Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7: Bootzeit von 10 Minuten

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 07.11.2014, 14:13   #1
chris224
 
Windows 7: Bootzeit von 10 Minuten - Standard

Windows 7: Bootzeit von 10 Minuten



Hallo Zusammen,

eine kurze Beschreibung vorweg:

Die Bootzeit meines Windows 7 Rechners ist seit einer Woche plötzlich 10 Minuten (nach der Eingabe das Passwortes gemessen, davor geht alles normal schnell).

Beim Start ist nach dem Passwort Bildschirm und dem "Willkommen" für 10 Minuten ein Blackscreen nur mit Maus zu sehen, danach erscheint der Deskop und es dauert ca. 5 Minuten bis man den Computer normal nutzen kann.

Habe daraufhin mal Malwarebytes Antimalware laufen lassen, der konnte auch etwas finden jedoch lief es beim nächsten Bootvorgang wieder genauso ab.

Ich kann bei Bedarf noch mehr Hardware Angaben liefern, ich will aber den Post nicht zu lang werden lassen.

Logfiles folgen: In der Reihenfolge: Malwarebytes Antimalware, Frst, addition, defogger, Gmer

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 04.11.2014
Suchlauf-Zeit: 19:19:51
Logdatei: Malwarebytes.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.04.06
Rootkit Datenbank: v2014.11.01.02
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Chris

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 332367
Verstrichene Zeit: 16 Min, 3 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 17
PUP.Optional.PiccShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{553318DA-D010-469E-84B1-496563CAE1C0}, In Quarantäne, [fccaba7d4f2da591fc883c71b34fc63a], 
PUP.Optional.PiccShare.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{671F1846-80F2-4ED8-B183-A921E6A4D5D5}, In Quarantäne, [fccaba7d4f2da591fc883c71b34fc63a], 
PUP.Optional.PiccShare.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{41DF0821-AF9A-4246-B01E-DB43C0E7A775}, In Quarantäne, [fccaba7d4f2da591fc883c71b34fc63a], 
PUP.Optional.PiccShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{41DF0821-AF9A-4246-B01E-DB43C0E7A775}, In Quarantäne, [fccaba7d4f2da591fc883c71b34fc63a], 
PUP.Optional.PiccShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{671F1846-80F2-4ED8-B183-A921E6A4D5D5}, In Quarantäne, [fccaba7d4f2da591fc883c71b34fc63a], 
PUP.Optional.PiccShare.A, HKLM\SOFTWARE\CLASSES\PiccShare.BHO.1, In Quarantäne, [fccaba7d4f2da591fc883c71b34fc63a], 
PUP.Optional.PiccShare.A, HKLM\SOFTWARE\CLASSES\PiccShare.BHO, In Quarantäne, [fccaba7d4f2da591fc883c71b34fc63a], 
PUP.Optional.PiccShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PiccShare.BHO, In Quarantäne, [fccaba7d4f2da591fc883c71b34fc63a], 
PUP.Optional.PiccShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PiccShare.BHO.1, In Quarantäne, [fccaba7d4f2da591fc883c71b34fc63a], 
PUP.Optional.PiccShare.A, HKU\S-1-5-21-1267327803-2283943938-1836921389-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{553318DA-D010-469E-84B1-496563CAE1C0}, In Quarantäne, [fccaba7d4f2da591fc883c71b34fc63a], 
PUP.Optional.PiccShare.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{553318DA-D010-469E-84B1-496563CAE1C0}, In Quarantäne, [fccaba7d4f2da591fc883c71b34fc63a], 
PUP.Optional.EasyLife.A, HKU\S-1-5-21-1267327803-2283943938-1836921389-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}, In Quarantäne, [992d85b24c300135a8805c8b0cf64db3], 
PUP.Optional.EasyLife.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}, In Quarantäne, [992d85b24c300135a8805c8b0cf64db3], 
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5F189DF5-2D05-472B-9091-84D9848AE48B}{2db04d42}, In Quarantäne, [7c4a4ee9c2bae74f1c86e15f0df67d83], 
PUP.Optional.SimpleNewTab.A, HKU\S-1-5-21-1267327803-2283943938-1836921389-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SimpleNewTab, In Quarantäne, [a81e15224c3058de8904af9d3ac916ea], 
PUP.Optional.SProtector.A, HKU\S-1-5-21-1267327803-2283943938-1836921389-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SProtector, In Quarantäne, [53730037a3d9ef47076dbfbef01440c0], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-1267327803-2283943938-1836921389-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [7c4abe79f3892610877a51031ee57f81], 

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 1
PUP.Optional.BrowserStabilizer.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs,  C:\PROGRA~3\BROWSE~1\BROWSE~2.DLL, Gut: (), Schlecht: (C:\PROGRA~3\BROWSE~1\BROWSE~2.DLL),Ersetzt,[f2d45add413b52e4da5ac06c669dbd43]

Ordner: 2
PUP.Optional.SimpleNewTab.A, C:\Users\Chris\AppData\Local\simple_new_tab, In Quarantäne, [4b7b56e1f488f83ecf038782c043ad53], 
PUP.Optional.SimpleNewTab.A, C:\Users\Chris\AppData\Local\simple_new_tab\htmls, In Quarantäne, [4b7b56e1f488f83ecf038782c043ad53], 

Dateien: 6
PUP.Optional.BrowserStabilizer.A, C:\ProgramData\Browser Stabilizer\BrowserStabilizer_x64.dll, In Quarantäne, [f2d45add413b52e4da5ac06c669dbd43], 
PUP.Optional.DataMgr.A, C:\Users\Chris\AppData\Roaming\DataMgr\DataMgr.exe, In Quarantäne, [daec1126a7d5b3834e93148811f32ed2], 
PUP.Optional.SimpleNewTab.A, C:\Users\Chris\AppData\Local\simple_new_tab\simple_new_tab.dll, In Quarantäne, [4b7b56e1f488f83ecf038782c043ad53], 
PUP.Optional.SimpleNewTab.A, C:\Users\Chris\AppData\Local\simple_new_tab\htmls\index.html, In Quarantäne, [4b7b56e1f488f83ecf038782c043ad53], 
PUP.Optional.Babylon.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\43w4q8la.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.prtkDS", 0);), Ersetzt,[a2249c9b601c53e32f580769dd2819e7]
PUP.Optional.Babylon.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\43w4q8la.default\prefs.js, Gut: (), Schlecht: (Preferences

/* Do not edit this file.
 *
 * If), Ersetzt,[bd096ccb86f67db904835b1525e0817f]

