:17	82816	----a-w-	c:\users\Stephan\AppData\Roaming\pcouffin.sys
2013-05-15 22:37 . 2013-06-12 15:52	44032	----a-w-	c:\windows\SysWow64\UXInit.dll
2013-05-15 22:35 . 2013-06-12 15:52	53760	----a-w-	c:\windows\system32\UXInit.dll
2013-05-15 02:25 . 2013-06-16 13:49	888320	----a-w-	c:\windows\system32\autochk.exe
2013-05-15 02:25 . 2013-06-16 13:49	542208	----a-w-	c:\windows\system32\untfs.dll
2013-05-15 02:24 . 2013-06-16 13:49	793088	----a-w-	c:\windows\SysWow64\autochk.exe
2013-05-15 02:24 . 2013-06-16 13:49	482816	----a-w-	c:\windows\SysWow64\untfs.dll
2013-05-14 13:14 . 2013-06-12 15:52	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2013-05-14 09:23 . 2013-06-12 15:52	2706432	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-05-10 07:57 . 2013-05-10 07:57	27208	----a-w-	c:\windows\system32\AdobePDFUI.dll
2013-05-10 07:57 . 2013-05-10 07:57	55872	----a-w-	c:\windows\system32\AdobePDF.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-06-29 08:49	594432	----a-w-	c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2013-02-09 6864984]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-05-23 1561968]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2013-03-20 578560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"RemoteControl11"="c:\program files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-05-19 234792]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-05-23 311152]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R4 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/06/11 21:28];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [x]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [x]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [x]
S2 iSafeService;iSafeService;c:\program files (x86)\iSafe\iSafeSvc.exe;c:\program files (x86)\iSafe\iSafeSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys;c:\windows\SYSNATIVE\DRIVERS\l160x64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 iSafeKrnl;iSafeKrnl;c:\program files (x86)\iSafe\iSafeKrnl.sys;c:\program files (x86)\iSafe\iSafeKrnl.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 netr7364;Erweiterbarer RT73 USB-Drahtlos-LAN-Kartentreiber;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
S3 NmPar;PCI Parallel Port;c:\windows\system32\DRIVERS\NmPar.sys;c:\windows\SYSNATIVE\DRIVERS\NmPar.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:51]
.
2013-08-07 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2013-02-08 17:40]
.
2013-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-11 18:16]
.
2013-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-11 18:16]
.
2013-08-07 c:\windows\Tasks\VaudiXUpdaterTask{DB82C180-3F90-457F-AA68-458770647DD9}.job
- c:\programdata\Premium\VaudiX\VaudiX.exe [2013-01-03 14:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	133840	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-06-29 08:50	724992	----a-w-	c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-31 11855976]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 193.189.250.101 193.189.250.100 192.168.1.254
FF - ProfilePath - c:\users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\wri0mq58.default-1352675556171\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
Wow6432Node-HKCU-Run-SearchEngineProtection - c:\program files (x86)\GamesBar\update\SearchEngineProtection.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-SP_09de8db5 - c:\program files (x86)\VaudiX\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\iSafe\iSafeSvc2.exe
c:\program files\Classic Shell\ClassicShellService.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\iSafe\iSafeTray.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe
c:\program files (x86)\teamviewer\version8\TeamViewer_Desktop.exe
c:\program files (x86)\TeamViewer\Version8\tv_w32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-08-07  21:14:37 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-08-07 19:14
.
Vor Suchlauf: 14 Verzeichnis(se), 48.336.109.568 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 48.151.855.104 Bytes frei
.
- - End Of File - - 0C832BB5B24CC58498AF0FFD3CF23195
         