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Chris (administrator) on CHRIS-HP on 07-11-2014 12:03:50
Running from C:\Users\Chris\Downloads
Loaded Profile: Chris (Available profiles: Chris)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Users\Chris\Downloads\openhardwaremonitor-v0.6.0-beta\OpenHardwareMonitor\OpenHardwareMonitor.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-08-12] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124720 2014-10-09] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [NCPluginUpdater] => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1267327803-2283943938-1836921389-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-12-06] (AMD)
HKU\S-1-5-21-1267327803-2283943938-1836921389-1000\...\MountPoints2: {0faa1ba5-6da6-11e0-9613-806e6f6e6963} - E:\Launch.exe
HKU\S-1-5-21-1267327803-2283943938-1836921389-1000\...\MountPoints2: {f458bf77-1779-11e1-aec3-e0699581c5e0} - J:\pushinst.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=ssl
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - {E6AF0E3D-FBF3-43BD-ADD6-BDE09A3765CF} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=de&q={searchTerms}&gu=f92bf0c371da4280886df0b3fe7d2d9c&tu=10GXy00Ad1B0Ca0&sku=&tstsId=&ver=&&r=632
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-04-23] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\43w4q8la.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\43w4q8la.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ghostery - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\43w4q8la.default\Extensions\firefox@ghostery.com.xpi [2014-01-28]
FF Extension: Adblock Plus - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\43w4q8la.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-11-07]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011-04-23]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2011-04-23]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-04-23]
FF HKLM-x32\...\Firefox\Extensions: [FFToolbar@bitdefender.com] - C:\Program Files\BitDefender\BitDefender 2010\bdaphffext
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [162096 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
S2 CLKMSVC10_C6F09094; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [245232 2010-11-26] (CyberLink)
S4 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2013-12-09] (BioWare)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-12] ()
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-08-12] (Check Point Software Technologies LTD)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-06-16] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-06-16] ()
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [451096 2013-06-13] (Check Point Software Technologies LTD)
U4 bdselfpr; No ImagePath
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\1.3\temp\FairplayKD.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
R3 WinRing0_1_2_0; \??\C:\Users\Chris\Downloads\openhardwaremonitor-v0.6.0-beta\OpenHardwareMonitor\OpenHardwareMonitor.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-07 12:02 - 2014-11-07 12:02 - 00000472 _____ () C:\Users\Chris\Downloads\defogger_disable.log
2014-11-07 12:02 - 2014-11-07 12:02 - 00000000 _____ () C:\Users\Chris\defogger_reenable
2014-11-07 11:59 - 2014-11-07 12:00 - 00380416 _____ () C:\Users\Chris\Downloads\Gmer-19357.exe
2014-11-07 11:59 - 2014-11-07 11:59 - 00050477 _____ () C:\Users\Chris\Downloads\Defogger.exe
2014-11-07 11:51 - 2014-11-07 11:52 - 00049219 _____ () C:\Users\Chris\Downloads\Addition.txt
2014-11-07 11:50 - 2014-11-07 12:03 - 00019355 _____ () C:\Users\Chris\Downloads\FRST.txt
2014-11-07 11:50 - 2014-11-07 12:03 - 00000000 ____D () C:\FRST
2014-11-07 11:49 - 2014-11-07 11:49 - 02114560 _____ (Farbar) C:\Users\Chris\Downloads\FRST64.exe
2014-11-07 11:19 - 2014-11-07 11:19 - 00526371 _____ () C:\Users\Chris\Downloads\openhardwaremonitor-v0.6.0-beta.zip
2014-11-07 11:19 - 2014-11-07 11:19 - 00000000 ____D () C:\Users\Chris\Downloads\openhardwaremonitor-v0.6.0-beta
2014-11-07 10:07 - 2014-11-07 10:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-05 18:52 - 2014-11-05 18:52 - 00000000 ____D () C:\Users\Chris\Downloads\CrystalDiskInfo6_2_1
2014-11-04 19:19 - 2014-11-05 18:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-04 19:18 - 2014-11-04 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-04 19:18 - 2014-11-04 19:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-04 19:18 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-04 19:18 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-04 19:18 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-03 15:10 - 2014-11-03 15:17 - 00100409 _____ () C:\Windows\iis7.log
2014-11-03 15:10 - 2014-11-03 15:17 - 00000000 ____D () C:\inetpub
2014-10-24 15:33 - 2014-10-24 15:33 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-24 15:33 - 2014-10-24 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-21 17:05 - 2014-10-21 17:05 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-16 20:12 - 2014-10-16 20:12 - 00056720 _____ () C:\Windows\SysWOW64\CCCInstall_201410162112037458.log
2014-10-16 20:12 - 2014-10-16 20:12 - 00000000 ____D () C:\ProgramData\ATI
2014-10-16 20:12 - 2014-10-16 20:12 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-10-16 20:11 - 2014-10-16 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-10-16 20:04 - 2014-10-16 20:04 - 00000000 ____D () C:\AMD
2014-10-16 19:41 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 19:41 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 19:41 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 19:41 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 19:41 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 19:41 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 19:41 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 19:41 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 19:41 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 19:41 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 19:41 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 19:41 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 19:41 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 19:41 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 19:41 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 19:41 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 19:41 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 19:41 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 19:41 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 19:41 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 19:41 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 19:41 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 19:41 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 19:41 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 19:41 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 19:41 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 19:41 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 19:41 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 19:41 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 19:41 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 19:41 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 19:41 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 19:41 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 19:41 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 19:41 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 19:41 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 19:41 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 19:41 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 19:41 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 19:41 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 19:41 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 19:41 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 19:41 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 19:41 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 19:41 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 19:41 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 19:41 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 19:41 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 19:41 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 19:41 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 19:41 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 19:41 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 19:41 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 19:41 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 19:41 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 19:41 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 19:40 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 19:40 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-16 19:40 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-16 19:40 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 19:40 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 19:40 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 19:40 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 19:40 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 19:40 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 19:40 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 19:40 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 19:40 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 19:40 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 19:40 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 19:40 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 19:40 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 19:40 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 19:40 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 19:40 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 19:40 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 19:40 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 19:40 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 19:40 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 19:40 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 19:40 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 19:40 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 19:40 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 19:39 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 19:39 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 18:53 - 2014-10-15 18:53 - 00000000 __SHD () C:\Users\Chris\AppData\Local\EmieUserList
2014-10-15 18:53 - 2014-10-15 18:53 - 00000000 __SHD () C:\Users\Chris\AppData\Local\EmieSiteList
2014-10-14 17:54 - 2014-10-14 17:54 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\ATI
2014-10-14 17:54 - 2014-10-14 17:54 - 00000000 ____D () C:\Users\Chris\AppData\Local\ATI
2014-10-14 17:52 - 2014-10-14 17:52 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-10-14 17:49 - 2014-10-16 20:12 - 00000000 ____D () C:\ProgramData\AMD
2014-10-14 17:48 - 2014-10-14 17:48 - 00061389 _____ () C:\Windows\SysWOW64\CCCInstall_201410141848541929.log
2014-10-14 17:47 - 2014-10-14 17:47 - 00000000 ____D () C:\Program Files\AMD
2014-10-14 17:47 - 2013-12-06 22:38 - 01187342 _____ () C:\Windows\system32\amdocl_as64.exe
2014-10-14 17:47 - 2013-12-06 22:38 - 01061902 _____ () C:\Windows\system32\amdocl_ld64.exe
2014-10-14 17:47 - 2013-12-06 22:38 - 00995342 _____ () C:\Windows\SysWOW64\amdocl_as32.exe
2014-10-14 17:47 - 2013-12-06 22:38 - 00798734 _____ () C:\Windows\SysWOW64\amdocl_ld32.exe
2014-10-14 17:46 - 2013-12-06 21:39 - 00204952 _____ () C:\Windows\SysWOW64\ativvsvl.dat
2014-10-14 17:46 - 2013-12-06 21:39 - 00204952 _____ () C:\Windows\system32\ativvsvl.dat
2014-10-14 17:46 - 2013-12-06 21:39 - 00157144 _____ () C:\Windows\SysWOW64\ativvsva.dat
2014-10-14 17:46 - 2013-12-06 21:39 - 00157144 _____ () C:\Windows\system32\ativvsva.dat
2014-10-14 17:46 - 2013-09-30 21:48 - 00047887 _____ () C:\Windows\atiogl.xml
2014-10-14 17:46 - 2011-09-12 23:06 - 00003917 _____ () C:\Windows\SysWOW64\atipblag.dat
2014-10-14 17:46 - 2011-09-12 23:06 - 00003917 _____ () C:\Windows\system32\atipblag.dat
2014-10-14 17:45 - 2014-10-14 17:49 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-10-14 17:45 - 2014-10-14 17:45 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-10-14 17:37 - 2014-10-16 20:11 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-10-14 17:37 - 2014-10-14 17:37 - 00000000 ____D () C:\Program Files\ATI
2014-10-09 16:23 - 2014-10-09 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-10-09 16:23 - 2014-10-09 16:23 - 00000000 ____D () C:\Program Files\CPUID

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-07 12:02 - 2011-07-07 10:28 - 00000000 ____D () C:\Users\Chris
2014-11-07 11:19 - 2013-08-26 11:11 - 00000000 ____D () C:\Users\Chris\Downloads\schrott
2014-11-07 11:10 - 2012-04-26 16:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-07 11:09 - 2012-12-07 14:20 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-07 11:09 - 2011-07-08 18:21 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-07 11:05 - 2012-04-04 16:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-07 09:50 - 2011-04-23 11:49 - 01551672 _____ () C:\Windows\WindowsUpdate.log
2014-11-07 09:45 - 2011-04-23 12:27 - 00735652 _____ () C:\Windows\system32\perfh007.dat
2014-11-07 09:45 - 2011-04-23 12:27 - 00165254 _____ () C:\Windows\system32\perfc007.dat
2014-11-07 09:45 - 2009-07-14 06:13 - 01717942 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-07 09:43 - 2012-03-20 15:07 - 00000546 _____ () C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job
2014-11-07 09:33 - 2013-08-08 09:07 - 00031568 _____ () C:\Windows\setupact.log
2014-11-07 09:33 - 2013-02-24 18:50 - 00000440 ____H () C:\Windows\Tasks\schedule!1818212897.job
2014-11-07 09:33 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-06 21:12 - 2009-07-14 05:45 - 00015568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-06 21:12 - 2009-07-14 05:45 - 00015568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-06 17:27 - 2011-10-26 16:38 - 01691286 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-11-05 17:59 - 2013-08-08 09:07 - 00255520 _____ () C:\Windows\PFRO.log
2014-11-04 19:37 - 2013-12-27 14:11 - 00000000 ____D () C:\ProgramData\Browser Stabilizer
2014-11-04 19:37 - 2013-07-03 10:07 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\DataMgr
2014-11-04 19:18 - 2012-04-16 21:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-04 18:33 - 2014-05-03 14:51 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-04 18:33 - 2013-04-19 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-04 18:33 - 2011-08-28 15:28 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-04 18:33 - 2009-07-14 08:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-04 18:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-11-04 18:17 - 2012-06-22 20:45 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForChris
2014-11-04 18:17 - 2012-06-22 20:45 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForChris.job
2014-11-03 15:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2014-11-03 15:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-11-01 23:30 - 2011-08-03 12:02 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Skype
2014-10-29 17:14 - 2014-08-06 16:20 - 00001099 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-29 17:14 - 2013-04-19 09:55 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-28 06:34 - 2011-09-06 19:00 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 18:55 - 2011-08-08 11:55 - 00003218 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCHRIS-HP$
2014-10-27 18:55 - 2011-08-08 11:55 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForCHRIS-HP$.job
2014-10-24 15:33 - 2014-06-09 13:59 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-24 15:33 - 2011-08-03 12:01 - 00000000 ____D () C:\ProgramData\Skype
2014-10-23 21:12 - 2011-11-13 17:27 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\SoftGrid Client
2014-10-21 17:06 - 2013-10-19 11:05 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-21 17:05 - 2014-08-10 09:50 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-21 17:05 - 2014-07-20 09:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-21 17:05 - 2014-07-20 09:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-21 17:05 - 2011-07-26 16:52 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-18 13:07 - 2013-12-10 18:41 - 00435122 _____ () C:\Windows\DirectX.log
2014-10-18 11:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 18:28 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-17 08:43 - 2009-07-14 05:45 - 00311552 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 20:34 - 2011-11-22 13:34 - 00007605 _____ () C:\Users\Chris\AppData\Local\Resmon.ResmonCfg
2014-10-16 19:49 - 2011-04-23 11:43 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-10-16 19:45 - 2013-08-21 20:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 19:42 - 2011-07-14 10:31 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-16 19:34 - 2011-07-07 12:37 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-10-16 19:34 - 2011-07-07 12:37 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-10-16 19:15 - 2011-11-01 16:29 - 00000000 ____D () C:\Users\Chris\Documents\OpenTTD
2014-10-16 18:13 - 2011-07-07 15:53 - 00000000 ____D () C:\Users\Chris\Documents\Studium
2014-10-14 17:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2014-10-14 17:36 - 2013-05-02 10:17 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-14 17:36 - 2013-04-19 09:55 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-14 17:36 - 2013-04-19 09:55 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-09 15:57 - 2011-11-22 13:28 - 00000000 ____D () C:\Windows\Minidump
2014-10-09 15:57 - 2011-04-23 13:34 - 00338432 ____N () C:\Windows\Minidump\100914-16489-01.dmp