--- --- --- D41D8CD98F00B204E9800998ECF8427E
Code:
ATTFilter
21:17:51. TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:17:51. ============================================================
21:17:51. Current date / time: 2013/08/07 21:17:51.0448
21:17:51. SystemInfo:
21:17:51. 
21:17:51. OS Version: 6.2.9200 ServicePack: 0.0
21:17:51. Product type: Workstation
21:17:51. ComputerName: MAUSI
21:17:51. UserName: Stephan
21:17:51. Windows directory: C:\WINDOWS
21:17:51. System windows directory: C:\WINDOWS
21:17:51. Running under WOW64
21:17:51. Processor architecture: Intel x64
21:17:51. Number of processors: 2
21:17:51. Page size: 0x1000
21:17:51. Boot type: Normal boot
21:17:51. ============================================================
21:17:52. Drive \Device\Harddisk0\DR0 - Size: 0x12A3F92000 (74.56 Gb), SectorSize: 0x200, Cylinders: 0x2605, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
21:17:52. Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x3F16B, SectorsPerTrack: 0xE, TracksPerCylinder: 0x87, Type 'K0', Flags 0x00000040
21:17:52. Drive \Device\Harddisk2\DR2 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:17:52. Drive \Device\Harddisk3\DR3 - Size: 0x3D7FFE00 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:17:52. ============================================================
21:17:52. \Device\Harddisk0\DR0:
21:17:52. MBR partitions:
21:17:52. \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x951A0C5
21:17:52. \Device\Harddisk1\DR1:
21:17:52. MBR partitions:
21:17:52. \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:17:52. \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEFCE000
21:17:52. \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0xF000CF3, BlocksNum 0xE1C3C4D
21:17:52. \Device\Harddisk2\DR2:
21:17:52. MBR partitions:
21:17:52. \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3BFF00D
21:17:52. \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x3BFF08B, BlocksNum 0x9FFEACC
21:17:52. \Device\Harddisk2\DR2\Partition3: MBR, Type 0x7, StartLBA 0xDBFDB96, BlocksNum 0xF5C69EB
21:17:52. \Device\Harddisk3\DR3:
21:17:52. MBR partitions:
21:17:52. \Device\Harddisk3\DR3\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x1EBFC0
21:17:52. ============================================================
21:17:52. C: <-> \Device\Harddisk1\DR1\Partition2
21:17:52. D: <-> \Device\Harddisk2\DR2\Partition2
21:17:52. E: <-> \Device\Harddisk1\DR1\Partition3
21:17:52. F: <-> \Device\Harddisk2\DR2\Partition3
21:17:52. G: <-> \Device\Harddisk0\DR0\Partition1
21:17:52. T: <-> \Device\Harddisk2\DR2\Partition1
21:17:52. ============================================================
21:17:52. Initialize success
21:17:52. ============================================================
21:18:47. ============================================================
21:18:47. Scan started
21:18:47. Mode: Manual; SigCheck; TDLFS; 
21:18:47. ============================================================
21:18:48. ================ Scan system memory ========================
21:18:48. System memory - ok
21:18:48. ================ Scan services =============================
21:18:48. [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
21:18:48.ohci - ok
21:18:48. [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
21:18:48.ware - ok
21:18:48. [ 975AABEB243B800C23626D6B652C5A9C ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
21:18:48. ACPI - ok
21:18:48. [ DC968C37822117E576B933F34A2D130C ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
21:18:48. acpiex - ok
21:18:48. [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
21:18:48. acpipagr - ok
21:18:48. [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
21:18:48. AcpiPmi - ok
21:18:48. [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
21:18:48. acpitime - ok
21:18:48. [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:18:48. AdobeARMservice - ok
21:18:49. [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:18:49. AdobeFlashPlayerUpdateSvc - ok
21:18:49. [ 93C6388592B99925C1D1576E465BC80F ] adp94xx         C:\WINDOWS\system32\drivers\adp94xx.sys
21:18:49. adp94xx - ok
21:18:49. [ D27763E0247292654E7F7D16444C7C72 ] adpahci         C:\WINDOWS\system32\drivers\adpahci.sys
21:18:49. adpahci - ok
21:18:49. [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320         C:\WINDOWS\system32\drivers\adpu320.sys
21:18:49. adpu320 - ok
21:18:49. [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
21:18:49. AeLookupSvc - ok
21:18:49. [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD             C:\WINDOWS\system32\drivers\afd.sys
21:18:49. AFD - ok
21:18:49. [ 01590377A5AB19E792528C628A2A68F9 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
21:18:49. agp440 - ok
21:18:49. [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG             C:\WINDOWS\System32\alg.exe
21:18:49. ALG - ok
21:18:49. [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\WINDOWS\system32\AUInstallAgent.dll
21:18:49. AllUserInstallAgent - ok
21:18:49. [ D45D3540C5AE2A48C6112DF03F06F374 ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
21:18:49. AMD External Events Utility - ok
21:18:49. [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
21:18:49. AmdK8 - ok
21:18:49. [ 5B871F3E4A4A6C4693A413E3138B51D0 ] amdkmdag        C:\WINDOWS\system32\DRIVERS\atikmdag.sys
21:18:50. amdkmdag - ok
21:18:50. [ 9BE1140CE8D2C5E878F136A7B85D41B3 ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
21:18:50. amdkmdap - ok
21:18:50. [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
21:18:50. AmdPPM - ok
21:18:50. [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
21:18:50. amdsata - ok
21:18:50. [ 00452671904F5EE94B50BF0219C97164 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
21:18:50. amdsbs - ok
21:18:50. [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
21:18:50. amdxata - ok
21:18:50. [ B5C0F65D6657C6ADD9ED75EC7583390B ] AnyDVD          C:\WINDOWS\system32\Drivers\AnyDVD.sys
21:18:50. AnyDVD - ok
21:18:50. [ 83B3682CE922FB0F415734B26D9D6233 ] AppID           C:\WINDOWS\system32\drivers\appid.sys
21:18:50. AppID - ok
21:18:50. [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
21:18:50. AppIDSvc - ok
21:18:50. [ 4F750B7EFCB6520AE01E01D082D7D476 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
21:18:50. Appinfo - ok
21:18:50. [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:18:50. Apple Mobile Device - ok
21:18:50. [ 2D14788C5D0836292BEB27BBE109BE56 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
21:18:50. AppMgmt - ok
21:18:50. [ E933401B392387F4BE34DE8BAF1722A7 ] arc             C:\WINDOWS\system32\drivers\arc.sys
21:18:50. arc - ok
21:18:50. [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
21:18:50. arcsas - ok
21:18:50. [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:18:50. aswFsBlk - ok
21:18:50. [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
21:18:50. aswMonFlt - ok
21:18:50. [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr          C:\WINDOWS\System32\Drivers\aswrdr2.sys
21:18:50. aswRdr - ok
21:18:50. [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
21:18:50. aswRvrt - ok
21:18:50. [ 8C0800CDB501CFC1164B286A0478DC10 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
21:18:50. aswSnx - ok
21:18:51. [ 3815DB16CDA62190F5C0A65118F3D714 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
21:18:51. aswSP - ok
21:18:51. [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
21:18:51. aswTdi - ok
21:18:51. [ 22F521108881DC59837F6FC614E0568F ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
21:18:51. aswVmm - ok
21:18:51. [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:18:51. AsyncMac - ok
21:18:51. [ A721FF570C2387E383BDDEA9632863C9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
21:18:51. atapi - ok
21:18:51. [ 940E5B876251E04FFFE058AD71FE0F1C ] AtcL001         C:\WINDOWS\system32\DRIVERS\l160x64.sys
21:18:51. AtcL001 - ok
21:18:51. [ 2B3B05C0A7768BF033217EB8F33F9C35 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdW76.sys
21:18:51. AtiHDAudioService - ok
21:18:51. [ BCD7A47EF587DC00DD61D12D9C2D1E44 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
21:18:51. AudioEndpointBuilder - ok
21:18:51. [ 599B3F685A263A114FFAF3BE29C49C75 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
21:18:51. Audiosrv - ok
21:18:51. [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:18:51. avast! Antivirus - ok
21:18:51. [ 89491EF71D5EA011127832C588002853 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
21:18:51. AxInstSV - ok
21:18:51. [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
21:18:51. b06bdrv - ok
21:18:51. [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
21:18:51. BasicDisplay - ok
21:18:51. [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
21:18:51. BasicRender - ok
21:18:51. [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
21:18:51. BDESVC - ok
21:18:51. [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
21:18:51. Beep - ok
21:18:51. [ 9E6A544F465C582AB42444A217CF04DC ] BFE             C:\WINDOWS\System32\bfe.dll
21:18:51. BFE - ok
21:18:51. [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS            C:\WINDOWS\system32\qmgr.dll
21:18:51. BITS - ok
21:18:51. [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:18:51. Bonjour Service - ok
21:18:51. [ B17AC10B47C7FCB44D22A1F06415840E ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
21:18:52. bowser - ok
21:18:52. [ 038FA1B55531E7020DB705B42FCCE373 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
21:18:52. BrokerInfrastructure - ok
21:18:52. [ 310068BDA80B1D55C36580FD8A873FAF ] Browser         C:\WINDOWS\System32\browser.dll
21:18:52. Browser - ok
21:18:52. [ 6695200F455E251F0BCC9CE4D0978D59 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
21:18:52. BthAvrcpTg - ok
21:18:52. [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
21:18:52. BthHFEnum - ok
21:18:52. [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
21:18:52. bthhfhid - ok
21:18:52. [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
21:18:52. BTHMODEM - ok
21:18:52. [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv         C:\WINDOWS\system32\bthserv.dll
21:18:52. bthserv - ok
21:18:52. catchme - ok
21:18:52. [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
21:18:52. cdfs - ok
21:18:52. [ 339BFF85D788268752DA8C9644B188EE ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
21:18:52. cdrom - ok
21:18:52. [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
21:18:52. CertPropSvc - ok
21:18:52. [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
21:18:52. circlass - ok
21:18:52. [ 55FE970B500F6D2A550B5E80AB8C4EAC ] ClassicShellService C:\Program Files\Classic Shell\ClassicShellService.exe
21:18:52. ClassicShellService ( UnsignedFile.Multi.Generic ) - warning
21:18:52. ClassicShellService - detected UnsignedFile.Multi.Generic (1)
21:18:52. [ 9905168708DB68849B879B5548F68AB3 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
21:18:52. CLFS - ok
21:18:52. [ 9F7DBE12A2B5BE09F9C9E3BE20D81E38 ] CLHNServiceForPowerDVD C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
21:18:52. CLHNServiceForPowerDVD - ok
21:18:52. [ 2DC8538A2260647484A6C921CA837313 ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
21:18:52. CmBatt - ok
21:18:52. [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
21:18:52. CNG - ok
21:18:52. [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
21:18:52. CompositeBus - ok
21:18:52. COMSysApp - ok
21:18:53. [ D9CB0782AF819548072AA45B70F8B22D ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
21:18:53. condrv - ok
21:18:53. [ AFA426B0E7975CEB21F8B6711EFA8945 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
21:18:53. CryptSvc - ok
21:18:53. [ F2C69C3D98249DE14D4B2832516D4FD5 ] CSC             C:\WINDOWS\system32\drivers\csc.sys
21:18:53. CSC - ok
21:18:53. [ 22CCB6AFF617AAC6121DF6CDA5ABF3F4 ] CscService      C:\WINDOWS\System32\cscsvc.dll
21:18:53. CscService - ok
21:18:53. [ 9DEEDBD844F84E3B7BC163974E3FDCAD ] CyberLink PowerDVD 11.0 Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
21:18:53. CyberLink PowerDVD 11.0 Monitor Service - ok
21:18:53. [ E2A1450811017E781A1F886DCA52EC23 ] CyberLink PowerDVD 11.0 Service C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
21:18:53. CyberLink PowerDVD 11.0 Service - ok
21:18:53. [ C4D01BD86D6B207275FC143EEA951D75 ] dam             C:\WINDOWS\system32\drivers\dam.sys
21:18:53. dam - ok
21:18:53. [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
21:18:53. DcomLaunch - ok
21:18:53. [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
21:18:53. defragsvc - ok
21:18:53. [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
21:18:53. DeviceAssociationService - ok
21:18:53. [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
21:18:53. DeviceInstall - ok
21:18:53. [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
21:18:53. Dfsc - ok
21:18:53. [ 421D371E96480DD3A14EA37D0D2757D1 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
21:18:53. dg_ssudbus - ok
21:18:53. [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
21:18:53. Dhcp - ok
21:18:53. [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache        C:\WINDOWS\system32\drivers\discache.sys
21:18:53. discache - ok
21:18:53. [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk            C:\WINDOWS\system32\drivers\disk.sys
21:18:53. disk - ok
21:18:53. [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
21:18:53. dmvsc - ok
21:18:53. [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
21:18:53. Dnscache - ok
21:18:53. [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
21:18:53. dot3svc - ok
21:18:53. [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS             C:\WINDOWS\system32\dps.dll
21:18:53. DPS - ok
21:18:54. [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
21:18:54. drmkaud - ok
21:18:54. [ F87F4AAAF6664906248D11D5E579A53B ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
21:18:54. DsmSvc - ok
21:18:54. [ 6D1B8A9A2C0BD4851D8AF1AB43E67AD9 ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
21:18:54. DXGKrnl - ok
21:18:54. [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
21:18:54. Eaphost - ok
21:18:54. [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
21:18:54. ebdrv - ok
21:18:54. [ F702AB6181513303AB0FC8D59E52708B ] EFS             C:\WINDOWS\System32\lsass.exe
21:18:54. EFS - ok
21:18:54. [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
21:18:54. EhStorClass - ok
21:18:54. [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
21:18:54. EhStorTcgDrv - ok
21:18:54. [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO        C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
21:18:54. ElbyCDIO - ok
21:18:54. [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
21:18:54. ErrDev - ok
21:18:54. [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem     C:\WINDOWS\system32\es.dll
21:18:54. EventSystem - ok
21:18:54. [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
21:18:54. exfat - ok
21:18:54. [ 60996602A7111FD2D086E803F33E4282 ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
21:18:54. fastfat - ok
21:18:54. [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax             C:\WINDOWS\system32\fxssvc.exe
21:18:54. Fax - ok
21:18:54. [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
21:18:54. fdc - ok
21:18:54. [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
21:18:54. fdPHost - ok
21:18:54. [ 872506AAB591E8908DF4461475AF92DF ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
21:18:54. FDResPub - ok
21:18:55. [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
21:18:55. fhsvc - ok
21:18:55. [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
21:18:55. FileInfo - ok
21:18:55. [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
21:18:55. Filetrace - ok
21:18:55. [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
21:18:55. flpydisk - ok
21:18:55. [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
21:18:55. FltMgr - ok
21:18:55. [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache       C:\WINDOWS\system32\FntCache.dll
21:18:55. FontCache - ok
21:18:55. [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:18:55. FontCache3.0.0.0 - ok
21:18:55. [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
21:18:55. FsDepends - ok
21:18:55. [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:18:55. Fs_Rec - ok
21:18:55. [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
21:18:55. fvevol - ok
21:18:55. [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
21:18:55. FxPPM - ok
21:18:55. [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
21:18:55. gagp30kx - ok
21:18:55. [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:18:55. GEARAspiWDM - ok
21:18:55. [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
21:18:55. gencounter - ok
21:18:55. [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
21:18:55. GPIOClx0101 - ok
21:18:55. [ 5358678C6370F2ADC5291849F6503262 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
21:18:55. gpsvc - ok
21:18:55. [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:18:55. gupdate - ok
21:18:55. [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:18:55. gupdatem - ok
21:18:55. [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
21:18:55. HDAudBus - ok
21:18:55. [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
21:18:55. HidBatt - ok
21:18:55. [ 085F150D002B7F0153D3C06DDF33A143 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
21:18:56. HidBth - ok
21:18:56. [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
21:18:56. hidi2c - ok
21:18:56. [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
21:18:56. HidIr - ok
21:18:56. [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv         C:\WINDOWS\System32\hidserv.dll
21:18:56. hidserv - ok
21:18:56. [ 9E11EE0F2E117B2D5A835B2B91752827 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
21:18:56. HidUsb - ok
21:18:56. [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
21:18:56. hkmsvc - ok
21:18:56. [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
21:18:56. HomeGroupListener - ok
21:18:56. [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
21:18:56. HomeGroupProvider - ok
21:18:56. [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
21:18:56. HpSAMD - ok
21:18:56. [ F4A91D985EB9D1D2717D538F3424603C ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
21:18:56. HTTP - ok
21:18:56. [ 2A98301068801700906C06649860FE94 ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
21:18:56. hwpolicy - ok
21:18:56. [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
21:18:56. hyperkbd - ok
21:18:56. [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
21:18:56. HyperVideo - ok
21:18:56. [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
21:18:56. i8042prt - ok
21:18:56. [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
21:18:56. iaStorV - ok
21:18:56. [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp           C:\WINDOWS\system32\drivers\iirsp.sys
21:18:56. iirsp - ok
21:18:56. [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
21:18:56. IKEEXT - ok
21:18:56. [ A3C9367A02B2A1FC22536ADD3601B64F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
21:18:57. IntcAzAudAddService - ok
21:18:57. [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
21:18:57. intelide - ok
21:18:57. [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
21:18:57. intelppm - ok
21:18:57. [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:18:57. IpFilterDriver - ok
21:18:57. [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
21:18:57. iphlpsvc - ok
21:18:57. [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
21:18:57. IPMIDRV - ok
21:18:57. [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
21:18:57. IPNAT - ok
21:18:57. [ 0FF335D687C85097725A53458160E81E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:18:57. iPod Service - ok
21:18:57. [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
21:18:57. IRENUM - ok
21:18:57. [ AABE14D15F7831CDC7618F09C5CE5239 ] iSafeKrnl       C:\Program Files (x86)\iSafe\iSafeKrnl.sys
21:18:57. iSafeKrnl - ok
21:18:57. [ AD12E488E77AE2F7CB057FD6CD89FA2D ] iSafeService    C:\Program Files (x86)\iSafe\iSafeSvc.exe
21:18:57. iSafeService - ok
21:18:57. [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
21:18:57. isapnp - ok
21:18:57. [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
21:18:57. iScsiPrt - ok
21:18:57. [ 73A968D4A85BB2552DDCF72CB15F06D2 ] JRAID           C:\WINDOWS\system32\drivers\jraid.sys
21:18:57. JRAID - ok
21:18:57. [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
21:18:57. kbdclass - ok
21:18:57. [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
21:18:57. kbdhid - ok
21:18:57. [ FB6C185092E18011EF49989425C2AA87 ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
21:18:57. kdnic - ok
21:18:57. [ F702AB6181513303AB0FC8D59E52708B ] KeyIso          C:\WINDOWS\system32\lsass.exe
21:18:57. KeyIso - ok
21:18:57. [ DFA480F6DED551464F3A5B959F437800 ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
21:18:57. KSecDD - ok
21:18:57. [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
21:18:57. KSecPkg - ok
21:18:57. [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
21:18:57. ksthunk - ok
21:18:57. [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
21:18:57. KtmRm - ok
21:18:57. [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
21:18:57. LanmanServer - ok
21:18:58. [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
21:18:58. LanmanWorkstation - ok
21:18:58. [ CEEFD29FC551F289810B0B9381B321DC ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
21:18:58. lltdio - ok
21:18:58. [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
21:18:58. lltdsvc - ok
21:18:58. [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
21:18:58. lmhosts - ok
21:18:58. [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
21:18:58. LSI_SAS - ok
21:18:58. [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
21:18:58. LSI_SAS2 - ok
21:18:58. [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI        C:\WINDOWS\system32\drivers\lsi_scsi.sys
21:18:58. LSI_SCSI - ok
21:18:58. [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
21:18:58. LSI_SSS - ok
21:18:58. [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM             C:\WINDOWS\System32\lsm.dll
21:18:58. LSM - ok
21:18:58. [ 2BDC5D711FA61307CE6190D47C956368 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
21:18:58. luafv - ok
21:18:58. [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
21:18:58. MBAMProtector - ok
21:18:58. [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:18:58. MBAMScheduler - ok
21:18:58. [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:18:58. MBAMService - ok
21:18:58. [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
21:18:58. megasas - ok
21:18:58. [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR          C:\WINDOWS\system32\drivers\MegaSR.sys
21:18:58. MegaSR - ok
21:18:58. [ 54CECB92EE2140BE1A9EC19C16EED57A ] mf              C:\WINDOWS\System32\drivers\mf.sys
21:18:58. mf - ok
21:18:58. [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS           C:\WINDOWS\system32\mmcss.dll
21:18:58. MMCSS - ok
21:18:58. [ 780098AD5DA8A4822E2563984C85EF7B ] Modem           C:\WINDOWS\system32\drivers\modem.sys
21:18:58. Modem - ok
21:18:58. [ EA8EAD3F5B762F889CC7F3966625B48B ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
21:18:58. monitor - ok
21:18:58. [ 618446B98C79776654340CE27C73485E ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
21:18:58. mouclass - ok
21:18:58. [ C0ADEBED913295803B579ED288936CBB ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
21:18:58. mouhid - ok
21:18:58. [ 89D263DBF08119CE16273991C120D6DD ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
21:18:58. mountmgr - ok
21:18:58. [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:18:58. MozillaMaintenance - ok
21:18:58. [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
21:18:59. mpsdrv - ok
21:18:59. [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
21:18:59. MpsSvc - ok
21:18:59. [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
21:18:59. MRxDAV - ok
21:18:59. [ 93179D48066918323628CB016D8C94DC ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:18:59. mrxsmb - ok
21:18:59. [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
21:18:59. mrxsmb10 - ok
21:18:59. [ 5C7DD2E5759FFCCD2C7341C1B90F2B26 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
21:18:59. mrxsmb20 - ok
21:18:59. [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
21:18:59. MsBridge - ok
21:18:59. [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
21:18:59. MSDTC - ok
21:18:59. [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
21:18:59. Msfs - ok
21:18:59. [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
21:18:59. msgpiowin32 - ok
21:18:59. [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
21:18:59. mshidkmdf - ok
21:18:59. [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
21:18:59. mshidumdf - ok
21:18:59. [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
21:18:59. msisadrv - ok
21:18:59. [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
21:18:59. MSiSCSI - ok
21:18:59. msiserver - ok
21:18:59. [ 509809566E49F4411055864EA8D437CD ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:18:59. MSKSSRV - ok
21:18:59. [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
21:18:59. MsLldp - ok
21:18:59. [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:18:59. MSPCLOCK - ok
21:18:59. [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
21:18:59. MSPQM - ok
21:18:59. [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
21:18:59. MsRPC - ok
21:18:59. [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
21:18:59. mssmbios - ok
21:18:59. [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
21:18:59. MSTEE - ok
21:18:59. [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
21:18:59. MTConfig - ok
21:18:59. [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor        C:\WINDOWS\system32\DRIVERS\ASACPI.sys
21:18:59. MTsensor - ok
21:18:59. [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
21:19:00. Mup - ok
21:19:00. [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
21:19:00. mvumis - ok
21:19:00. [ 4B18840511D720BA118D3017E8165875 ] napagent        C:\WINDOWS\system32\qagentRT.dll
21:19:00. napagent - ok
21:19:00. [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
21:19:00. NativeWifiP - ok
21:19:00. [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
21:19:00. NcaSvc - ok
21:19:00. [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
21:19:00. NcdAutoSetup - ok
21:19:00. [ A10E176F3B2BF83EDE7B5C4658C93B66 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
21:19:00. NDIS - ok
21:19:00. [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
21:19:00. NdisCap - ok
21:19:00. [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
21:19:00. NdisImPlatform - ok
21:19:00. [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:19:00. NdisTapi - ok
21:19:00. [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:19:00. Ndisuio - ok
21:19:00. [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:19:00. NdisWan - ok
21:19:00. [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:19:00. NDISWANLEGACY - ok
21:19:00. [ 3730942D7DB2F8BB5F84542B7FF6F650 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
21:19:00. NDProxy - ok
21:19:00. [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
21:19:00. Ndu - ok
21:19:00. [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
21:19:00. NetBIOS - ok
21:19:00. [ 7CEC25C682D319D484630B3952C31A11 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
21:19:00. NetBT - ok
21:19:00. [ F702AB6181513303AB0FC8D59E52708B ] Netlogon        C:\WINDOWS\system32\lsass.exe
21:19:00. Netlogon - ok
21:19:00. [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman          C:\WINDOWS\System32\netman.dll
21:19:00. Netman - ok
21:19:00. [ 79FA9393C67EBBF92A56923592CF7A7C ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
21:19:00. netprofm - ok
21:19:00. [ F3A1D8B7317939813568992D1BFDDE37 ] netr7364        C:\WINDOWS\system32\DRIVERS\netr7364.sys
21:19:00. netr7364 - ok
21:19:00. [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:19:00. NetTcpPortSharing - ok
21:19:00. [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960         C:\WINDOWS\system32\drivers\nfrd960.sys
21:19:00. nfrd960 - ok
21:19:01. [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
21:19:01. NlaSvc - ok
21:19:01. [ 2F48AB72B6D554A41817020171DC53D6 ] NmPar           C:\WINDOWS\system32\DRIVERS\NmPar.sys
21:19:01. NmPar - ok
21:19:01. [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
21:19:01. Npfs - ok
21:19:01. [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
21:19:01. npsvctrig - ok
21:19:01. [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi             C:\WINDOWS\system32\nsisvc.dll
21:19:01. nsi - ok
21:19:01. [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
21:19:01. nsiproxy - ok
21:19:01. [ 76929F4A69E425911A63B407E26C2589 ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
21:19:01. Ntfs - ok
21:19:01. [ 7420B2E1F65642129B6E23BD42F752AA ] ntk_PowerDVD    C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
21:19:01. ntk_PowerDVD - ok
21:19:01. [ 4163ADE07DB51843AE31F65B94F5398D ] Null            C:\WINDOWS\system32\drivers\Null.sys
21:19:01. Null - ok
21:19:01. [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
21:19:01. nvraid - ok
21:19:01. [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
21:19:01. nvstor - ok
21:19:01. [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
21:19:01. nv_agp - ok
21:19:01. [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:19:01. ose - ok
21:19:01. [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:19:01. osppsvc - ok
21:19:01. [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
21:19:01. p2pimsvc - ok
21:19:01. [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
21:19:01. p2psvc - ok
21:19:01. [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
21:19:01. Parport - ok
21:19:01. [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
21:19:01. partmgr - ok
21:19:02. [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
21:19:02. PcaSvc - ok
21:19:02. [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci             C:\WINDOWS\system32\drivers\pci.sys
21:19:02. pci - ok
21:19:02. [ F9908D274D458220F91E89B54D78D837 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
21:19:02. pciide - ok
21:19:02. [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
21:19:02. pcmcia - ok
21:19:02. [ CEBBAD5391C2644560C55628A40BFD27 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
21:19:02. pcw - ok
21:19:02. [ 0698DEDEAD6A00AD0D468C687D830FBF ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
21:19:02. pdc - ok
21:19:02. [ 61FE70659CD43E07F94DA4DC31DEC493 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
21:19:02. PEAUTH - ok
21:19:02. [ DF0D9BDCB600913F40FF125BF8CE1979 ] PeerDistSvc     C:\WINDOWS\system32\peerdistsvc.dll
21:19:02. PeerDistSvc - ok
21:19:02. [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
21:19:02. PerfHost - ok
21:19:02. [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla             C:\WINDOWS\system32\pla.dll
21:19:02. pla - ok
21:19:02. [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
21:19:02. PlugPlay - ok
21:19:02. [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
21:19:02. PNRPAutoReg - ok
21:19:02. [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
21:19:02. PNRPsvc - ok
21:19:02. [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
21:19:02. PolicyAgent - ok
21:19:02. [ F1E067F56373F11EA4B785CAE823740A ] Power           C:\WINDOWS\system32\umpo.dll
21:19:02. Power - ok
21:19:02. [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:19:02. PptpMiniport - ok
21:19:03. [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
21:19:03. PrintNotify - ok
21:19:03. [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor       C:\WINDOWS\System32\drivers\processr.sys
21:19:03. Processor - ok
21:19:03. [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
21:19:03. ProfSvc - ok
21:19:03. [ EB8034147D4820CD31BFCB11A2A652DF ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
21:19:03. Psched - ok
21:19:03. [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE           C:\WINDOWS\system32\qwave.dll
21:19:03. QWAVE - ok
21:19:03. [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
21:19:03. QWAVEdrv - ok
21:19:03. [ 873C60F8178100557740A832FCE10B5F ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:19:03. RasAcd - ok
21:19:03. [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn     C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
21:19:03. RasAgileVpn - ok
21:19:03. [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
21:19:03. RasAuto - ok
21:19:03. [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:19:03. Rasl2tp - ok
21:19:03. [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan          C:\WINDOWS\System32\rasmans.dll
21:19:03. RasMan - ok
21:19:03. [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:19:03. RasPppoe - ok
21:19:03. [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp         C:\WINDOWS\system32\DRIVERS\rassstp.sys
21:19:03. RasSstp - ok
21:19:03. [ CA03D642ACE58E1BA54E4B383F91CD69 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:19:03. rdbss - ok
21:19:03. [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
21:19:03. rdpbus - ok
21:19:03. [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
21:19:03. RDPDR - ok
21:19:03. [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
21:19:03. RdpVideoMiniport - ok
21:19:03. [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
21:19:03. RDPWD - ok
21:19:03. [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
21:19:03. rdyboost - ok
21:19:03. [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
21:19:03. RemoteAccess - ok
21:19:03. [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
21:19:04. RemoteRegistry - ok
21:19:04. [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
21:19:04. RpcEptMapper - ok
21:19:04. [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator      C:\WINDOWS\system32\locator.exe
21:19:04. RpcLocator - ok
21:19:04. [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
21:19:04. RpcSs - ok
21:19:04. [ E04E770DD198B9399640717145E79EBF ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
21:19:04. rspndr - ok
21:19:04. [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
21:19:04. s3cap - ok
21:19:04. [ F702AB6181513303AB0FC8D59E52708B ] SamSs           C:\WINDOWS\system32\lsass.exe
21:19:04. SamSs - ok
21:19:04. [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
21:19:04. sbp2port - ok
21:19:04. [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
21:19:04. SCardSvr - ok
21:19:04. [ 5D7733A12756B267FCA021672B26BC9E ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
21:19:04. scfilter - ok
21:19:04. [ ED40ED9A65F3E79A8C43DD50C5FDADBF ] Schedule        C:\WINDOWS\system32\schedsvc.dll
21:19:04. Schedule - ok
21:19:04. [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
21:19:04. SCPolicySvc - ok
21:19:04. [ 98636FB2973B8876A7F0BECD076CF109 ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
21:19:04. sdbus - ok
21:19:04. [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
21:19:04. SDRSVC - ok
21:19:04. [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
21:19:04. sdstor - ok
21:19:04. [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
21:19:04. secdrv - ok
21:19:04. [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon        C:\WINDOWS\system32\seclogon.dll
21:19:04. seclogon - ok
21:19:04. [ 9C51620998F0763039DFA6BF68E475ED ] SENS            C:\WINDOWS\system32\sens.dll
21:19:04. SENS - ok
21:19:04. [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
21:19:04. SensrSvc - ok
21:19:04. [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
21:19:04. SerCx - ok
21:19:04. [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
21:19:04. Serenum - ok
21:19:04. [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
21:19:05. Serial - ok
21:19:05. [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
21:19:05. sermouse - ok
21:19:05. [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
21:19:05. SessionEnv - ok
21:19:05. [ 7EE65419B29302C795714FF8073969A1 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
21:19:05. sfloppy - ok
21:19:05. [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
21:19:05. SharedAccess - ok
21:19:05. [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:19:05. ShellHWDetection - ok
21:19:05. [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
21:19:05. SiSRaid2 - ok
21:19:05. [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
21:19:05. SiSRaid4 - ok
21:19:05. [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
21:19:05. SNMPTRAP - ok
21:19:05. [ FD3AF5575B99871BADB94E7699DBCE08 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
21:19:05. spaceport - ok
21:19:05. [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
21:19:05. SpbCx - ok
21:19:05. [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
21:19:05. Spooler - ok
21:19:05. [ EC84D961501054F87A6878EC5D53388F ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
21:19:05. sppsvc - ok
21:19:05. [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
21:19:05. srv - ok
21:19:05. [ 56218A571ECF8D55E0CDFF8DF2546CF1 ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
21:19:05. srv2 - ok
21:19:05. [ 14FC338B80CFF7E04215133B568D15C4 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
21:19:06. srvnet - ok
21:19:06. [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
21:19:06. SSDPSRV - ok
21:19:06. [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
21:19:06. SstpSvc - ok
21:19:06. [ A97BFF59B3B983FDBDCD8AE6CF3C1E2D ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
21:19:06. ssudmdm - ok
21:19:06. [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
21:19:06. stexstor - ok
21:19:06. [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc          C:\WINDOWS\System32\wiaservc.dll
21:19:06. stisvc - ok
21:19:06. [ B240874B2CA0CD02E8CD11E140B14C57 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
21:19:06. storahci - ok
21:19:06. [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt         C:\WINDOWS\system32\DRIVERS\vmstorfl.sys
21:19:06. storflt - ok
21:19:06. [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
21:19:06. StorSvc - ok
21:19:06. [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
21:19:06. storvsc - ok
21:19:06. [ 1A36AC469140F87CDE62D7F8524E270C ] storvsp         C:\WINDOWS\System32\drivers\storvsp.sys
21:19:06. storvsp - ok
21:19:06. [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc           C:\WINDOWS\system32\svsvc.dll
21:19:06. svsvc - ok
21:19:06. [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
21:19:06. swenum - ok
21:19:06. [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:19:06. SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
21:19:06. SwitchBoard - detected UnsignedFile.Multi.Generic (1)
21:19:06. [ 502F9488540051F3E6C39889ECFA76BB ] swprv           C:\WINDOWS\System32\swprv.dll
21:19:06. swprv - ok
21:19:06. [ A06CB9269D29EE3D0F3F5630ABB660B8 ] SysMain         C:\WINDOWS\system32\sysmain.dll
21:19:06. SysMain - ok
21:19:06. [ 6FB88606C4A71E1BFAF97D63A676C673 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
21:19:06. SystemEventsBroker - ok
21:19:06. [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
21:19:06. TabletInputService - ok
21:19:06. [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
21:19:06. TapiSrv - ok
21:19:06. [ 0D05E0147C1329C53AAF97882DEDD96A ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
21:19:06. Tcpip - ok
21:19:07. [ 0D05E0147C1329C53AAF97882DEDD96A ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:19:07. TCPIP6 - ok
21:19:07. [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
21:19:07. tcpipreg - ok
21:19:07. [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
21:19:07. tdx - ok
21:19:07. [ 419FEE773EC33963FE32C3AB96733B32 ] TeamViewer8     C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
21:19:07. TeamViewer8 - ok
21:19:07. [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
21:19:07. terminpt - ok
21:19:07. [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService     C:\WINDOWS\System32\termsrv.dll
21:19:07. TermService - ok
21:19:07. [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes          C:\WINDOWS\system32\themeservice.dll
21:19:07. Themes - ok
21:19:07. [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
21:19:07. THREADORDER - ok
21:19:07. [ D74D0045F5671538286B6944B6FFAB0E ] tifsfilter      C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
21:19:07. tifsfilter - ok
21:19:07. [ 4515B9E4140F04FB3907692DF89FCA87 ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
21:19:07. TimeBroker - ok
21:19:07. [ 6F0BFF80EE2A5BC841286A51F893CBAD ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
21:19:07. TPM - ok
21:19:07. [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks          C:\WINDOWS\System32\trkwks.dll
21:19:07. TrkWks - ok
21:19:07. [ 8ABBB5CE0C62E0A6D28F32F44B7F865C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
21:19:07. TrustedInstaller - ok
21:19:07. [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
21:19:07. TsUsbFlt - ok
21:19:07. [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
21:19:07. TsUsbGD - ok
21:19:07. [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
21:19:07. tunnel - ok
21:19:07. [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
21:19:07. uagp35 - ok
21:19:07. [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
21:19:07. UASPStor - ok
21:19:07. [ 4834158B8D06A153FADAB6B85320FBBE ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
21:19:07. UCX01000 - ok
21:19:08. [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
21:19:08. udfs - ok
21:19:08. [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
21:19:08. UI0Detect - ok
21:19:08. [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
21:19:08. uliagpkx - ok
21:19:08. [ 02CEB3FE6152668A7BA420B93B664860 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
21:19:08. umbus - ok
21:19:08. [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
21:19:08. UmPass - ok
21:19:08. [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
21:19:08. UmRdpService - ok
21:19:08. [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost        C:\WINDOWS\System32\upnphost.dll
21:19:08. upnphost - ok
21:19:08. [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
21:19:08. usbccgp - ok
21:19:08. [ B395B62B62F28106218FA6FB17F4C797 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
21:19:08. usbcir - ok
21:19:08. [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
21:19:08. usbehci - ok
21:19:08. [ ADBF89B8E0BB372FEFE2E4B84E1E20AE ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
21:19:08. usbhub - ok
21:19:08. [ EA040D4C6C94F315A85F3D0EAA884B37 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
21:19:08. USBHUB3 - ok
21:19:08. [ 325F6179009B5A7F6118951A5BA422AB ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
21:19:08. usbohci - ok
21:19:08. [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
21:19:08. usbprint - ok
21:19:08. [ A9858597B6DB695F78A37F6755A6FF98 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:19:08. usbscan - ok
21:19:08. [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
21:19:08. USBSTOR - ok
21:19:08. [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
21:19:08. usbuhci - ok
21:19:08. [ 1ADCF0A490C2845637B334626669CD6F ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
21:19:08. USBXHCI - ok
21:19:08. [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc        C:\WINDOWS\system32\lsass.exe
21:19:08. VaultSvc - ok
21:19:08. [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone          C:\WINDOWS\system32\DRIVERS\VClone.sys
21:19:08. VClone - ok
21:19:08. [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
21:19:08. vdrvroot - ok
21:19:08. [ 1B4488988E5E7512E6C5CD1255E9E973 ] vds             C:\WINDOWS\System32\vds.exe
21:19:08. vds - ok
21:19:08. [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
21:19:08. VerifierExt - ok
21:19:09. [ 500BE6B2E49883720D0AE8BB859ED7A3 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
21:19:09. vhdmp - ok
21:19:09. [ F5B4A14B00E89250C50982AC762DDD1D ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
21:19:09. viaide - ok
21:19:09. [ 0E43886F01C85B47BA0A3157274BCF59 ] Vid             C:\WINDOWS\System32\drivers\Vid.sys
21:19:09. Vid - ok
21:19:09. [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
21:19:09. vmbus - ok
21:19:09. [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
21:19:09. VMBusHID - ok
21:19:09. [ B4F432A51826FFC66F4DF72A83E8E4B1 ] vmbusr          C:\WINDOWS\System32\drivers\vmbusr.sys
21:19:09. vmbusr - ok
21:19:09. [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
21:19:09. vmicheartbeat - ok
21:19:09. [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
21:19:09. vmickvpexchange - ok
21:19:09. [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
21:19:09. vmicrdv - ok
21:19:09. [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
21:19:09. vmicshutdown - ok
21:19:09. [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
21:19:09. vmictimesync - ok
21:19:09. [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
21:19:09. vmicvss - ok
21:19:09. [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
21:19:09. volmgr - ok
21:19:09. [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
21:19:09. volmgrx - ok
21:19:09. [ 78A5BBA3819FFFC62FFEC3E2220D102D ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
21:19:09. volsnap - ok
21:19:09. [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
21:19:09. vpci - ok
21:19:09. [ 0190AFFF28F600461C0164353CC7EE27 ] vpcivsp         C:\WINDOWS\System32\drivers\vpcivsp.sys
21:19:09. vpcivsp - ok
21:19:09. [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
21:19:09. vsmraid - ok
21:19:09. [ D0C69E44BC1E1D4AD290FD84104623D8 ] VSS             C:\WINDOWS\system32\vssvc.exe
21:19:09. VSS - ok
21:19:09. [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
21:19:09. VSTXRAID - ok
21:19:09. [ 62460A45435A26A334907E3F2EA45611 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
21:19:09. vwifibus - ok
21:19:09. [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt        C:\WINDOWS\system32\DRIVERS\vwififlt.sys
21:19:09. vwififlt - ok
21:19:09. [ F690B6EEAA94576727B24376D7ED3601 ] W32Time         C:\WINDOWS\system32\w32time.dll
21:19:09. W32Time - ok
21:19:09. [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
21:19:09. WacomPen - ok
21:19:10. [ 61F6972FF9AC9A8D0B4D62076DC30051 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:19:10. Wanarp - ok
21:19:10. [ 61F6972FF9AC9A8D0B4D62076DC30051 ] Wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:19:10. Wanarpv6 - ok
21:19:10. [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine        C:\WINDOWS\system32\wbengine.exe
21:19:10. wbengine - ok
21:19:10. [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
21:19:10. WbioSrvc - ok
21:19:10. [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
21:19:10. Wcmsvc - ok
21:19:10. [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
21:19:10. wcncsvc - ok
21:19:10. [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
21:19:10. WcsPlugInService - ok
21:19:10. [ B3A4D918DAB90505B6BC7B70632913CB ] Wd              C:\WINDOWS\system32\drivers\wd.sys
21:19:10. Wd - ok
21:19:10. [ 6F4B5DDDC3B86091E94BC47347A78AF7 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
21:19:10. WdBoot - ok
21:19:10. [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
21:19:10. Wdf01000 - ok
21:19:10. [ 99D404A9A0AFC4734E014EBEBAC13F8F ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
21:19:10. WdFilter - ok
21:19:10. [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
21:19:10. WdiServiceHost - ok
21:19:10. [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
21:19:10. WdiSystemHost - ok
21:19:10. [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient       C:\WINDOWS\System32\webclnt.dll
21:19:10. WebClient - ok
21:19:10. [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
21:19:10. Wecsvc - ok
21:19:10. [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
21:19:10. wercplsupport - ok
21:19:10. [ 5F70EBFC1F75B487DE79501E3CCBDB54 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
21:19:10. WerSvc - ok
21:19:10. [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
21:19:10. WFPLWFS - ok
21:19:10. [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
21:19:10. WiaRpc - ok
21:19:10. [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
21:19:11. WIMMount - ok
21:19:11. WinDefend - ok
21:19:11. [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
21:19:11. WinHttpAutoProxySvc - ok
21:19:11. [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
21:19:11. Winmgmt - ok
21:19:11. [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
21:19:11. WinRM - ok
21:19:11. [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
21:19:11. WlanSvc - ok
21:19:11. [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
21:19:11. wlidsvc - ok
21:19:11. [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
21:19:11. WmiAcpi - ok
21:19:11. [ D113499052C5E541906B727779F0F959 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
21:19:11. wmiApSrv - ok
21:19:11. WMPNetworkSvc - ok
21:19:11. [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
21:19:11. wpcfltr - ok
21:19:11. [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
21:19:11. WPCSvc - ok
21:19:11. [ 3013658A4D327854BEEC4A08D9655194 ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
21:19:11. WPDBusEnum - ok
21:19:11. [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
21:19:11. WpdUpFltr - ok
21:19:12. [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
21:19:12. ws2ifsl - ok
21:19:12. [ 012CFE7F0F95266F554EE3B91EE2128A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
21:19:12. wscsvc - ok
21:19:12. WSearch - ok
21:19:12. [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService       C:\WINDOWS\System32\WSService.dll
21:19:12. WSService - ok
21:19:12. [ BE302BABE45EC05995F8DC66E37BBB3D ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
21:19:12. wuauserv - ok
21:19:12. [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
21:19:12. WudfPf - ok
21:19:12. [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
21:19:12. WUDFRd - ok
21:19:12. [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFSensorLP    C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
21:19:12. WUDFSensorLP - ok
21:19:12. [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
21:19:12. wudfsvc - ok
21:19:12. [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
21:19:12. WUDFWpdFs - ok
21:19:12. [ FBB9B00D7A5756B0AA8E10BF7619E604 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
21:19:12. WwanSvc - ok
21:19:12. [ 1870A74EE2901CA09FFBFE79A5EE0E94 ] {329F96B6-DF1E-4328-BFDA-39EA953C1312} C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
21:19:12. {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
21:19:12. ================ Scan global ===============================
21:19:12. [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\WINDOWS\system32\basesrv.dll
21:19:12. [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\WINDOWS\system32\winsrv.dll
21:19:12. [ BD7C6949984D19AAA609896B675E7357 ] C:\WINDOWS\system32\sxssrv.dll
21:19:12. [ 8F226143046435C75C033B0C52E90FFE ] C:\WINDOWS\system32\services.exe
21:19:12. [Global] - ok
21:19:12. ================ Scan MBR ==================================
21:19:12. [ 2AFC9745D484D280064F071B86296281 ] \Device\Harddisk0\DR0
21:19:13. \Device\Harddisk0\DR0 - ok
21:19:13. [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
21:19:13. \Device\Harddisk1\DR1 - ok
21:19:13. [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk2\DR2
21:19:13. \Device\Harddisk2\DR2 - ok
21:19:13. [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk3\DR3
21:19:19. \Device\Harddisk3\DR3 - ok
21:19:19. ================ Scan VBR ==================================
21:19:19. [ 4EAFE3335CEC03398BA68F35610163C3 ] \Device\Harddisk0\DR0\Partition1
21:19:19. \Device\Harddisk0\DR0\Partition1 - ok
21:19:19. [ 6AF9C417139A88C7A3E2E96C9AA561DB ] \Device\Harddisk1\DR1\Partition1
21:19:19. \Device\Harddisk1\DR1\Partition1 - ok
21:19:19. [ A049880A81AF59787EA90FE59311176F ] \Device\Harddisk1\DR1\Partition2
21:19:19. \Device\Harddisk1\DR1\Partition2 - ok
21:19:19. [ 14EBD0267752D4025792389E878675DA ] \Device\Harddisk1\DR1\Partition3
21:19:19. \Device\Harddisk1\DR1\Partition3 - ok
21:19:19. [ 8AACF7E7307DF732B24036DCB4ACFB4B ] \Device\Harddisk2\DR2\Partition1
21:19:19. \Device\Harddisk2\DR2\Partition1 - ok
21:19:19. [ 677F9E1B13F08E66D190631B947AB33E ] \Device\Harddisk2\DR2\Partition2
21:19:19. \Device\Harddisk2\DR2\Partition2 - ok
21:19:19. [ 880ADF0894A426D86F73DE873CA3F364 ] \Device\Harddisk2\DR2\Partition3
21:19:19. \Device\Harddisk2\DR2\Partition3 - ok
21:19:19. [ F0109BF8F76D6301B50854B92462406D ] \Device\Harddisk3\DR3\Partition1
21:19:19. \Device\Harddisk3\DR3\Partition1 - ok
21:19:19. ============================================================
21:19:19. Scan finished
21:19:19. ============================================================
21:19:19. Detected object count: 2
21:19:19. Actual detected object count: 2
21:19:35. ClassicShellService ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:35. ClassicShellService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:19:35. SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:35. SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:20:04. Deinitialize success
         