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some content of TEMP:
====================
C:\Users\Chris\AppData\Local\Temp\avgnt.exe
C:\Users\Chris\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Chris\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Chris\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Chris\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Chris\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Chris\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Chris\AppData\Local\Temp\sp64126.exe
C:\Users\Chris\AppData\Local\Temp\Uninstall.exe
C:\Users\Chris\AppData\Local\Temp\UninstallHPSA.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-28 18:39

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by Chris at 2014-11-07 12:04:04
Running from C:\Users\Chris\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

0 A.D. (HKCU\...\0 A.D.) (Version: r11863-alpha - Wildfire Games)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Age of Conan - Hyborian Adventures (HKLM-x32\...\Age of Conan_is1) (Version:  - Funcom)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Age of Empires Online (HKLM-x32\...\GFWL_{4D530FA3-9B89-4186-98B7-F51000000100}) (Version: 1.0.0000.1 - Microsoft Studios)
Age of Empires Online (x32 Version: 1.0.0000.1 - Microsoft Studios) Hidden
Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version:  - )
Age of Wulin (HKLM-x32\...\{A1CD76EB-30CA-45EE-9946-5FC20BA62012}) (Version: 0.0.1.011 - gPotato)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ANNO 1404 - Venedig (HKLM-x32\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.01.5010 - Ubisoft)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.03.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
ANNO 1404 Venedig Entwickler-Tools (HKLM-x32\...\{13C1E98C-4434-4026-AADB-4A8A348B9402}) (Version: 1.00.0000 - Related Designs)
ANNO 1602 Königs-Edition (HKLM-x32\...\{077A7810-A937-4465-AD08-ACED9807995F}) (Version: 1.00 - )
Arx Fatalis (HKLM-x32\...\Steam App 1700) (Version:  - Arkane Studios)
Arx Libertatis (HKCU\...\ArxLibertatis) (Version: 1.0.3 - )
Assassin's Creed Brotherhood (HKLM-x32\...\Steam App 48190) (Version:  - )
Assassin's Creed II (HKLM-x32\...\Steam App 33230) (Version:  - Ubisoft Montreal)
Avira (HKLM-x32\...\{dc9a688a-12cb-4a22-b449-23d849d01dc7}) (Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.0.2282.0 - Microsoft Corporation)
Bing Bar Platform (x32 Version: 6.0.2282.0 - Microsoft Corporation) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-Lot - The Elizabethan Era (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CheAPMe (HKLM-x32\...\{F6C44C71-2CFE-8176-3A4D-CBD0DCE5AEFA}) (Version:  - CheapMME) <==== ATTENTION
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CoCenter (HKLM-x32\...\CoCenter_is1) (Version: 1.4.9 - coocox.org)
CoFlash (HKLM-x32\...\CoFlash_is1) (Version: 1.4.6 - coocox.org)
CoIDE (HKLM-x32\...\CoIDE_is1) (Version: 1.7.7 - coocox.org)
Command and Conquer 3: Kane's Wrath (HKLM-x32\...\Steam App 24810) (Version:  - EA Los Angeles)
Command and Conquer 3: Tiberium Wars (HKLM-x32\...\Steam App 24790) (Version:  - EA Los Angeles)
Commander Keen 5 - The Armageddon Machine 1991 version 1.0 (HKLM-x32\...\{A4810069-DB03-48A4-8DDC-004330CDCEEF}}_is1) (Version: 1.0 - Pyramid Games, Inc.)
Common RTP 1.0 (HKLM-x32\...\RPGAdvocates_RTP_1.0) (Version:  - )
ContentMod2.6.2 (HKLM-x32\...\ContentMod_2.6.2) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - )
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version:  - Team Psykskallar)
CyberLink DVD Suite Premium (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DarkRadiant 1.7.3 (HKLM\...\DarkRadiant_is1) (Version:  - The Dark Mod)
DAvE (HKLM-x32\...\DAvE) (Version:  - )
Die Siedler III Gold Edition (HKLM-x32\...\S3) (Version:  - )
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - )
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
EAGLE 6.5.0 (HKLM-x32\...\EAGLE 6.5.0) (Version: 6.5.0 - CadSoft Computer GmbH)
EarthView V3.8.5 (HKLM-x32\...\EarthView) (Version:  - )
EasyLife Updater (HKLM\...\EasyLife Updater) (Version: 1.0 - BetterSoft)
Empire Earth Gold Edition (HKLM-x32\...\GOGPACKEMPIREEARTHGOLD_is1) (Version: 2.0.0.14 - GOG.com)
Empire Earth II Gold Edition (HKLM-x32\...\GOGPACKEMPIREEARTH2GOLD_is1) (Version: 2.0.0.17 - GOG.com)
ExsttroaCooupon (HKLM-x32\...\{98449C67-C7AF-BB53-112D-26C916814611}) (Version:  - ExoStraCOupon) <==== ATTENTION
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Freeciv 2.3.2 (GTK+ client) (HKCU\...\Freeciv-2.3.2-gtk2) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
GNU Tools for ARM Embedded Processors 4.8 2014q2 (HKLM-x32\...\552277EA-F57E-7211-F7F4-B8BA1274B46C) (Version: 20140726 - ARM Holdings)
Gothic 3 (HKLM-x32\...\Steam App 39500) (Version:  - Piranha – Bytes )
Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version:  - Rockstar Games)
GUILD WARS (HKLM-x32\...\Guild Wars) (Version:  - )
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life Deathmatch: Source (HKLM-x32\...\Steam App 360) (Version:  - Valve)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6302.0 - IDT)
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Jade Empire: Special Edition (HKLM-x32\...\Steam App 7110) (Version:  - BioWare Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle)
Java(TM) 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
Jewel Quest II (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Keil µVision4 (HKLM-x32\...\Keil µVision4) (Version:  - )
Lara Croft and the Guardian of Light (HKLM-x32\...\Steam App 35130) (Version:  - Crystal Dynamics)
League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games)
Legend of Grimrock (HKLM-x32\...\Steam App 207170) (Version:  - Almost Human Games)
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.7.9.30 - www.leaguereplays.com)
LTspice IV (HKLM-x32\...\LTspice IV) (Version:  - )
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios AB)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version:  - Klei Entertainment)
Mathcad 2001 Professional (HKLM-x32\...\{31A38B62-9168-4052-920A-F1405F43FEA8}) (Version: 10.01.0000 - MathSoft)
MATLAB R2011b (HKLM\...\Matlab R2011b) (Version: 7.13 - The MathWorks, Inc.)