Gruß

Stephan


Alt 07.08.2013, 21:26   #6
markusg
/// Malware-holic
 
ClickCompare Malware auf Win 8 x64 - Standard

ClickCompare Malware auf Win 8 x64



Hi, reiche noch das Hitmanpro log nach welches du erstellt hastb
__________________
--> ClickCompare Malware auf Win 8 x64

Alt 07.08.2013, 21:33   #7
elmausi
 
ClickCompare Malware auf Win 8 x64 - Standard

ClickCompare Malware auf Win 8 x64



Bitteschön!

Code:
ATTFilter
HitmanPro 3.7.6.201
www.hitmanpro.com

   Computer name . . . . : MAUSI
   Windows . . . . . . . : 6.2.0.9200.X64/2
   User name . . . . . . : Mausi\Stephan
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-08-04 22:43:24
   Scan mode . . . . . . : Quick
   Scan duration . . . . : 1m 42s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 0

   Objects scanned . . . : 4.422
   Files scanned . . . . : 4.422
   Remnants scanned  . . : 0 files / 0 keys
         

Alt 07.08.2013, 22:05   #8
markusg
/// Malware-holic
 
ClickCompare Malware auf Win 8 x64 - Standard

ClickCompare Malware auf Win 8 x64



Hi,
es sind 2 Logs zu erstellen, möglichst gleichzeitig posten.
1.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Neustarten.
2.

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.08.2013, 22:37   #9
elmausi
 
ClickCompare Malware auf Win 8 x64 - Standard

ClickCompare Malware auf Win 8 x64



OK, hier sind sie dann:

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 07/08/2013 um 22:22:41 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 8 Pro  (64 bits)
# Benutzer : Stephan - MAUSI
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Stephan\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\ProgramData\Premium
Ordner Gelöscht : C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf
Ordner Gelöscht : C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\wri0mq58.default-1352675556171\jetpack

***** [Registrierungsdatenbank] *****

Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v23.0 (de)

Datei : C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\9su0hifd.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\wri0mq58.default-1352675556171\prefs.js

Gelöscht : user_pref("extensions.50e584dfe1837.scode", "if(window.self==window.top){var script=document.createE[...]

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\Stephan\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S2].txt - [1674 octets] - [07/08/2013 22:22:41]

########## EOF - C:\AdwCleaner[S2].txt - [1734 octets] ##########
         
--- --- ---


Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.6 (08.07.2013:2)
OS: Windows 8 Pro x64
Ran by Stephan on 07.08.2013 at 22:27:57,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] isafekrnl 
Failed to stop: [Service] isafeservice 



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dealplylive.exe
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealplylive
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\trolltech
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyrixeeker
Successfully deleted: [Registry Key] "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-341466373-3681085009-323642726-1000\Software\SweetIM"
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealplylive
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\isafe
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\Users\Stephan\AppData\Roaming\isafe"
Successfully deleted: [Folder] "C:\Program Files (x86)\isafe"
Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\Users\Stephan\AppData\Roaming\mozilla\firefox\profiles\wri0mq58.default-1352675556171\invalidprefs.js
Successfully deleted the following from C:\Users\Stephan\AppData\Roaming\mozilla\firefox\profiles\wri0mq58.default-1352675556171\prefs.js

user_pref("extensions.50e584dfe1837.scode", "if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//www.superfish.
Emptied folder: C:\Users\Stephan\AppData\Roaming\mozilla\firefox\profiles\wri0mq58.default-1352675556171\minidumps [68 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.08.2013 at 22:31:59,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Alt 07.08.2013, 22:44   #10
markusg
/// Malware-holic
 
ClickCompare Malware auf Win 8 x64 - Standard

ClickCompare Malware auf Win 8 x64



Hi, mal neustarten, f8 drücken, abgesicherter Modus wählen, in deinem Konto anmelden.
junkware removal Tool erneut ausführen, neustarten in den normalen Modus, das neue Log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.08.2013, 21:55   #11
elmausi
 
ClickCompare Malware auf Win 8 x64 - Standard

ClickCompare Malware auf Win 8 x64



So, hier noch das Log aus dem abgesicherten Modus:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.6 (08.07.2013:2)
OS: Windows 8 Pro x64
Ran by Stephan on 08.08.2013 at 20:51:19,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] isafekrnl 
Successfully deleted: [Service] isafekrnl 
Successfully stopped: [Service] isafeservice 
Successfully deleted: [Service] isafeservice 



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\premium"



~~~ FireFox

Successfully deleted the following from C:\Users\Stephan\AppData\Roaming\mozilla\firefox\profiles\wri0mq58.default-1352675556171\prefs.js

user_pref("extensions.50e584dfe1837.scode", "if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//www.superfish.



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.08.2013 at 20:52:53,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Leider sind die Weiterleitungen immer noch vorhanden.

Alt 09.08.2013, 18:39   #12
markusg
/// Malware-holic
 
ClickCompare Malware auf Win 8 x64 - Standard

ClickCompare Malware auf Win 8 x64



Hi,
neues FRST Log bitte.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.08.2013, 20:36   #13
elmausi
 
ClickCompare Malware auf Win 8 x64 - Standard

ClickCompare Malware auf Win 8 x64



Sehr gerne, bitteschön!

FRST.txt

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2013 02
Ran by Stephan (administrator) on 09-08-2013 20:34:43
Running from C:\Users\Stephan\Desktop
Windows 8 Pro (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\WINDOWS\system32\atiesrxx.exe
(AMD) C:\WINDOWS\system32\atieclxx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Systweak) C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(TeamViewer GmbH) c:\program files (x86)\teamviewer\version8\TeamViewer_Desktop.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-31] (Realtek Semiconductor)
HKCU\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [6864984 2013-02-09] (SlySoft, Inc.)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-03-20] (Samsung Electronics)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl11] - C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe [234792 2011-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
Startup: C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - No Name - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -  No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com.tw/common/asusTek_sys_ctrl.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
Tcpip\Parameters: [DhcpNameServer] 193.189.250.101 193.189.250.100 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\wri0mq58.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Stephan\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: No Name - C:\Users\Stephan\AppData\Roaming\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] C:\Program Files (x86)\LyriXeeker\125.xpi

Chrome: 
=======
CHR Extension: (Docs) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Vaudix) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldcfmobmbmkkbclfglefpicikipmpkhn\1.3_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR Extension: (Gmail) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [ldcfmobmbmkkbclfglefpicikipmpkhn] - C:\ProgramData\Vaudix\ldcfmobmbmkkbclfglefpicikipmpkhn.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR HKLM-x32\...\Chrome\Extension: [odnofacmifkjndflfmmplhckcbfjckhj] - C:\Program Files (x86)\LyriXeeker\125.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft)
R2 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-05-19] ()
R2 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [70952 2011-05-12] (CyberLink)
R2 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [312616 2011-05-12] (CyberLink)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] ()
R3 AtcL001; C:\Windows\system32\DRIVERS\l160x64.sys [61440 2009-10-13] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NmPar; C:\Windows\system32\DRIVERS\NmPar.sys [95744 2010-01-12] (Windows (R) Codename Longhorn DDK provider)
R2 ntk_PowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [75248 2011-05-19] (Cyberlink Corp.)
R2 ntk_PowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [75248 2011-05-19] (Cyberlink Corp.)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-05-20] (CyberLink Corp.)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-05-20] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U3 idsvc; 
S3 NPF; system32\drivers\NPF.sys [x]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\1394ohci.sys E890C46E4754F0DF51BAFCC8D2E07498
C:\Windows\System32\drivers\3ware.sys 4F18D4C7EA14F11A7211F60D553C03DB
C:\Windows\System32\drivers\ACPI.sys 975AABEB243B800C23626D6B652C5A9C
C:\Windows\System32\Drivers\acpiex.sys DC968C37822117E576B933F34A2D130C
C:\Windows\System32\drivers\acpipagr.sys 0CA9F7C3A78227C21A0A7854E245CFB2
C:\Windows\System32\drivers\acpipmi.sys 8EB8DA03B142D3DD1EB9ED8107A76C43
C:\Windows\System32\drivers\acpitime.sys CBCE725C5D86ABA7D2604E22951AA9B8
C:\Windows\System32\drivers\adp94xx.sys 93C6388592B99925C1D1576E465BC80F
C:\Windows\System32\drivers\adpahci.sys D27763E0247292654E7F7D16444C7C72
C:\Windows\System32\drivers\adpu320.sys 67B90070FF48F794AF19F9FCF0080D75
C:\Windows\system32\drivers\afd.sys 36D6A3201721558A8AFBCC09C2DA4C2C
C:\Windows\System32\drivers\agp440.sys 01590377A5AB19E792528C628A2A68F9
C:\Windows\System32\drivers\amdk8.sys 5A81054B824004B1ECC04F0034A1CDF9
C:\Windows\system32\DRIVERS\atikmdag.sys 5B871F3E4A4A6C4693A413E3138B51D0
C:\Windows\system32\DRIVERS\atikmpag.sys 9BE1140CE8D2C5E878F136A7B85D41B3
C:\Windows\System32\drivers\amdppm.sys B849D453E644FAB9BC8EF6DC8CA9C4C6
C:\Windows\System32\drivers\amdsata.sys 35A0EB5AECB0FA3C41A2FB514A562304
C:\Windows\System32\drivers\amdsbs.sys 00452671904F5EE94B50BF0219C97164
C:\Windows\System32\drivers\amdxata.sys EA3FFE53E92E59C87E3ECA9BEB20D9B7
C:\Windows\System32\Drivers\AnyDVD.sys B5C0F65D6657C6ADD9ED75EC7583390B
C:\Windows\system32\drivers\appid.sys 83B3682CE922FB0F415734B26D9D6233
C:\Windows\System32\drivers\arc.sys E933401B392387F4BE34DE8BAF1722A7
C:\Windows\System32\drivers\arcsas.sys 07CA323EF2E8247A568AB0F3662AD644
C:\Windows\System32\Drivers\aswFsBlk.sys 0BAEFD3F648C6E7AB52990DD9565E4E2
C:\WINDOWS\system32\drivers\aswMonFlt.sys FA562F34ED6633C66170B09182B4C049
C:\Windows\System32\Drivers\aswrdr2.sys 64E2BAB4096C13D2342BC4661C967E07
C:\Windows\System32\Drivers\aswRvrt.sys 5573AA70993A2BB81525B1C704B88763
C:\Windows\System32\Drivers\aswSnx.sys 8C0800CDB501CFC1164B286A0478DC10
C:\Windows\System32\Drivers\aswSP.sys 3815DB16CDA62190F5C0A65118F3D714
C:\Windows\System32\Drivers\aswTdi.sys 29DD8E458A84171202AA4979364C30C0
C:\Windows\System32\Drivers\aswVmm.sys 22F521108881DC59837F6FC614E0568F
C:\Windows\System32\DRIVERS\asyncmac.sys 74DBAEC35366C4EE7670428808715A6A
C:\Windows\System32\drivers\atapi.sys A721FF570C2387E383BDDEA9632863C9
C:\Windows\system32\DRIVERS\l160x64.sys 940E5B876251E04FFFE058AD71FE0F1C
C:\Windows\system32\drivers\AtihdW76.sys 2B3B05C0A7768BF033217EB8F33F9C35
C:\Windows\System32\drivers\bxvbda.sys 87AB5BB072A3F128541D5B815F82FFDD
C:\Windows\System32\drivers\BasicDisplay.sys 81703BC5D68DEDBB086C2368FBE7B334
C:\Windows\System32\drivers\BasicRender.sys 5EC68164E14D25675C98BBB5F09E8606
C:\Windows\System32\Drivers\Beep.sys 9E7AEA59776D904607985AFFE7E5E183
C:\Windows\System32\DRIVERS\bowser.sys B17AC10B47C7FCB44D22A1F06415840E
C:\Windows\System32\drivers\BthAvrcpTg.sys 6695200F455E251F0BCC9CE4D0978D59
C:\Windows\System32\drivers\bthhfenum.sys 616EB8748C988AEE98D93DA141C3D3B4
C:\Windows\System32\drivers\BthHFHid.sys DCB4EBD928A6FB368BE6CAE522412DE1
C:\Windows\System32\drivers\bthmodem.sys 033916CE8784A848B9A3D686B7F66D97
C:\Windows\System32\DRIVERS\cdfs.sys 990B1BABE6E81FB18E65A87EBEFB1772
C:\Windows\System32\drivers\cdrom.sys 339BFF85D788268752DA8C9644B188EE
C:\Windows\System32\drivers\circlass.sys F64B7D1A37CC1D5F421D5359EEC81E2E
C:\Windows\System32\drivers\CLFS.sys 9905168708DB68849B879B5548F68AB3
C:\Windows\System32\drivers\CmBatt.sys 2DC8538A2260647484A6C921CA837313
C:\Windows\System32\Drivers\cng.sys E708BFF0473EC6B271EA46B65B16CA56
C:\Windows\System32\drivers\CompositeBus.sys 0E5B1E9E7122EDAAF1F6CE047965CA92
C:\Windows\System32\drivers\condrv.sys D9CB0782AF819548072AA45B70F8B22D
C:\Windows\System32\drivers\csc.sys F2C69C3D98249DE14D4B2832516D4FD5
C:\Windows\System32\drivers\dam.sys C4D01BD86D6B207275FC143EEA951D75
C:\Windows\System32\Drivers\dfsc.sys 09D9EB9E7898F8E6561473A20CC808B9
C:\Windows\system32\DRIVERS\ssudbus.sys 421D371E96480DD3A14EA37D0D2757D1
C:\Windows\System32\drivers\discache.sys 3C736FAE17BA6F91BA37594AAB139CD0
C:\Windows\System32\drivers\disk.sys 560495FF4CA22E1D9B1972FA18F43B6F
C:\Windows\System32\drivers\dmvsc.sys 82A7C72593793FE1EADA7A305BD1567A
C:\Windows\system32\drivers\drmkaud.sys 9C7C183F937951AE17C5B8B3259CF3FF
C:\Windows\System32\drivers\dxgkrnl.sys 6D1B8A9A2C0BD4851D8AF1AB43E67AD9
C:\Windows\System32\drivers\evbda.sys 5AB97B3282D7D6114949D1EB5C8598E4
C:\Windows\System32\drivers\EhStorClass.sys 66D60BD9A4C05616ABECA2A901475098
C:\Windows\System32\drivers\EhStorTcgDrv.sys A61D0F543024E458C0FE32352E1978E2
C:\Windows\System32\Drivers\ElbyCDIO.sys A05FC7ECA0966EBB70E4D17B855A853B
C:\Windows\System32\drivers\errdev.sys D790D058D67582DB9C84C2D33695FE6B
C:\Windows\System32\Drivers\exfat.sys 7A4D6FEB8C52B3FE855E4DCDF9107E03
C:\Windows\System32\Drivers\fastfat.sys 60996602A7111FD2D086E803F33E4282
C:\Windows\System32\drivers\fdc.sys 73B2D11DF0B6E03A0CB0323218ACB3E4
C:\Windows\System32\drivers\fileinfo.sys 88A9EBACD1058ABB237A6B4E96E7F397
C:\Windows\System32\drivers\filetrace.sys 9E4EE3A0B00FF7D5F42A4AF9744CBA02
C:\Windows\System32\drivers\flpydisk.sys B1D4C168FF7B8579E3745888658FFB1D
C:\Windows\System32\drivers\fltmgr.sys B33EC133AE4E6C1881D2302D93D2467D
C:\Windows\System32\drivers\FsDepends.sys A5F7873A39E4E9FAAAE59B7E9E36B705
C:\Windows\System32\Drivers\Fs_Rec.sys A6DD7D491F587F4BC13FB972977DC8E8
C:\Windows\System32\DRIVERS\fvevol.sys FA228F4BB10DC7ED7E7D131C034E2331
C:\Windows\System32\drivers\fxppm.sys A969D92973DFA895E7776B4BFE36DBB2
C:\Windows\System32\drivers\gagp30kx.sys 52BC441E07A827EBAB70CDC7EAEDB28D
C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\drivers\vmgencounter.sys 721F8EEF5E9747F32670DEFF7FB92541
C:\Windows\System32\Drivers\msgpioclx.sys CA18ECFCFFDD638ECE80799A9056B238
C:\Windows\System32\drivers\HDAudBus.sys 7D87B5B6C7188D553E11B59DC7F0B111
C:\Windows\System32\drivers\HidBatt.sys 3F76BBA53D65E85A7F53E7A71082082C
C:\Windows\System32\drivers\hidbth.sys 085F150D002B7F0153D3C06DDF33A143
C:\Windows\System32\drivers\hidi2c.sys CC4A07E51D89575CAB6F4EB590D87CD4
C:\Windows\System32\drivers\hidir.sys DC96F7DACB777CDEAEF9958A50BFDA06
C:\Windows\System32\drivers\hidusb.sys 9E11EE0F2E117B2D5A835B2B91752827
C:\Windows\System32\drivers\HpSAMD.sys 64DB7A8D97CA53DCCF93D0A1E08342CF
C:\Windows\System32\drivers\HTTP.sys F4A91D985EB9D1D2717D538F3424603C
C:\Windows\System32\drivers\hwpolicy.sys 2A98301068801700906C06649860FE94
C:\Windows\System32\drivers\hyperkbd.sys DC76901D82097C9E297F20C287CB9A27
C:\Windows\system32\DRIVERS\HyperVideo.sys 716413AB3CA12DE0A7222D28C1C9352C
C:\Windows\System32\drivers\i8042prt.sys C9E9CBF73AFFBFE3E801EFB516787BA3
C:\Windows\System32\drivers\iaStorV.sys 5E394EBD26FD68AA9300332C46BEDD62
C:\Windows\System32\drivers\iirsp.sys 24847A06B84339FEEDE5CABF3D27D320
C:\Windows\system32\drivers\RTKVHD64.sys A3C9367A02B2A1FC22536ADD3601B64F
C:\Windows\System32\drivers\intelide.sys 4F37726CF764CA18A8A84F85EF3A7F24
C:\Windows\System32\drivers\intelppm.sys E15CDF68DD73423F15D4AC404793AF0D
C:\Windows\System32\DRIVERS\ipfltdrv.sys 8FCA66234A0933D796BB780B7953BAB9
C:\Windows\System32\drivers\IPMIDrv.sys 6E98A046A12AA113F8898AA5D612BD6E
C:\Windows\System32\drivers\ipnat.sys 3969B9C218DD3FAA9F4ED2FFC3651C02
C:\Windows\System32\drivers\irenum.sys 25CD7C4BB2863FFC2B0B311F0AEBF77C
C:\Windows\System32\drivers\isapnp.sys D940C5BB9DC92E588533C19ABCC3D2C2
C:\Windows\System32\drivers\msiscsi.sys 69C8BF0BC2B0EA10F130F4D3104DC2EF
C:\Windows\System32\drivers\jraid.sys 73A968D4A85BB2552DDCF72CB15F06D2
C:\Windows\System32\drivers\kbdclass.sys 8FBD94B69D6423E20ABCD59D86368B21
C:\Windows\System32\drivers\kbdhid.sys E88C932ABDF8185A62C8F2FC7B051FB6
C:\Windows\system32\DRIVERS\kdnic.sys FB6C185092E18011EF49989425C2AA87
C:\Windows\System32\Drivers\ksecdd.sys DFA480F6DED551464F3A5B959F437800
C:\Windows\System32\Drivers\ksecpkg.sys 127FB0AAD232BAAD2C9BBACD374F4FC5
C:\Windows\system32\drivers\ksthunk.sys 81492FEEBF2F26455B00EE8DBAE8A1B0
C:\Windows\system32\DRIVERS\lltdio.sys CEEFD29FC551F289810B0B9381B321DC
C:\Windows\System32\drivers\lsi_sas.sys 022CDD12161B063D7852B1075BF3FFF2
C:\Windows\System32\drivers\lsi_sas2.sys 07AD59D669B996F29F91817F0ECFA34F
C:\Windows\System32\drivers\lsi_scsi.sys 216FB796AA4E252ACCE93B1BCB80B5EC
C:\Windows\System32\drivers\lsi_sss.sys 5E80530AF37102488EE980B4A92AF99F
C:\Windows\system32\drivers\luafv.sys 2BDC5D711FA61307CE6190D47C956368
C:\WINDOWS\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
C:\WINDOWS\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
C:\Windows\System32\drivers\megasas.sys 9B0D829C3BE4E7472DB9DD2B79908E3C
C:\Windows\System32\drivers\MegaSR.sys ECC3F54C7AFC318271C4F0B4606D8DB0
C:\Windows\System32\drivers\mf.sys 54CECB92EE2140BE1A9EC19C16EED57A
C:\Windows\System32\drivers\modem.sys 780098AD5DA8A4822E2563984C85EF7B
C:\Windows\System32\drivers\monitor.sys EA8EAD3F5B762F889CC7F3966625B48B
C:\Windows\System32\drivers\mouclass.sys 618446B98C79776654340CE27C73485E
C:\Windows\System32\drivers\mouhid.sys C0ADEBED913295803B579ED288936CBB
C:\Windows\System32\drivers\mountmgr.sys 89D263DBF08119CE16273991C120D6DD
C:\Windows\System32\drivers\mpsdrv.sys 0D1609DD82C7440F5D5BF21A9D4D5C0C
C:\Windows\system32\drivers\mrxdav.sys 3D70147F55F1EC84EB9139ED7FFE48BC
C:\Windows\System32\DRIVERS\mrxsmb.sys 93179D48066918323628CB016D8C94DC
C:\Windows\System32\DRIVERS\mrxsmb10.sys 06D5F2FA3C61E8EA91648EA8E9F99FD3
C:\Windows\System32\DRIVERS\mrxsmb20.sys 5C7DD2E5759FFCCD2C7341C1B90F2B26
C:\Windows\system32\DRIVERS\bridge.sys 98487487D6B3797CA927E9D7B030AE13
C:\Windows\System32\Drivers\Msfs.sys 3886F1F2A4D2900ABAA7E4486BEEE6A2
C:\Windows\System32\drivers\msgpiowin32.sys C32A7A39B960A42BA9D4FBE47213CA03
C:\Windows\System32\drivers\mshidkmdf.sys D3857A767B91A061B408CCAB02DA4F40
C:\Windows\System32\drivers\mshidumdf.sys 839B48910FB1E887635C48F3EC11A05E
C:\Windows\System32\drivers\msisadrv.sys 55C0DB741E3AB7463242B185B1C2997C
C:\Windows\system32\drivers\MSKSSRV.sys 509809566E49F4411055864EA8D437CD
C:\Windows\system32\DRIVERS\mslldp.sys 63145201D6458E4958E572E7D6FC2604
C:\Windows\system32\drivers\MSPCLOCK.sys 99D526E803DB6D7FF290FD98B6204641
C:\Windows\system32\drivers\MSPQM.sys 06FA77C3E2A491ADCD704C5E73006269
C:\Windows\System32\Drivers\MsRPC.sys E134EC4DE11CF78CB01432D180710D84
C:\Windows\System32\drivers\mssmbios.sys B5AECF12F09DEE97C9FCAA5BA016CE1E
C:\Windows\system32\drivers\MSTEE.sys 72D66A05E0F99F2528F6C6204FD22AA1
C:\Windows\System32\drivers\MTConfig.sys 8AAAE399FC255FA105D4158CBA289001
C:\Windows\system32\DRIVERS\ASACPI.sys 03B7145C889603537E9FFEABB1AD1089
C:\Windows\System32\Drivers\mup.sys 3BCB702F3E6CC622DCAFCAA45D7CDE0A
C:\Windows\System32\drivers\mvumis.sys 3A1E095277BBD406CEA8EA6B76950664
C:\Windows\system32\DRIVERS\nwifi.sys 43D7388A90A4C6EA346A4D6FF0377479
C:\Windows\System32\drivers\ndis.sys A10E176F3B2BF83EDE7B5C4658C93B66
C:\Windows\system32\DRIVERS\ndiscap.sys 39C8A1D9D46F5E83A016BCAB72455284
C:\Windows\system32\DRIVERS\NdisImPlatform.sys 762941932B7E4C588E48A577BA9D6440
C:\Windows\system32\DRIVERS\ndistapi.sys 7A6F8A6D0E01432EBA294EF29CDD0FA7
C:\Windows\system32\DRIVERS\ndisuio.sys 79AB68BB3FFF974AD4F41FA559F4EC67
C:\Windows\system32\DRIVERS\ndiswan.sys 62C7DBF4F9301F76CF87D4B9D8F57BF8
C:\Windows\system32\DRIVERS\ndiswan.sys 62C7DBF4F9301F76CF87D4B9D8F57BF8
C:\Windows\System32\Drivers\NDProxy.sys 3730942D7DB2F8BB5F84542B7FF6F650
C:\Windows\System32\drivers\Ndu.sys D3F60A4345FCA9C1BE68AD7D0D6DE770
C:\Windows\System32\DRIVERS\netbios.sys 7C203A76394F9AE68F69EEE5F9612C4A
C:\Windows\System32\DRIVERS\netbt.sys 7CEC25C682D319D484630B3952C31A11
C:\Windows\system32\DRIVERS\netr7364.sys F3A1D8B7317939813568992D1BFDDE37
C:\Windows\System32\drivers\nfrd960.sys 12DD2800E4EEA37DC9AE256AD62423B4
C:\Windows\system32\DRIVERS\NmPar.sys 2F48AB72B6D554A41817020171DC53D6
C:\Windows\System32\drivers\npsvctrig.sys 8ED299C30792544264E558BEA79F0947
C:\Windows\System32\drivers\nsiproxy.sys 689B3B1E95C70ABF7AFF29F9406EF1E0
C:\Windows\System32\Drivers\Ntfs.sys 76929F4A69E425911A63B407E26C2589
C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys 7420B2E1F65642129B6E23BD42F752AA
C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys 7420B2E1F65642129B6E23BD42F752AA
C:\Windows\System32\drivers\nvraid.sys D6D34118263412D3AAA8348A9572B7F2
C:\Windows\System32\drivers\nvstor.sys 27AFC428D1D32ABD04A86763A4EDDEA9
C:\Windows\System32\drivers\nv_agp.sys 051CFB5107BAAE510419BDC41F8C4036
C:\Windows\System32\drivers\parport.sys 4563DAF8C6A740AD7F501E219BD10766
C:\Windows\System32\drivers\partmgr.sys D6ACCF9F2EEEEA711C14EFD976E573F3
C:\Windows\System32\drivers\pci.sys 4A003E8F718C1E6A2050CA98CD53E3E2
C:\Windows\System32\drivers\pciide.sys F9908D274D458220F91E89B54D78D837
C:\Windows\System32\drivers\pcmcia.sys 84D19CB6102627932DCB5DFDF89FE269
C:\Windows\System32\drivers\pcw.sys CEBBAD5391C2644560C55628A40BFD27
C:\Windows\System32\drivers\pdc.sys 0698DEDEAD6A00AD0D468C687D830FBF
C:\Windows\System32\drivers\peauth.sys 61FE70659CD43E07F94DA4DC31DEC493
C:\Windows\system32\DRIVERS\raspptp.sys 362D47E5B4D67270DE4B8606036F4ADD
C:\Windows\System32\drivers\processr.sys DD979EB6A7212F60E4AFBE96EDC7AE6D
C:\Windows\system32\DRIVERS\pacer.sys EB8034147D4820CD31BFCB11A2A652DF
C:\Windows\system32\drivers\qwavedrv.sys 13D47BB0CCA2FC51BD15F8E85C6A078E
C:\Windows\System32\DRIVERS\rasacd.sys 873C60F8178100557740A832FCE10B5F
C:\Windows\system32\DRIVERS\AgileVpn.sys 69B93F623B130976243ECA3D84CC99CA
C:\Windows\system32\DRIVERS\rasl2tp.sys A14D625C5AEE5FFE0F47D1A1D419FAAE
C:\Windows\system32\DRIVERS\raspppoe.sys 00695B9C2DB6111064499C529E90C042