Medieval II: Total War (HKLM-x32\...\Steam App 4700) (Version:  - The Creative Assembly)
Medieval II: Total War Kingdoms (HKLM-x32\...\Steam App 4780) (Version:  - The Creative Assembly)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Age of Empires (HKLM-x32\...\Age of Empires) (Version:  - )
Microsoft Age of Empires Expansion (HKLM-x32\...\Age of Empires Expansion 1.0) (Version:  - )
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MinimumPraicee (HKLM-x32\...\{CA1838EF-A497-194E-3850-37A62CEE398B}) (Version:  - MinimumPrice)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
Mount & Blade: With Fire and Sword (HKLM-x32\...\Steam App 48720) (Version:  - TaleWorlds Entertainment)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Mozilla Firefox 33.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 de)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.8 (HKLM-x32\...\{1BC144A3-20EF-49DD-8EBB-E421E128E30F}) (Version: 1.2.8 - Thorvald Natvig)
MusicStation (HKLM-x32\...\MusicStationNetstaller) (Version: 1.0.1.5 - Hewlett-Packard)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.1 - Notepad++ Team)
Obsidian Conflict Beta 1.35 Full (HKCU\...\{C2477B44-8AB4-4E65-AED0-46B67EFCC97A}_is1) (Version: 1.35 - Obsidian Conflict Team)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
OpenTTD 1.3.1 (HKLM-x32\...\OpenTTD) (Version: 1.3.1 - OpenTTD)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
PSpice Student 9.1 (HKLM-x32\...\PSpice Student) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Questpaket 4 Update 2 Deinstallation (HKLM-x32\...\G3QP231012008_is1) (Version: 4.2.0.0 - Humanforce)
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\GOGPACKRCT3_is1) (Version: 2.0.0.13 - GOG.com)
Rome: Total War (HKLM-x32\...\Steam App 4760) (Version:  - The Creative Assembly)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RTP for RM2K (Png, Wav, Midi, Fonts) (HKLM-x32\...\RTP for RM2K (Png, Wav, Midi, Fonts)) (Version:  - )
S.T.A.L.K.E.R.: Lost Alpha version 1.3.0013 (HKLM-x32\...\S.T.A.L.K.E.R.: Lost Alpha_is1) (Version: 1.3.0013 - dezowave)
Sacred Gold (HKLM-x32\...\Steam App 12320) (Version:  - Ascaron Entertainment)
Sea3D 1.2.0a (HKLM-x32\...\Sea3D_is1) (Version: 1.2.0a - Jason Fugate)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Source Multiplayer Dedicated Server (HKLM-x32\...\Steam App 310) (Version:  - Valve)
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version:  - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: 1.4.1.19776 - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - )
Synergy (HKLM-x32\...\Steam App 17520) (Version:  - Synergy Team)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - )
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Witcher 2 (HKLM-x32\...\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}) (Version: 1.00.0000 - CD Projekt Red)
The Witcher Enhanced Edition (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.4.5.1280 - CD Projekt Red)
Thief 2 (HKLM-x32\...\Steam App 211740) (Version:  - Looking Glass Studios)
Third Age - Total War 3.0 (Part 1of2) (HKCU\...\Third Age - Total War 3.0 (Part 1of2)) (Version:  - )
Third Age - Total War 3.0 (Part 2of2) (HKCU\...\Third Age - Total War 3.0 (Part 2of2)) (Version:  - )
Tomb Raider II (HKLM-x32\...\Steam App 225300) (Version:  - Core Design)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unknown Horizons (HKLM-x32\...\Unknown Horizons) (Version: 2013.2 - The Unknown Horizons Team)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
UTubbeNoAds (HKLM-x32\...\{C6E49138-C2CF-5337-D358-0734FD33EFB4}) (Version:  - UTubeNaOAdus)
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
VVVVVV (HKLM-x32\...\Steam App 70300) (Version:  - )
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Widelands (HKLM-x32\...\{WIDELANDS-WIN32-IS}_is1) (Version: Widelands - Widelands Development Team)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.14 - WildTangent)
Winamp (HKLM-x32\...\Winamp) (Version: 5.62  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}) (Version: 16.0.9715 - WinZip Computing, S.L. )
World of Tanks - Common Test (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812CT}_is1) (Version:  - Wargaming.net)
World of Tanks v.0.6.6 (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1) (Version:  - Wargaming.net)
World of Tanks v.0.7.4_CT (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C8CT}_is1) (Version:  - Wargaming.net)
World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813}_is1) (Version:  - Wargaming.net)
Worms Revolution (HKLM-x32\...\Steam App 200170) (Version:  - )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
YGOPro DevPro Version 1.9.6 r0 (HKLM-x32\...\{3CF2634F-3F38-4DD3-9201-CB2FE6B5FF23}_is1) (Version: 1.9.6 r0 - YGOPro DevPro Online)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
ZoneAlarm Firewall (x32 Version: 11.0.780.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 11.0.780.000 - Check Point)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)
ZoneAlarm Security (x32 Version: 11.0.780.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (x32 Version: 1.8.22.0 - Check Point Software Technologies LTD) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1267327803-2283943938-1836921389-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1267327803-2283943938-1836921389-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1267327803-2283943938-1836921389-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1267327803-2283943938-1836921389-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1267327803-2283943938-1836921389-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\ooofilt_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1267327803-2283943938-1836921389-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1267327803-2283943938-1836921389-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1267327803-2283943938-1836921389-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1267327803-2283943938-1836921389-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1267327803-2283943938-1836921389-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1267327803-2283943938-1836921389-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================