C:\Windows\system32\DRIVERS\rassstp.sys A7F24D8CD1956B0A1FDCB86CC5114DE4
C:\Windows\System32\DRIVERS\rdbss.sys CA03D642ACE58E1BA54E4B383F91CD69
C:\Windows\System32\drivers\rdpbus.sys CA7DF5EC95D8DE0DD24BE7FF97369F68
C:\Windows\System32\drivers\rdpdr.sys B2A3AD74FF2E2FFA73AF2567108231B3
C:\Windows\System32\drivers\rdpvideominiport.sys 57F4787E4602A3FCA719C0A33137C6DA
C:\Windows\System32\Drivers\RDPWD.sys B3CB0721E81E30419CE7D837EF4EA151
C:\Windows\System32\drivers\rdyboost.sys 62C1F8A0685FE07E998AA296C4F697C4
C:\Windows\system32\DRIVERS\rspndr.sys E04E770DD198B9399640717145E79EBF
C:\Windows\System32\drivers\vms3cap.sys 752EC7DCD2F96871A3857EEE6AFE965A
C:\Windows\System32\drivers\sbp2port.sys 9C7B28CE0D136DB226E24DB3BC817F92
C:\Windows\System32\DRIVERS\scfilter.sys 5D7733A12756B267FCA021672B26BC9E
C:\Windows\System32\drivers\sdbus.sys 98636FB2973B8876A7F0BECD076CF109
C:\Windows\System32\drivers\sdstor.sys BB107AA9980B0DA4E19A3A90C3BD4460
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\SerCx.sys 87C46B239A7EEF30FDFDD5E9BD46130C
C:\Windows\System32\drivers\serenum.sys 7A1F9347C85FD55E39B8A76B3A25C5AD
C:\Windows\System32\drivers\serial.sys F640A0A218BBF857F1D04A15D7D939F6
C:\Windows\System32\drivers\sermouse.sys F1A5F56B2620B862CC28FF96A0A6DAAB
C:\Windows\System32\drivers\sfloppy.sys 7EE65419B29302C795714FF8073969A1
C:\Windows\System32\drivers\SiSRaid2.sys 2560721D6F16D5B611C36A3A9D28C1B2
C:\Windows\System32\drivers\sisraid4.sys 3AA8FDE1DBF65BB8B88B053529554A0D
C:\Windows\System32\drivers\spaceport.sys FD3AF5575B99871BADB94E7699DBCE08
C:\Windows\System32\drivers\SpbCx.sys 3D8679C8DF52EB26EB7583A4E0A29202
C:\Windows\System32\DRIVERS\srv.sys 0F1FCD575A03ABDE13FCA9D0ADE4DDA6
C:\Windows\System32\DRIVERS\srv2.sys 56218A571ECF8D55E0CDFF8DF2546CF1
C:\Windows\System32\DRIVERS\srvnet.sys 14FC338B80CFF7E04215133B568D15C4
C:\Windows\system32\DRIVERS\ssudmdm.sys A97BFF59B3B983FDBDCD8AE6CF3C1E2D
C:\Windows\System32\drivers\stexstor.sys 4E85355B94CFCB67C135F6521A4895A7
C:\Windows\System32\drivers\storahci.sys B240874B2CA0CD02E8CD11E140B14C57
C:\Windows\System32\DRIVERS\vmstorfl.sys F74DBC95A57B1EE866D3732EB5F79BE2
C:\Windows\System32\drivers\storvsc.sys 543CD3CC0E05B8D8815E0D4F040B6F59
C:\Windows\System32\drivers\storvsp.sys 1A36AC469140F87CDE62D7F8524E270C
C:\Windows\System32\drivers\swenum.sys 4AFD66AAE74FFB5986BC240744DC5FC9
C:\Windows\System32\drivers\tcpip.sys 0D05E0147C1329C53AAF97882DEDD96A
C:\Windows\system32\DRIVERS\tcpip.sys 0D05E0147C1329C53AAF97882DEDD96A
C:\Windows\System32\drivers\tcpipreg.sys 8F2A13A5DF99D72FDDE87F502A66F989
C:\Windows\System32\DRIVERS\tdx.sys 73DC722CE5DF26D7638CE2446F2655C7
C:\Windows\System32\drivers\terminpt.sys F7C8AB5D8AFFAA318D6A21093D139BF4
C:\Windows\System32\DRIVERS\tifsfilt.sys D74D0045F5671538286B6944B6FFAB0E
C:\Windows\system32\drivers\tpm.sys 6F0BFF80EE2A5BC841286A51F893CBAD
C:\Windows\System32\drivers\tsusbflt.sys 4E7C5FB10A50435523DE0CAA37DE2BD3
C:\Windows\System32\drivers\TsUsbGD.sys 16D684A820872EE54F6370703AC0B513
C:\Windows\system32\DRIVERS\tunnel.sys 78C9EE193AC2B4CBDBC48B620314D740
C:\Windows\System32\drivers\uagp35.sys 6D4F67CA56ACA2085DFA2CD89EAFBC1A
C:\Windows\System32\drivers\uaspstor.sys 6FD6D03B7752C78712E5CFF29A305026
C:\Windows\System32\drivers\ucx01000.sys 4834158B8D06A153FADAB6B85320FBBE
C:\Windows\System32\DRIVERS\udfs.sys DC5A461591C71AF7F19DC048A81E3F88
C:\Windows\System32\drivers\uliagpkx.sys 07FEBCDF24FABA0D47B635D85A0FFB7A
C:\Windows\System32\drivers\umbus.sys 02CEB3FE6152668A7BA420B93B664860
C:\Windows\System32\drivers\umpass.sys 991EE6B5FC41EAEF99C8AF5B92F2CA09
C:\Windows\System32\drivers\usbccgp.sys 2AF9F0E16D75B8F783A1ACE74EF51C9B
C:\Windows\System32\drivers\usbcir.sys B395B62B62F28106218FA6FB17F4C797
C:\Windows\System32\drivers\usbehci.sys 52F267AEE8CA5AA5CEB88C6A71EE1E86
C:\Windows\System32\drivers\usbhub.sys ADBF89B8E0BB372FEFE2E4B84E1E20AE
C:\Windows\System32\drivers\UsbHub3.sys EA040D4C6C94F315A85F3D0EAA884B37
C:\Windows\System32\drivers\usbohci.sys 325F6179009B5A7F6118951A5BA422AB
C:\Windows\System32\drivers\usbprint.sys BA3ABE0CD1C14B3295BAD0F076B84CAC
C:\Windows\system32\DRIVERS\usbscan.sys A9858597B6DB695F78A37F6755A6FF98
C:\Windows\System32\drivers\USBSTOR.SYS F77177F6C95B2116EE7AD23B5EF57007
C:\Windows\System32\drivers\usbuhci.sys D25EF4A6EC244C5DE85D88A05B7C149D
C:\Windows\System32\drivers\USBXHCI.SYS 1ADCF0A490C2845637B334626669CD6F
C:\Windows\system32\DRIVERS\VClone.sys FD911873C0BB6945FA38C16E9A2B58F9
C:\Windows\System32\drivers\vdrvroot.sys BACECBFF9C97F7627A60B0E0F1FE7EE8
C:\Windows\System32\drivers\VerifierExt.sys 74FA2D4368DE6F6CE14393EDF1F342BE
C:\Windows\System32\drivers\vhdmp.sys 500BE6B2E49883720D0AE8BB859ED7A3
C:\Windows\System32\drivers\viaide.sys F5B4A14B00E89250C50982AC762DDD1D
C:\Windows\System32\drivers\Vid.sys 0E43886F01C85B47BA0A3157274BCF59
C:\Windows\System32\drivers\vmbus.sys 78DB50F7329F6D1311658DABFFFC8BE0
C:\Windows\System32\drivers\VMBusHID.sys ECFEE2F2BA3932C7880D1A8F67D68F91
C:\Windows\System32\drivers\vmbusr.sys B4F432A51826FFC66F4DF72A83E8E4B1
C:\Windows\System32\drivers\volmgr.sys CB60FAAED8B49B812EBBF77EB87D9B18
C:\Windows\System32\drivers\volmgrx.sys A74101DA9809251BCD0E5A26BAE0F824
C:\Windows\System32\drivers\volsnap.sys 78A5BBA3819FFFC62FFEC3E2220D102D
C:\Windows\System32\drivers\vpci.sys A8DA1C1B52ECEA3726DEBED4FF1B700D
C:\Windows\System32\drivers\vpcivsp.sys 0190AFFF28F600461C0164353CC7EE27
C:\Windows\System32\drivers\vsmraid.sys 38A60CD9C009C55C6D3B5586F8E6A353
C:\Windows\System32\drivers\vstxraid.sys A0F6FE0FC2F647C22BBFD6BD4249DBCC
C:\Windows\System32\drivers\vwifibus.sys 62460A45435A26A334907E3F2EA45611
C:\Windows\system32\DRIVERS\vwififlt.sys 095E943D27025E4D588AF0A72CC2318F
C:\Windows\System32\drivers\wacompen.sys 6B806E893714019969E2B50D7EF6A4D9
C:\Windows\system32\DRIVERS\wanarp.sys 61F6972FF9AC9A8D0B4D62076DC30051
C:\Windows\system32\DRIVERS\wanarp.sys 61F6972FF9AC9A8D0B4D62076DC30051
C:\Windows\System32\drivers\wd.sys B3A4D918DAB90505B6BC7B70632913CB
C:\Windows\system32\drivers\WdBoot.sys 6F4B5DDDC3B86091E94BC47347A78AF7
C:\Windows\System32\drivers\Wdf01000.sys 2ADC985B85A71BD7D99712EC0C24358B
C:\Windows\system32\drivers\WdFilter.sys 99D404A9A0AFC4734E014EBEBAC13F8F
C:\Windows\System32\DRIVERS\wfplwfs.sys FE762D3498719C3A23471BBA62F747B4
C:\Windows\System32\drivers\wimmount.sys A3C7624A42A3447EF5EDD1ED37FE4E60
C:\Windows\System32\drivers\wmiacpi.sys E2A596CACFC6504306CDB7B593B90084
C:\Windows\System32\DRIVERS\wpcfltr.sys C6FF953D5D6F2EAE3B8883474D5076B3
C:\Windows\System32\drivers\WpdUpFltr.sys 0346CAFC181C91C6E2330332EB332ED6
C:\Windows\system32\drivers\ws2ifsl.sys BC8B5CB336E63BB25EAD1CE8EDD34B81
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\drivers\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\system32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\system32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl 1870A74EE2901CA09FFBFE79A5EE0E94
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl 1870A74EE2901CA09FFBFE79A5EE0E94

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-09 20:23 - 2013-08-09 20:23 - 00001096 _____ C:\Users\Stephan\Desktop\MyPC Backup.lnk
2013-08-09 20:23 - 2013-08-09 20:23 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-08-09 20:23 - 2013-08-09 20:23 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-08-09 20:22 - 2013-08-09 20:28 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Systweak
2013-08-09 20:22 - 2013-08-09 20:22 - 00003322 _____ C:\WINDOWS\System32\Tasks\Advanced System Protector
2013-08-09 20:22 - 2013-08-09 20:22 - 00003120 _____ C:\WINDOWS\System32\Tasks\Advanced System Protector_startup
2013-08-09 20:22 - 2013-08-09 20:22 - 00001210 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-08-09 20:22 - 2013-08-09 20:22 - 00000000 ____D C:\ProgramData\Systweak
2013-08-09 20:22 - 2013-08-09 20:22 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-08-09 20:22 - 2013-05-07 16:51 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\WINDOWS\system32\roboot64.exe
2013-08-09 20:22 - 2012-07-25 12:03 - 00016896 _____ C:\WINDOWS\system32\sasnative64.exe
2013-08-08 20:52 - 2013-08-08 20:52 - 00001200 _____ C:\Users\Stephan\Desktop\JRT.txt
2013-08-07 22:57 - 2013-08-07 22:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-07 22:27 - 2013-08-07 22:27 - 00000000 ____D C:\WINDOWS\ERUNT
2013-08-07 22:26 - 2013-08-07 21:59 - 00563082 _____ (Oleg N. Scherbakov) C:\Users\Stephan\Desktop\Junkware Removal Tool JRT.exe
2013-08-07 22:22 - 2013-08-07 22:22 - 00001803 _____ C:\Users\Stephan\Desktop\AdwCleaner[S2].txt
2013-08-07 21:35 - 2013-08-07 21:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-07 21:33 - 2013-08-07 21:33 - 00001340 _____ C:\Users\Stephan\Desktop\HitmanPro_20130807_2133.log
2013-08-07 21:14 - 2013-08-07 21:14 - 00017675 _____ C:\Users\Stephan\Desktop\ComboFix.txt
2013-08-07 21:07 - 2013-08-09 20:19 - 00473730 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-07 20:55 - 2013-08-07 21:14 - 00000000 ____D C:\Qoobox
2013-08-07 20:55 - 2013-08-07 21:11 - 00000000 ____D C:\WINDOWS\erdnt
2013-08-07 20:55 - 2011-06-26 08:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-08-07 20:55 - 2010-11-07 19:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-08-07 20:55 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-08-07 20:55 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-08-07 20:55 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-08-07 20:55 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-08-07 20:55 - 2000-08-31 02:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-08-07 20:55 - 2000-08-31 02:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-08-07 20:55 - 2000-08-31 02:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-08-05 18:40 - 2013-08-05 18:40 - 00096375 _____ C:\Users\Stephan\Desktop\GMER.txt
2013-08-05 18:23 - 2013-08-05 18:23 - 00000000 ____D C:\FRST
2013-08-05 18:22 - 2013-08-05 18:22 - 00000476 _____ C:\Users\Stephan\Desktop\defogger_disable.log
2013-08-05 18:22 - 2013-08-05 18:22 - 00000000 _____ C:\Users\Stephan\defogger_reenable
2013-08-04 22:42 - 2013-08-07 21:30 - 09853928 _____ (SurfRight B.V.) C:\Users\Stephan\Desktop\HitmanPro_x64.exe
2013-08-04 22:42 - 2013-08-04 22:45 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-04 22:39 - 2013-08-04 22:15 - 00891098 _____ C:\Users\Stephan\Desktop\SecurityCheck.exe
2013-08-04 22:39 - 2013-08-04 22:13 - 02347384 _____ (ESET) C:\Users\Stephan\Desktop\esetsmartinstaller_enu.exe
2013-08-04 22:38 - 2013-08-04 22:36 - 04429440 _____ (Piriform Ltd) C:\Users\Stephan\Desktop\ccsetup404.exe
2013-08-04 22:36 - 2013-08-04 22:35 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Stephan\Desktop\tdsskiller.exe
2013-08-04 22:30 - 2013-08-04 22:16 - 00377856 _____ C:\Users\Stephan\Desktop\gmer.exe
2013-08-04 22:30 - 2013-08-04 22:16 - 00050477 _____ C:\Users\Stephan\Desktop\Defogger.exe
2013-08-04 22:06 - 2013-08-09 18:30 - 00489962 _____ C:\WINDOWS\setupact.log
2013-08-04 22:06 - 2013-08-04 22:06 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-08-04 22:05 - 2013-08-07 21:06 - 00007448 _____ C:\WINDOWS\PFRO.log
2013-08-04 22:03 - 2013-08-07 22:22 - 00000180 _____ C:\WINDOWS\DeleteOnReboot.bat
2013-08-04 22:01 - 2013-08-04 21:57 - 00602112 _____ (OldTimer Tools) C:\Users\Stephan\Desktop\OTL.exe
2013-08-04 22:00 - 2013-08-07 20:27 - 05100713 ____R (Swearware) C:\Users\Stephan\Desktop\ComboFix.exe
2013-08-04 22:00 - 2013-08-04 21:56 - 00666633 _____ C:\Users\Stephan\Desktop\adwcleaner.exe
2013-08-04 21:49 - 2013-08-04 21:49 - 00000000 ____D D:\Stephan\Documents\Add-in Express
2013-08-02 23:43 - 2013-08-02 23:43 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\eCyber
2013-08-02 23:42 - 2013-08-02 23:42 - 00615752 _____ (Woodtale Technology Inc) C:\Users\Stephan\Downloads\iSafe_Virus_Removal.exe
2013-08-02 23:42 - 2013-08-02 23:42 - 00001789 _____ C:\Users\Public\Desktop\iSafe.lnk
2013-08-02 23:42 - 2013-08-02 23:42 - 00000000 ____D C:\WINDOWS\system32\log
2013-08-02 23:42 - 2013-08-02 23:42 - 00000000 ____D C:\ProgramData\Real
2013-08-02 19:24 - 2013-08-02 19:24 - 00317685 _____ C:\Users\Stephan\AppData\Local\census.cache
2013-08-02 19:23 - 2013-08-02 19:23 - 00128916 _____ C:\Users\Stephan\AppData\Local\ars.cache
2013-08-02 18:59 - 2013-08-02 18:59 - 00000036 _____ C:\Users\Stephan\AppData\Local\housecall.guid.cache
2013-08-02 18:15 - 2013-08-02 18:15 - 00001118 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-02 18:15 - 2013-08-02 18:15 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Malwarebytes
2013-08-02 18:15 - 2013-08-02 18:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-02 18:15 - 2013-08-02 18:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-02 18:15 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-07-28 13:44 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2013-07-28 13:44 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2013-07-28 13:44 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2013-07-28 13:44 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2013-07-28 13:44 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-07-28 13:44 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2013-07-28 13:44 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-07-28 13:44 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2013-07-28 13:44 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2013-07-28 13:44 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2013-07-28 13:44 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2013-07-28 13:44 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2013-07-28 13:44 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2013-07-28 13:44 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2013-07-28 13:44 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-07-28 13:44 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe
2013-07-28 13:44 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2013-07-28 13:44 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2013-07-28 13:44 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsutil.dll
2013-07-28 13:44 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2013-07-28 13:44 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2013-07-28 13:44 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2013-07-28 13:44 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-07-28 13:44 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2013-07-28 13:44 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2013-07-28 13:44 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2013-07-28 13:44 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2013-07-28 13:44 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2013-07-28 13:44 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthAvrcpTg.sys
2013-07-28 13:44 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-07-28 13:44 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-07-28 13:44 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-07-28 13:44 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-07-28 13:44 - 2013-05-20 02:08 - 00386642 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-07-28 10:46 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2013-07-26 23:46 - 2013-07-26 23:46 - 00002221 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-21 00:01 - 2013-07-21 00:01 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2013-07-21 00:01 - 2013-07-21 00:01 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2013-07-21 00:01 - 2013-07-21 00:01 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2013-07-21 00:01 - 2013-07-21 00:01 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2013-07-20 23:44 - 2013-07-20 23:44 - 05019952 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-07-17 17:55 - 2013-05-16 00:35 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssdisai.dll
2013-07-17 17:20 - 2013-07-17 17:20 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-07-16 22:14 - 2013-05-02 06:23 - 00203672 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2013-07-16 22:14 - 2013-05-02 06:23 - 00103064 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2013-07-14 13:00 - 2013-06-28 00:04 - 00078200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-13 14:22 - 2013-07-13 15:21 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\vlc
2013-07-13 14:22 - 2013-07-13 14:22 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-07-12 22:47 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-07-12 22:47 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-07-12 22:47 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-07-12 22:47 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-07-12 22:47 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2013-07-12 22:47 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2013-07-12 22:47 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-07-12 22:47 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-07-12 22:47 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-07-12 22:47 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-07-12 22:47 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-07-12 22:47 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-07-12 22:47 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-07-12 22:47 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-07-12 22:47 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-07-12 22:47 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-07-12 22:47 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-07-12 22:47 - 2013-06-01 11:25 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2013-07-12 22:47 - 2013-06-01 11:21 - 00595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2013-07-12 22:47 - 2013-05-31 01:14 - 04036096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-07-12 22:47 - 2013-05-04 08:59 - 02842112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2013-07-12 22:47 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2013-07-12 22:47 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2013-07-12 22:47 - 2013-04-12 00:22 - 01838080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2013-07-11 22:36 - 2013-07-11 22:36 - 00000000 ____D C:\Program Files\Classic Shell