21-10-2014 16:04:05 Installed Java 7 Update 71
28-10-2014 17:45:57 Geplanter Prüfpunkt
03-11-2014 14:46:36 Windows Update
04-11-2014 17:24:32 Wiederherstellungsvorgang
04-11-2014 18:59:28 Windows Update
06-11-2014 16:25:23 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {11E42C9A-E4A1-4D3B-A71C-6E3FF514F795} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {13D75616-0279-4B59-A2F3-2D20070C734B} - System32\Tasks\MATLAB R2011b Startup Accelerator => C:\Program Files\MATLAB\R2011b\bin\win64\MATLABStartupAccelerator.exe [2011-07-08] ()
Task: {1AE96EA9-F398-4261-A022-A1F856225200} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {29F37828-D704-43B9-A85C-A2A4340503EA} - System32\Tasks\schedule!1818212897 => C:\ProgramData\BetterSoft\EasyLife Updater\EasyLife Updater.exe <==== ATTENTION
Task: {2F52DBE2-C41A-40C7-8FA9-AFD3FE38633C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {364467D4-F0E9-4D32-B2ED-344EE171B784} - System32\Tasks\HPCeeScheduleForCHRIS-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {3B0E2777-DB59-4AF0-9A46-44D6C1BC8DC0} - System32\Tasks\{DE79BC77-856F-43F0-996A-E951E84E1077} => C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto San Andreas\gta_sa.exe
Task: {3D17CBCE-0DEE-4C01-AA9F-8D33AFA5BCAF} - System32\Tasks\{CCC07322-662F-4265-A297-B441064C7641} => C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto San Andreas\gta_sa.exe
Task: {5329A8FF-44A3-40AD-B304-60999B1A7855} - System32\Tasks\{183F217A-26EC-43F0-B8DD-54A55A105FC5} => C:\Users\Chris\Documents\Studium\4. Semester\Mikrocomputer\HC11-IDE\wookie182upx.exe [2006-07-19] (Milwaukee School of Engineering: Kalle Anderson, Jason Buttron, Paul Clarke, Mathew Enwald, Blake Adams, Jake Buysse, Brian Farmer, Dainen Bugh, Ian Kasprzak, University of Wisconsin - Milwaukee: Craig Irving)
Task: {5F5B5D21-2CB5-454E-BB3F-BF717FE9B9A1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {75E5D67F-41EF-48EC-A0F9-527ABFC5585C} - System32\Tasks\HPCeeScheduleForChris => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {81E8A5E5-A750-4D34-AD6A-85A1F55B3ACC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {9E204386-0021-4230-8BF1-ED6CF0C298AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {D6F982B9-31C3-4548-A247-3EFE7C0C93F3} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-09-27] ()
Task: {E553AEB1-4CC4-423E-9E13-F481C32732D0} - System32\Tasks\{46F2A24F-DD55-4126-A556-8BC0E3A32E2B} => C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto San Andreas\gta_sa.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCHRIS-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForChris.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job => C:\Program Files\MATLAB\R2011b\bin\win64\MATLABStartupAccelerator.exe
Task: C:\Windows\Tasks\schedule!1818212897.job => C:\ProgramData\BetterSoft\EasyLife Updater\EasyLife Updater.exe

==================== Loaded Modules (whitelisted) =============

2011-11-29 18:01 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2014-11-07 11:19 - 2013-07-14 17:33 - 00486912 _____ () C:\Users\Chris\Downloads\openhardwaremonitor-v0.6.0-beta\OpenHardwareMonitor\OpenHardwareMonitor.exe
2014-11-07 11:19 - 2012-05-27 18:05 - 00149504 _____ () C:\Users\Chris\Downloads\openhardwaremonitor-v0.6.0-beta\OpenHardwareMonitor\Aga.Controls.dll
2014-11-07 11:19 - 2013-07-14 17:33 - 00259584 _____ () C:\Users\Chris\Downloads\openhardwaremonitor-v0.6.0-beta\OpenHardwareMonitor\OpenHardwareMonitorLib.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Chris\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Chris\AppData\Roaming:NT

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: DAUpdaterSvc => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: DataMgr => "C:\Users\Chris\AppData\Roaming\DataMgr\DataMgr.exe"
MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MSCONFIG\startupreg: Intermediate => "C:\Users\Chris\AppData\Roaming\Intermediate\Intermediate.exe"
MSCONFIG\startupreg: Magic Desktop for HP notification => "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: SCheck => "C:\Users\Chris\AppData\Roaming\SCheck\SCheck.exe" check 
MSCONFIG\startupreg: Sixth => "C:\Users\Chris\AppData\Roaming\Sixth\Sixth.exe"
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: Snoozer => "C:\Users\Chris\AppData\Roaming\Snz\Snz.exe"
MSCONFIG\startupreg: SSync => "C:\Users\Chris\AppData\Roaming\SSync\SSync.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1267327803-2283943938-1836921389-500 - Administrator - Disabled)
Chris (S-1-5-21-1267327803-2283943938-1836921389-1000 - Administrator - Enabled) => C:\Users\Chris
Gast (S-1-5-21-1267327803-2283943938-1836921389-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1267327803-2283943938-1836921389-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/04/2014 06:52:44 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Geplanter Prüfpunkt). Zusätzliche Informationen: 0x80070005.

Error: (11/03/2014 03:10:17 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: MS_SNMP_ENCAPSULATED_EVENT_PROVIDERselect * from SnmpNotificationSnmpNotification//./root/snmp/localhost

Error: (11/03/2014 03:10:17 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: select * from SnmpNotificationSnmpNotification//./root/snmp/localhost

Error: (11/03/2014 03:10:17 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: MS_SNMP_REFERENT_EVENT_PROVIDERselect * from SnmpExtendedNotificationSnmpExtendedNotification//./root/snmp/localhost

Error: (11/03/2014 03:10:17 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: select * from SnmpExtendedNotificationSnmpExtendedNotification//./root/snmp/localhost

Error: (11/03/2014 03:09:46 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\servicing\TrustedInstaller.exe; Beschreibung = Windows Modules Installer; Fehler = 0x8007043c).

Error: (11/02/2014 05:14:35 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (11/02/2014 02:37:50 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (10/31/2014 06:35:03 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (10/28/2014 06:41:20 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.


System errors:
=============
Error: (11/07/2014 11:28:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.

Error: (11/07/2014 09:42:39 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

Error: (11/07/2014 09:41:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Software Protection" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/07/2014 09:41:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Software Protection erreicht.

Error: (11/07/2014 09:40:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Intel(R) Management and Security Application Local Management Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/07/2014 09:40:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Management and Security Application Local Management Service erreicht.

Error: (11/07/2014 09:39:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HP Support Assistant Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/07/2014 09:39:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HP Support Assistant Service erreicht.

Error: (11/07/2014 09:38:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.

Error: (11/07/2014 09:37:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.