==================== One Month Modified Files and Folders =======

2013-08-09 20:30 - 2013-08-09 20:30 - 01790169 _____ (Farbar) C:\Users\Stephan\Desktop\FRST64.exe
2013-08-09 20:28 - 2013-08-09 20:22 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Systweak
2013-08-09 20:26 - 2012-04-04 22:10 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-08-09 20:23 - 2013-08-09 20:23 - 00001096 _____ C:\Users\Stephan\Desktop\MyPC Backup.lnk
2013-08-09 20:23 - 2013-08-09 20:23 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-08-09 20:23 - 2013-08-09 20:23 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-08-09 20:23 - 2011-06-11 16:18 - 00000000 ___RD C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-09 20:22 - 2013-08-09 20:22 - 00003322 _____ C:\WINDOWS\System32\Tasks\Advanced System Protector
2013-08-09 20:22 - 2013-08-09 20:22 - 00003120 _____ C:\WINDOWS\System32\Tasks\Advanced System Protector_startup
2013-08-09 20:22 - 2013-08-09 20:22 - 00001210 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-08-09 20:22 - 2013-08-09 20:22 - 00000000 ____D C:\ProgramData\Systweak
2013-08-09 20:22 - 2013-08-09 20:22 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-08-09 20:19 - 2013-08-07 21:07 - 00473730 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-09 20:02 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\sru
2013-08-09 19:44 - 2011-06-11 20:16 - 00001112 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-09 18:53 - 2013-02-10 20:04 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-341466373-3681085009-323642726-1000
2013-08-09 18:44 - 2011-06-11 20:16 - 00001108 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-09 18:36 - 2011-06-10 20:34 - 00000000 ____D D:\Stephan\Documents\Sonstiges
2013-08-09 18:34 - 2013-02-08 23:04 - 00000414 _____ C:\WINDOWS\Tasks\Final Media Player Update Checker.job
2013-08-09 18:32 - 2013-02-10 20:01 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2013-08-09 18:31 - 2013-01-03 19:59 - 00000374 ____H C:\WINDOWS\Tasks\VaudiXUpdaterTask{DB82C180-3F90-457F-AA68-458770647DD9}.job
2013-08-09 18:31 - 2012-07-26 09:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-08-09 18:30 - 2013-08-04 22:06 - 00489962 _____ C:\WINDOWS\setupact.log
2013-08-08 22:07 - 2013-02-08 23:04 - 00000000 ____D C:\Program Files (x86)\File Type Assistant
2013-08-08 20:52 - 2013-08-08 20:52 - 00001200 _____ C:\Users\Stephan\Desktop\JRT.txt
2013-08-08 20:21 - 2011-06-18 16:46 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-08-08 20:20 - 2011-11-20 21:12 - 00040472 _____ D:\Stephan\Documents\Jahresdiagramm.xlsx
2013-08-07 23:01 - 2012-04-28 11:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-07 22:57 - 2013-08-07 22:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-07 22:27 - 2013-08-07 22:27 - 00000000 ____D C:\WINDOWS\ERUNT
2013-08-07 22:22 - 2013-08-07 22:22 - 00001803 _____ C:\Users\Stephan\Desktop\AdwCleaner[S2].txt
2013-08-07 22:22 - 2013-08-04 22:03 - 00000180 _____ C:\WINDOWS\DeleteOnReboot.bat
2013-08-07 21:59 - 2013-08-07 22:26 - 00563082 _____ (Oleg N. Scherbakov) C:\Users\Stephan\Desktop\Junkware Removal Tool JRT.exe
2013-08-07 21:35 - 2013-08-07 21:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-07 21:33 - 2013-08-07 21:33 - 00001340 _____ C:\Users\Stephan\Desktop\HitmanPro_20130807_2133.log
2013-08-07 21:30 - 2013-08-04 22:42 - 09853928 _____ (SurfRight B.V.) C:\Users\Stephan\Desktop\HitmanPro_x64.exe
2013-08-07 21:16 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-08-07 21:14 - 2013-08-07 21:14 - 00017675 _____ C:\Users\Stephan\Desktop\ComboFix.txt
2013-08-07 21:14 - 2013-08-07 20:55 - 00000000 ____D C:\Qoobox
2013-08-07 21:14 - 2012-07-26 07:37 - 00000000 __RHD C:\Users\Default
2013-08-07 21:11 - 2013-08-07 20:55 - 00000000 ____D C:\WINDOWS\erdnt
2013-08-07 21:08 - 2012-07-26 07:26 - 00000215 _____ C:\WINDOWS\system.ini
2013-08-07 21:06 - 2013-08-04 22:05 - 00007448 _____ C:\WINDOWS\PFRO.log
2013-08-07 21:05 - 2012-07-26 07:26 - 73400320 _____ C:\WINDOWS\system32\config\SOFTWARE.bak
2013-08-07 21:05 - 2012-07-26 07:26 - 12582912 _____ C:\WINDOWS\system32\config\SYSTEM.bak
2013-08-07 21:05 - 2012-07-26 07:26 - 00524288 _____ C:\WINDOWS\system32\config\DEFAULT.bak
2013-08-07 21:05 - 2012-07-26 07:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-08-07 21:05 - 2012-07-26 07:26 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak
2013-08-07 21:05 - 2012-07-26 07:26 - 00262144 _____ C:\WINDOWS\system32\config\SAM.bak
2013-08-07 20:50 - 2012-06-09 20:42 - 00000000 ____D C:\Program Files\Unlocker
2013-08-07 20:49 - 2013-05-19 22:19 - 00000000 ____D C:\Program Files (x86)\DVDFab
2013-08-07 20:49 - 2011-06-11 17:13 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2013-08-07 20:27 - 2013-08-04 22:00 - 05100713 ____R (Swearware) C:\Users\Stephan\Desktop\ComboFix.exe
2013-08-05 18:40 - 2013-08-05 18:40 - 00096375 _____ C:\Users\Stephan\Desktop\GMER.txt
2013-08-05 18:23 - 2013-08-05 18:23 - 00000000 ____D C:\FRST
2013-08-05 18:22 - 2013-08-05 18:22 - 00000476 _____ C:\Users\Stephan\Desktop\defogger_disable.log
2013-08-05 18:22 - 2013-08-05 18:22 - 00000000 _____ C:\Users\Stephan\defogger_reenable
2013-08-05 18:22 - 2013-02-10 19:40 - 00000000 ____D C:\Users\Stephan
2013-08-04 22:45 - 2013-08-04 22:42 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-04 22:36 - 2013-08-04 22:38 - 04429440 _____ (Piriform Ltd) C:\Users\Stephan\Desktop\ccsetup404.exe
2013-08-04 22:35 - 2013-08-04 22:36 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Stephan\Desktop\tdsskiller.exe
2013-08-04 22:16 - 2013-08-04 22:30 - 00377856 _____ C:\Users\Stephan\Desktop\gmer.exe
2013-08-04 22:16 - 2013-08-04 22:30 - 00050477 _____ C:\Users\Stephan\Desktop\Defogger.exe
2013-08-04 22:15 - 2013-08-04 22:39 - 00891098 _____ C:\Users\Stephan\Desktop\SecurityCheck.exe
2013-08-04 22:13 - 2013-08-04 22:39 - 02347384 _____ (ESET) C:\Users\Stephan\Desktop\esetsmartinstaller_enu.exe
2013-08-04 22:06 - 2013-08-04 22:06 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-08-04 21:57 - 2013-08-04 22:01 - 00602112 _____ (OldTimer Tools) C:\Users\Stephan\Desktop\OTL.exe
2013-08-04 21:56 - 2013-08-04 22:00 - 00666633 _____ C:\Users\Stephan\Desktop\adwcleaner.exe
2013-08-04 21:49 - 2013-08-04 21:49 - 00000000 ____D D:\Stephan\Documents\Add-in Express
2013-08-04 21:47 - 2013-03-29 18:08 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2013-08-03 22:21 - 2013-02-12 22:45 - 00000000 ____D C:\WINDOWS\Minidump
2013-08-02 23:43 - 2013-08-02 23:43 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\eCyber
2013-08-02 23:42 - 2013-08-02 23:42 - 00615752 _____ (Woodtale Technology Inc) C:\Users\Stephan\Downloads\iSafe_Virus_Removal.exe
2013-08-02 23:42 - 2013-08-02 23:42 - 00001789 _____ C:\Users\Public\Desktop\iSafe.lnk
2013-08-02 23:42 - 2013-08-02 23:42 - 00000000 ____D C:\WINDOWS\system32\log
2013-08-02 23:42 - 2013-08-02 23:42 - 00000000 ____D C:\ProgramData\Real
2013-08-02 23:41 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\Resources
2013-08-02 22:46 - 2012-06-09 21:12 - 00000000 ____D C:\Users\Stephan\Desktop\!!Video
2013-08-02 19:35 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\rescache
2013-08-02 19:24 - 2013-08-02 19:24 - 00317685 _____ C:\Users\Stephan\AppData\Local\census.cache
2013-08-02 19:23 - 2013-08-02 19:23 - 00128916 _____ C:\Users\Stephan\AppData\Local\ars.cache
2013-08-02 18:59 - 2013-08-02 18:59 - 00000036 _____ C:\Users\Stephan\AppData\Local\housecall.guid.cache
2013-08-02 18:15 - 2013-08-02 18:15 - 00001118 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-02 18:15 - 2013-08-02 18:15 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Malwarebytes
2013-08-02 18:15 - 2013-08-02 18:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-02 18:15 - 2013-08-02 18:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-31 21:56 - 2013-02-10 19:59 - 00727040 ___SH C:\Users\Stephan\Desktop\Thumbs.db
2013-07-30 22:14 - 2012-07-26 12:27 - 00751892 _____ C:\WINDOWS\system32\perfh007.dat
2013-07-30 22:14 - 2012-07-26 12:27 - 00155620 _____ C:\WINDOWS\system32\perfc007.dat
2013-07-30 22:14 - 2012-07-26 09:28 - 01745416 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-07-28 14:16 - 2012-07-26 02:40 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2013-07-28 14:16 - 2012-07-26 02:38 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2013-07-28 13:59 - 2011-06-10 20:34 - 00000000 ____D D:\Stephan\Documents\Haus Köln
2013-07-27 17:53 - 2011-07-31 18:37 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\uTorrent
2013-07-26 23:46 - 2013-07-26 23:46 - 00002221 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-26 23:46 - 2011-06-11 20:16 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-21 00:01 - 2013-07-21 00:01 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2013-07-21 00:01 - 2013-07-21 00:01 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2013-07-21 00:01 - 2013-07-21 00:01 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2013-07-21 00:01 - 2013-07-21 00:01 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2013-07-21 00:01 - 2012-06-09 21:19 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npDeployJava1.dll
2013-07-21 00:01 - 2012-06-09 21:19 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\deployJava1.dll
2013-07-20 23:44 - 2013-07-20 23:44 - 05019952 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-07-20 23:43 - 2012-07-26 07:37 - 00000000 ____D C:\WINDOWS\servicing
2013-07-17 17:28 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\system32\oobe
2013-07-17 17:20 - 2013-07-17 17:20 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-07-16 22:36 - 2013-03-29 18:07 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-07-16 22:36 - 2013-03-29 18:06 - 00000000 ____D C:\Users\Stephan\AppData\Local\Downloaded Installations
2013-07-16 22:36 - 2011-06-11 20:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-16 22:15 - 2013-03-29 18:09 - 00002011 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-07-16 20:52 - 2011-06-11 17:23 - 00000000 ____D C:\Users\Stephan\AppData\Local\Adobe
2013-07-16 20:51 - 2012-04-04 22:10 - 00003796 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2013-07-16 18:39 - 2011-06-11 20:16 - 00004084 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-16 18:39 - 2011-06-11 20:16 - 00003848 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-14 12:58 - 2012-07-26 12:29 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 17:10 - 2011-06-11 17:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-13 15:21 - 2013-07-13 14:22 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\vlc
2013-07-13 14:22 - 2013-07-13 14:22 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-07-12 22:42 - 2011-06-11 16:34 - 78185248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-07-11 22:36 - 2013-07-11 22:36 - 00000000 ____D C:\Program Files\Classic Shell

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=\Device\HarddiskVolume2
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {current}
resumeobject            {d5b1b5a2-943c-11e0-b8ad-b018fc10e72a}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.exe
description             Windows 8
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {d5b1b5a4-943c-11e0-b8ad-b018fc10e72a}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {d5b1b5a2-943c-11e0-b8ad-b018fc10e72a}
nx                      OptIn
bootmenupolicy          Standard

Windows-Startladeprogramm
-------------------------
Bezeichner              {d5b1b5a4-943c-11e0-b8ad-b018fc10e72a}
device                  ramdisk=[C:]\Recovery\d5b1b5a4-943c-11e0-b8ad-b018fc10e72a\Winre.wim,{d5b1b5a5-943c-11e0-b8ad-b018fc10e72a}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  de-DE
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\d5b1b5a4-943c-11e0-b8ad-b018fc10e72a\Winre.wim,{d5b1b5a5-943c-11e0-b8ad-b018fc10e72a}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {d5b1b59e-943c-11e0-b8ad-b018fc10e72a}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {d5b1b5a2-943c-11e0-b8ad-b018fc10e72a}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
recoverysequence        {d5b1b5a4-943c-11e0-b8ad-b018fc10e72a}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \boot\memtest.exe
description             Windows-Speicherdiagnose
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 No

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {d5b1b5a5-943c-11e0-b8ad-b018fc10e72a}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\d5b1b5a4-943c-11e0-b8ad-b018fc10e72a\boot.sdi



LastRegBack: 2013-08-09 18:53

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Additions.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2013 02
Ran by Stephan at 2013-08-09 20:35:09
Running from C:\Users\Stephan\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
µTorrent (x32 Version: 3.3.0.29126)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.7)
Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Community Help (x32 Version: 3.0.0)
Adobe Community Help (x32 Version: 3.0.0.400)
Adobe Creative Suite 5 Master Collection (x32 Version: 5.0)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Media Player (x32 Version: 1.8)
Adobe Photoshop Lightroom 3.4.1 64-bit (Version: 3.4.2)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)
Advanced System Protector (x32 Version: 2.1.1000.10905)
AMD Accelerated Video Transcoding (Version: 12.5.100.21116)
AMD APP SDK Runtime (Version: 10.0.937.2)
AMD Catalyst Install Manager (Version: 8.0.877.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71116.1554)
AnyDVD (x32 Version: 7.1.4.5)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
ATI AVIVO64 Codecs (Version: 11.6.0.10419)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
AVCHDCoder (x32 Version: 11.12.27)
AviSynth 2.5 (x32)
Bonjour (Version: 3.0.0.10)
Cas Studio 9.1.0 (x32 Version: 9.1.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1116.1515.27190)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1116.1515.27190)
Catalyst Control Center InstallProxy (x32 Version: 2012.1116.1515.27190)
Catalyst Control Center Localization All (x32 Version: 2012.1116.1515.27190)
CCC Help Chinese Standard (x32 Version: 2012.1116.1514.27190)
CCC Help Chinese Traditional (x32 Version: 2012.1116.1514.27190)
CCC Help Czech (x32 Version: 2012.1116.1514.27190)
CCC Help Danish (x32 Version: 2012.1116.1514.27190)
CCC Help Dutch (x32 Version: 2012.1116.1514.27190)
CCC Help English (x32 Version: 2012.1116.1514.27190)
CCC Help Finnish (x32 Version: 2012.1116.1514.27190)
CCC Help French (x32 Version: 2012.1116.1514.27190)
CCC Help German (x32 Version: 2012.1116.1514.27190)
CCC Help Greek (x32 Version: 2012.1116.1514.27190)
CCC Help Hungarian (x32 Version: 2012.1116.1514.27190)
CCC Help Italian (x32 Version: 2012.1116.1514.27190)
CCC Help Japanese (x32 Version: 2012.1116.1514.27190)
CCC Help Korean (x32 Version: 2012.1116.1514.27190)
CCC Help Norwegian (x32 Version: 2012.1116.1514.27190)
CCC Help Polish (x32 Version: 2012.1116.1514.27190)
CCC Help Portuguese (x32 Version: 2012.1116.1514.27190)
CCC Help Russian (x32 Version: 2012.1116.1514.27190)
CCC Help Spanish (x32 Version: 2012.1116.1514.27190)
CCC Help Swedish (x32 Version: 2012.1116.1514.27190)
CCC Help Thai (x32 Version: 2012.1116.1514.27190)
CCC Help Turkish (x32 Version: 2012.1116.1514.27190)
ccc-utility64 (Version: 2012.1116.1515.27190)
cera Product Library (Version: 2.0.0713)
Classic Shell (Version: 3.6.8)
CyberLink PowerDVD 11 (x32 Version: 11.0.1719.51)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
DivX Tech Preview: MKV on Windows 7 (x32)
DivX-Setup (x32 Version: 2.6.1.44)
ElsterFormular (x32 Version: 14.1.11318)
File Type Assistant (x32 Version: 2013.4.8.0)
Final Media Player 2012 (x32 Version: 2012.10.9.0)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
ImgBurn (x32 Version: 2.5.7.0)
IrfanView (remove only) (x32 Version: 4.35)
iSafe (x32)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
K-Lite Codec Pack 9.9.4 (Full) (x32 Version: 9.9.4)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
MOV Download Tool 1.2.1 (x32 Version: 1.2.1)
Mozilla Firefox 23.0 (x86 de) (x32 Version: 23.0)
Mozilla Maintenance Service (x32 Version: 17.0.8)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyPC Backup  (Version: )
PDF Settings CS5 (x32 Version: 10.0)
PDF-XChange Lite 4 (Version: 4.0.195.0)
QuickTime (x32 Version: 7.74.80.86)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6383)
Samsung Kies (x32 Version: 2.5.2.13021_10)
Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.24.0)
swMSM (x32 Version: 12.0.0.1)
System Requirements Lab for Intel (x32 Version: 4.5.13.0)
TeamViewer 8 Host (x32 Version: 8.0.17396)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
VaudiX (Version: 1.0)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VIO Player version 1.0.1 (x32 Version: 1.0.1)
VirtualCloneDrive (x32)
VLC media player 2.0.2 (x32 Version: 2.0.2)
VueScan
VueScan x64
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)

==================== Restore Points  =========================

28-07-2013 12:09:21 Windows Update
04-08-2013 19:48:00 Removed WinZip 17.0
07-08-2013 18:56:06 ComboFix created restore point

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-08-07 21:08 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {01129DCE-A128-454C-B980-8B40D3E9B9C2} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe No File
Task: {08D48572-52D6-44F0-9868-E5823E66F92B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {09791DBD-18C2-407C-B279-04FDC0ABBE44} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe No File
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {1B6CF5DF-FEB4-468C-BACE-AF6D123EFB59} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe No File
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2D123B5F-62F5-4271-AA1E-44970BBA4D87} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe No File
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {2EC43873-F1DE-4FBA-BAB4-AAB38CCDC3FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-11] (Google Inc.)
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {31AF94BF-8B62-4762-BCAF-00298741E0F2} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe No File
Task: {326E7828-D307-41C8-99D6-4F99F92C1CE8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe No File
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3ADBED71-499D-40A3-8F0D-8131B12B1F1A} - System32\Tasks\VaudiXUpdaterTask{DB82C180-3F90-457F-AA68-458770647DD9} => C:\ProgramData\Premium\VaudiX\VaudiX.exe No File
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C0C58D0-C4C3-4C8E-8368-48B778B7850C} - System32\Tasks\Final Media Player Update Checker => C:\Program Files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2012-09-02] (Bitberry Software)
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {42CA4EE0-2DCB-4D4F-B035-89309F2847FC} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2013-01-29] (Microsoft Corporation)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {530494B8-8BB7-4171-9C72-58799BCE65AF} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe No File
Task: {55099EF4-E2F3-4700-A027-3B123CBE2D4E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe No File
Task: {557EDF28-2A22-40D4-80B1-42EE3D6FE918} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe No File
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {57B943B8-9AC0-4C79-AB91-00358ECABFE3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {620D4E35-AA31-461A-B300-AC45C8C3E238} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {62ECF2D8-24CE-4F54-ABE4-812CF67BBF83} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe No File
Task: {668F9C79-F630-4726-8B86-0F08213F6282} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe No File
Task: {6E8DF883-B949-4469-809C-C8D36CE6ABBA} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {756DC2B2-5F88-4272-9C0D-56945CCD0B77} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-16] (Adobe Systems Incorporated)
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {822A19EB-6D0B-40F9-B138-648DF279A492} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {828EE0C6-A9CE-4992-8D07-7DBE90EDD1BC} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe No File
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {854511E6-11B5-45F7-8183-AC53E0CEA72A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe No File
Task: {86CC1C5C-8B87-49A2-A913-D36330C964F5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe No File
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {8A9C1AE5-900C-48CB-89F2-E8DC5D232969} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe No File
Task: {8D0E3718-F5E2-4458-97B9-D47E679909C4} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe No File
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {950998B1-C05A-4821-9CC6-44B79B0826B7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe No File
Task: {96CBAFDE-2640-4901-BBE5-D11C6334E057} - System32\Tasks\AdobeAAMUpdater-1.0-Mausi-Stephan => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-09-16] (Adobe Systems Incorporated)
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {9C5859C9-CCE3-47F5-9717-220A85241F1B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\WINDOWS\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {A65B27FA-6816-4AF8-B0E1-E606679C9041} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe [2013-04-09] (                                                            )
Task: {A6870199-5A67-441B-92F0-7A6F6862D1EF} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-341466373-3681085009-323642726-1000
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {A83812D3-5929-4E7E-AF14-3C1B0758D898} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe No File
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {ACEFD461-F066-49B7-A719-38290494460C} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {AFFDF4F4-F6AA-4659-9A65-F9B04D5D1DB6} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2013-01-29] (Microsoft Corporation)
Task: {B3AF2042-8CA0-44ED-B9E4-12E851D640A8} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2013-05-24] (Systweak)
Task: {B6054DC3-AC73-4A92-AA11-0662D801DD34} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe [2013-04-08] (Trusted Software ApS)
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {BD8224C0-59FF-4153-B5CB-6F31563E4FE9} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe No File
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C25FC45B-50C4-48E4-B8ED-AF46B5ECEA66} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe No File
Task: {C2679F51-AEA2-4A24-A86A-DE4E4275C2DC} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe No File
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {D7FC5EC8-AD96-4DD9-A957-2E2D9940C72D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-11] (Google Inc.)
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DD3AECEB-A37F-47D3-B7B4-09CCB639ADD0} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe No File
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {F268526F-4241-4150-B51F-16F8DDA6B231} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe No File
Task: {FC89B8F0-0208-4825-B326-FC9EB6B261C5} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe No File
Task: {FF71BE68-B908-4A80-AD8D-8A6BB20182CC} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe No File
Task: {FFE3FD50-646E-4A64-913B-23C4187E6025} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Final Media Player Update Checker.job => C:\Program Files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\VaudiXUpdaterTask{DB82C180-3F90-457F-AA68-458770647DD9}.job => C:\ProgramData\Premium\VaudiX\VaudiX.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/09/2013 06:33:39 PM) (Source: Application Hang) (User: )
Description: Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: f78

Startzeit: 01ce951e1a2304f8

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\wwahost.exe

Berichts-ID: 6b58c6c1-0111-11e3-beb0-001bfc796d9a

Vollständiger Name des fehlerhaften Pakets: Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.Bing

Error: (08/09/2013 06:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Mausi)
Description: Das Paket „Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (08/09/2013 06:33:27 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (08/09/2013 06:32:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Mausi)
Description: Bei der Aktivierung der App „Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/09/2013 06:32:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Mausi)
Description: Die App „Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.

Error: (08/08/2013 09:03:04 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.


System errors:
=============
Error: (08/09/2013 06:33:12 PM) (Source: DCOM) (User: Mausi)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MausiStephanS-1-5-21-341466373-3681085009-323642726-1000LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/09/2013 06:33:11 PM) (Source: DCOM) (User: Mausi)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MausiStephanS-1-5-21-341466373-3681085009-323642726-1000LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/09/2013 06:33:11 PM) (Source: DCOM) (User: Mausi)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MausiStephanS-1-5-21-341466373-3681085009-323642726-1000LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/09/2013 06:33:11 PM) (Source: DCOM) (User: Mausi)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MausiStephanS-1-5-21-341466373-3681085009-323642726-1000LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/09/2013 06:33:11 PM) (Source: DCOM) (User: Mausi)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MausiStephanS-1-5-21-341466373-3681085009-323642726-1000LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/09/2013 06:33:11 PM) (Source: DCOM) (User: Mausi)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MausiStephanS-1-5-21-341466373-3681085009-323642726-1000LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/09/2013 06:33:10 PM) (Source: DCOM) (User: Mausi)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MausiStephanS-1-5-21-341466373-3681085009-323642726-1000LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/09/2013 06:33:10 PM) (Source: DCOM) (User: Mausi)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MausiStephanS-1-5-21-341466373-3681085009-323642726-1000LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/09/2013 06:33:09 PM) (Source: DCOM) (User: Mausi)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MausiStephanS-1-5-21-341466373-3681085009-323642726-1000LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/09/2013 06:30:41 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0


Microsoft Office Sessions:
=========================
Error: (08/09/2013 06:33:39 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.2.9200.16420f7801ce951e1a2304f84294967295C:\WINDOWS\system32\wwahost.exe6b58c6c1-0111-11e3-beb0-001bfc796d9aMicrosoft.Bing_1.2.0.137_x64__8wekyb3d8bbweMicrosoft.Bing

Error: (08/09/2013 06:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Mausi)
Description: Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe

Error: (08/09/2013 06:33:27 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Stephan\Desktop\esetsmartinstaller_enu.exe

Error: (08/09/2013 06:32:58 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Mausi)
Description: Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing-2144927142

Error: (08/09/2013 06:32:42 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Mausi)
Description: Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing

Error: (08/08/2013 09:03:04 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Stephan\Desktop\esetsmartinstaller_enu.exe


CodeIntegrity Errors:
===================================
  Date: 2013-08-07 21:04:14.609
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-31 17:43:03.504
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-07-31 17:43:03.426
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-07-31 17:43:03.364
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-07-31 17:43:02.833
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-07-31 17:43:02.771
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-07-31 17:43:02.708
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-07-31 17:43:01.663
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-07-31 17:43:00.696
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-07-31 17:41:27.922
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.


==================== Memory info =========================== 

Percentage of memory in use: 32%
Total physical RAM: 6143.11 MB
Available physical RAM: 4119.88 MB
Total Pagefile: 12287.11 MB
Available Pagefile: 10147.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows 7) (Fixed) (Total:119.9 GB) (Free:44.1 GB) NTFS (Disk=1 Partition=2)
Drive d: (Daten) (Fixed) (Total:80 GB) (Free:15.55 GB) NTFS (Disk=2 Partition=2)
Drive e: (Bilder) (Fixed) (Total:112.88 GB) (Free:58.2 GB) NTFS (Disk=1 Partition=3)
Drive f: (Filme und Videos) (Fixed) (Total:122.89 GB) (Free:21.43 GB) NTFS (Disk=2 Partition=3)
Drive g: (BackUps) (Fixed) (Total:74.55 GB) (Free:56.07 GB) NTFS (Disk=0 Partition=1)
Drive m: (USB-STICK) (Removable) (Total:0.96 GB) (Free:0.89 GB) FAT (Disk=3 Partition=1)
Drive t: (WIN XP) (Fixed) (Total:30 GB) (Free:4.91 GB) NTFS (Disk=2 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 75 GB) (Disk ID: B92CB92C)
Partition 2: (Active) - (Size=75 GB) - (Type=05)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 443C443B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=120 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=113 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 44884487)
Partition 1: (Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=203 GB) - (Type=05)

========================================================
Disk: 3 (Size: 984 MB) (Disk ID: B50CCBA7)
Partition 1: (Active) - (Size=984 MB) - (Type=06)

==================== End Of Log ============================
         

Alt 12.08.2013, 16:12   #14
markusg
/// Malware-holic
 
ClickCompare Malware auf Win 8 x64 - Standard

ClickCompare Malware auf Win 8 x64



Hi,
1.
öffne google chrome, lösche die Erweiterung
LyriXeeker
https://support.google.com/chrome/answer/113907?hl=de
PC neustarten, prüfen ob sie weg ist.
2.

Fix mit FRST
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
ATTFilter
Toolbar: HKLM-x32 - No Name - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
HTML5
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] C:\Program Files (x86)\LyriXeeker\1
CHR HKLM-x32\...\Chrome\Extension: [odnofacmifkjndflfmmplhckcbfjckhj] - C:\Program Files 
(x86)\LyriXeeker\125.crx
         
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut
    und klicke den Fix Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.
3.
bitte teste, ob es im Firefox, internet explorer, und sonstigen
evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt.
Teste wie pc und programme allgemein laufen.
Wenn alles gut läuft:
4.
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


5. PC absichern.
Der Abschnitt windows 7 bzw Vista passt am besten für dein System.
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
Computeractive Software Store - Emsisoft Anti-Malware 8 [1-PC] - 63% off RRP
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
http://support.google.com/chrome/bin...&answer=118663
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie - Download - Filepony

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Password Manager, Form Filler, Password Management | RoboForm Password Manager
anleitung:
RoboForm Manual
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Geändert von markusg (12.08.2013 um 16:18 Uhr)

Alt 15.08.2013, 22:18   #15
elmausi
 
ClickCompare Malware auf Win 8 x64 - Standard

ClickCompare Malware auf Win 8 x64



Sorry, hat ein wenig gedauert, hier das Log von FRST:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-08-2013 01
Ran by Stephan at 2013-08-15 21:30:12 Run:1
Running from C:\Users\Stephan\Desktop
Boot Mode: Normal
==============================================

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
HKCU\Software\Mozilla\Firefox\Extensions\\lyrix@lyrixeeker.co => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\odnofacmifkjndflfmmplhckcbfjckhj => Key deleted successfully.
"C:\Program Files (x86)\LyriXeeker\125.crx" => File/Directory not found.

==== End of Fixlog ====
         
Es scheint so, dass derzeit die Weiterleitungen verschwunden sind. Ich werde den PC jetzt noch absichern.

Vielen Dank schon mal.

Antwort

Themen zu ClickCompare Malware auf Win 8 x64
autostart, benötigte, clickcompare, code, disable, eingefangen, entferne, firefox, forum, gefangen, gen, links, logfiles, malware, nette, seite, versuch, win, win 8, win 8 x64



Ähnliche Themen: ClickCompare Malware auf Win 8 x64


  1. Problem mit Clickcompare
    Plagegeister aller Art und deren Bekämpfung - 22.03.2014 (13)
  2. Clickcompare Virus
    Plagegeister aller Art und deren Bekämpfung - 25.01.2014 (13)
  3. clickcompare in firefox bei win7
    Log-Analyse und Auswertung - 03.01.2014 (7)
  4. Windows 7: Trojaner - ClickCompare
    Plagegeister aller Art und deren Bekämpfung - 02.12.2013 (56)
  5. ClickCompare und Cupondropdown
    Plagegeister aller Art und deren Bekämpfung - 01.07.2013 (9)
  6. ClickCompare Malware löschen
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (10)
  7. Verlinkungen zu Clickcompare
    Log-Analyse und Auswertung - 01.06.2013 (20)
  8. ClickCompare, Text-Enhance usw.
    Plagegeister aller Art und deren Bekämpfung - 22.05.2013 (7)
  9. clickcompare Trojaner (?)
    Plagegeister aller Art und deren Bekämpfung - 19.05.2013 (4)
  10. clickcompare und dealply Probleme
    Log-Analyse und Auswertung - 10.05.2013 (7)
  11. Clickcompare Virus
    Plagegeister aller Art und deren Bekämpfung - 18.04.2013 (5)
  12. Clickcompare Trojaner
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (4)
  13. clickcompare trojaner
    Plagegeister aller Art und deren Bekämpfung - 05.04.2013 (8)
  14. ClickCompare und Werbung - wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 23.03.2013 (4)
  15. Trojaner clickcompare entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.02.2013 (12)
  16. Clickcompare Virus
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (5)
  17. Clickcompare in Internetforen
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (17)

Zum Thema ClickCompare Malware auf Win 8 x64 - Hallo an das Forum, ich habe mir auf einem PC diese "nette" Malware eingefangen, die im Firefox einige Links auf die Seite "clickcompare.info umleitet". Es wäre nett, wenn mir jemand - ClickCompare Malware auf Win 8 x64...
Archiv
Du betrachtest: ClickCompare Malware auf Win 8 x64 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.