Microsoft Office Sessions:
=========================
Error: (11/04/2014 06:52:44 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Geplanter Prüfpunkt0x80070005

Error: (11/03/2014 03:10:17 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: MS_SNMP_ENCAPSULATED_EVENT_PROVIDERselect * from SnmpNotificationSnmpNotification//./root/snmp/localhost

Error: (11/03/2014 03:10:17 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: select * from SnmpNotificationSnmpNotification//./root/snmp/localhost

Error: (11/03/2014 03:10:17 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: MS_SNMP_REFERENT_EVENT_PROVIDERselect * from SnmpExtendedNotificationSnmpExtendedNotification//./root/snmp/localhost

Error: (11/03/2014 03:10:17 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: select * from SnmpExtendedNotificationSnmpExtendedNotification//./root/snmp/localhost

Error: (11/03/2014 03:09:46 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x8007043c

Error: (11/02/2014 05:14:35 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (11/02/2014 02:37:50 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (10/31/2014 06:35:03 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (10/28/2014 06:41:20 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3


CodeIntegrity Errors:
===================================
  Date: 2013-10-21 13:14:26.805
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-21 00:15:18.419
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-20 20:49:30.926
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-20 18:10:32.096
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-20 17:38:27.191
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-20 17:22:21.487
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-20 13:44:16.173
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-20 12:43:48.323
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-19 23:08:16.893
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-19 20:59:42.371
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 26%
Total physical RAM: 8174.53 MB
Available physical RAM: 5969.72 MB
Total Pagefile: 16347.24 MB
Available Pagefile: 13826.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1848.9 GB) (Free:1221.24 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:14.02 GB) (Free:1.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:02 on 07/11/2014 (Chris)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-07 13:54:05
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1  rev. 0,00MB
Running: Gmer-19357.exe; Driver: C:\Users\Chris\AppData\Local\Temp\fgtiqpod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 536                                                                                     fffff800031b2008 11 bytes [48, 89, 5C, 24, 08, 48, 89, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 548                                                                                     fffff800031b2014 34 bytes [83, EC, 30, 41, 8B, D8, 4C, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    00000000779d1465 2 bytes [9D, 77]
.text     C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000779d14bb 2 bytes [9D, 77]
.text     ...                                                                                                                                                    * 2
.text     c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                               00000000779d1465 2 bytes [9D, 77]
.text     c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              00000000779d14bb 2 bytes [9D, 77]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe[2552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         00000000779d1465 2 bytes [9D, 77]
.text     C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe[2552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000779d14bb 2 bytes [9D, 77]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000779d1465 2 bytes [9D, 77]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000779d14bb 2 bytes [9D, 77]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         00000000779d1465 2 bytes [9D, 77]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000779d14bb 2 bytes [9D, 77]
.text     ...                                                                                                                                                    * 2

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                                                  unknown MBR code
Disk      \Device\Harddisk0\DR0                                                                                                                                  sector 0: rootkit-like behavior

---- EOF - GMER 2.1 ----
         

Geändert von chris224 (07.11.2014 um 14:15 Uhr) Grund: Rechtschreibung

Alt 07.11.2014, 14:25   #2
M-K-D-B
/// TB-Ausbilder
 
Windows 7: Bootzeit von 10 Minuten - Standard

Windows 7: Bootzeit von 10 Minuten






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!




TDSS-Killer bitte ausführen:





Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________


Alt 07.11.2014, 14:44   #3
chris224
 
Windows 7: Bootzeit von 10 Minuten - Standard

Windows 7: Bootzeit von 10 Minuten



Hallo,

Vielen dank für deine Hilfe.

Habe den TDSS-Killer ausgeführt und er hat nichts gefunden.

Ich habe auch einmal CrystalDiskInfo ausgeführt und der schrieb was mit Warnung, dazu ein Bild im Anhang.

TDSS:
Code:
ATTFilter
14:29:09.0026 0x0ba0  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
14:29:17.0279 0x0ba0  ============================================================
14:29:17.0279 0x0ba0  Current date / time: 2014/11/07 14:29:17.0279
14:29:17.0279 0x0ba0  SystemInfo:
14:29:17.0279 0x0ba0  
14:29:17.0279 0x0ba0  OS Version: 6.1.7601 ServicePack: 1.0
14:29:17.0279 0x0ba0  Product type: Workstation
14:29:17.0279 0x0ba0  ComputerName: CHRIS-HP
14:29:17.0279 0x0ba0  UserName: Chris
14:29:17.0279 0x0ba0  Windows directory: C:\Windows
14:29:17.0279 0x0ba0  System windows directory: C:\Windows
14:29:17.0279 0x0ba0  Running under WOW64
14:29:17.0279 0x0ba0  Processor architecture: Intel x64
14:29:17.0279 0x0ba0  Number of processors: 8
14:29:17.0279 0x0ba0  Page size: 0x1000
14:29:17.0279 0x0ba0  Boot type: Normal boot
14:29:17.0279 0x0ba0  ============================================================
14:29:17.0513 0x0ba0  KLMD registered as C:\Windows\system32\drivers\60712921.sys
14:29:18.0402 0x0ba0  System UUID: {6462DDA1-425A-352F-7E9B-9C34A0823FE5}
14:29:18.0839 0x0ba0  Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:29:18.0854 0x0ba0  ============================================================
14:29:18.0854 0x0ba0  \Device\Harddisk0\DR0:
14:29:18.0854 0x0ba0  MBR partitions:
14:29:18.0854 0x0ba0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:29:18.0854 0x0ba0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE71CC000
14:29:18.0854 0x0ba0  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE71FE800, BlocksNum 0x1C09800
14:29:18.0854 0x0ba0  ============================================================
14:29:18.0870 0x0ba0  C: <-> \Device\Harddisk0\DR0\Partition2
14:29:18.0917 0x0ba0  D: <-> \Device\Harddisk0\DR0\Partition3
14:29:18.0917 0x0ba0  ============================================================
14:29:18.0917 0x0ba0  Initialize success
14:29:18.0917 0x0ba0  ============================================================
14:29:41.0459 0x0f58  ============================================================
14:29:41.0459 0x0f58  Scan started
14:29:41.0459 0x0f58  Mode: Manual; 
14:29:41.0459 0x0f58  ============================================================
14:29:41.0459 0x0f58  KSN ping started
14:29:55.0218 0x0f58  KSN ping finished: true
14:29:55.0842 0x0f58  ================ Scan system memory ========================
14:29:55.0842 0x0f58  System memory - ok
14:29:55.0842 0x0f58  ================ Scan services =============================
14:29:55.0982 0x0f58  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:29:55.0998 0x0f58  1394ohci - ok
14:29:56.0045 0x0f58  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:29:56.0045 0x0f58  ACPI - ok
14:29:56.0076 0x0f58  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:29:56.0076 0x0f58  AcpiPmi - ok
14:29:56.0170 0x0f58  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:29:56.0185 0x0f58  AdobeARMservice - ok
14:29:56.0310 0x0f58  [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:29:56.0310 0x0f58  AdobeFlashPlayerUpdateSvc - ok
14:29:56.0404 0x0f58  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
14:29:56.0435 0x0f58  adp94xx - ok
14:29:56.0466 0x0f58  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
14:29:56.0482 0x0f58  adpahci - ok
14:29:56.0497 0x0f58  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
14:29:56.0497 0x0f58  adpu320 - ok
14:29:56.0513 0x0f58  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:29:56.0528 0x0f58  AeLookupSvc - ok
14:29:56.0591 0x0f58  [ A6FB9DB8F1A86861D955FD6975977AE0, 788C6EE50719227D7A9B7F08C8D5E1289FCD0E8AC23A1021A5093D2E8368F696 ] AESTFilters     C:\Program Files\IDT\WDM\AESTSr64.exe
14:29:56.0591 0x0f58  AESTFilters - ok
14:29:56.0653 0x0f58  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
14:29:56.0669 0x0f58  AFD - ok
14:29:56.0700 0x0f58  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
14:29:56.0716 0x0f58  agp440 - ok
14:29:56.0731 0x0f58  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
14:29:56.0731 0x0f58  ALG - ok
14:29:56.0778 0x0f58  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:29:56.0778 0x0f58  aliide - ok
14:29:56.0825 0x0f58  [ F17B1902DFCED1C24DB57492A7896FF8, 966AB1A072A8AF98D7EDD2A388D919B50FC41A06E1C51B04B2C2F54F1BA7F0D5 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:29:56.0840 0x0f58  AMD External Events Utility - ok
14:29:56.0872 0x0f58  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
14:29:56.0872 0x0f58  amdide - ok
14:29:56.0903 0x0f58  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
14:29:56.0903 0x0f58  AmdK8 - ok
14:29:57.0340 0x0f58  [ 81FCDBBA547919D59DC134ED717658B4, 9A95C4400CAE00F25EE10BAE8949CF7317954742EB6F0831AAAEA4A2C220E56B ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
14:29:57.0558 0x0f58  amdkmdag - ok
14:29:57.0652 0x0f58  [ AF6B384E03D15471EDCEDDDEBAA363B2, 2D8CFA26D69A8FF0FAC6EBA2E5A62977B21ECBA0C65458072FEC4A886B3EDD73 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
14:29:57.0667 0x0f58  amdkmdap - ok
14:29:57.0714 0x0f58  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:29:57.0714 0x0f58  AmdPPM - ok
14:29:57.0745 0x0f58  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:29:57.0745 0x0f58  amdsata - ok
14:29:57.0745 0x0f58  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
14:29:57.0761 0x0f58  amdsbs - ok
14:29:57.0776 0x0f58  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:29:57.0776 0x0f58  amdxata - ok
14:29:57.0932 0x0f58  [ FCFCD84A3F84375CF2EADA10650C3289, A5AC6E167C60451B2EC9561FA83C9DA5ADDF4152E1AD01A38C80D00B3118EE9A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:29:57.0948 0x0f58  AntiVirSchedulerService - ok
14:29:57.0979 0x0f58  [ FCFCD84A3F84375CF2EADA10650C3289, A5AC6E167C60451B2EC9561FA83C9DA5ADDF4152E1AD01A38C80D00B3118EE9A ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:29:57.0995 0x0f58  AntiVirService - ok
14:29:58.0026 0x0f58  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
14:29:58.0026 0x0f58  AppID - ok
14:29:58.0042 0x0f58  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:29:58.0057 0x0f58  AppIDSvc - ok
14:29:58.0104 0x0f58  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
14:29:58.0104 0x0f58  Appinfo - ok
14:29:58.0135 0x0f58  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
14:29:58.0151 0x0f58  arc - ok
14:29:58.0151 0x0f58  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
14:29:58.0166 0x0f58  arcsas - ok
14:29:58.0291 0x0f58  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:29:58.0291 0x0f58  aspnet_state - ok
14:29:58.0307 0x0f58  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:29:58.0322 0x0f58  AsyncMac - ok
14:29:58.0369 0x0f58  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:29:58.0369 0x0f58  atapi - ok
14:29:58.0463 0x0f58  [ 33497249626E7787AA5CEA99B226CCA6, EF6213B79F83334CD95E4A58A4FE64190AA3FEFF590E41C4BF302FC4A8F6D6D6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
14:29:58.0478 0x0f58  AtiHDAudioService - ok
14:29:58.0572 0x0f58  [ FC0E8778C000291CAF60EB88C011E931, 09BCCA3DE01021AEF76DFB46F01D21BA6FF409E816FA7547E5C3DFBF3A615ED2 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
14:29:58.0588 0x0f58  atksgt - ok
14:29:58.0619 0x0f58  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:29:58.0634 0x0f58  AudioEndpointBuilder - ok
14:29:58.0650 0x0f58  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:29:58.0666 0x0f58  AudioSrv - ok
14:29:58.0744 0x0f58  [ 1B87A1F2FA5B91AC1A7D171B8D952441, 4CB21F6567021DAE6B2E35B9BA84D015580E2DDFEBEB1AA9637BD93F42883DD2 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
14:29:58.0744 0x0f58  avgntflt - ok
14:29:58.0790 0x0f58  [ AF61774060F277FE45CBD3A9A8E7D45A, 2F96DC9735BAF017603D72A258BF7A772BF8C4AFECB5AA0CAD8F8E3CCAA0F2B5 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
14:29:58.0806 0x0f58  avipbb - ok
14:29:58.0962 0x0f58  [ 67955F48704C0551254E55025077DD55, 7276CDC98B5A7819733A1394AA0028C803F487CDE7710B3B716DB83EA15F6AE3 ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
14:29:58.0978 0x0f58  Avira.OE.ServiceHost - ok
14:29:59.0071 0x0f58  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
14:29:59.0071 0x0f58  avkmgr - ok
14:29:59.0134 0x0f58  [ C6F4C466B654C1BE98AF31418BB5AC30, 62AA4456F8E22A6E508EB44DE4309615057117AAF923C13BBED15AA39630E76B ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
14:29:59.0149 0x0f58  AVM WLAN Connection Service - ok
14:29:59.0227 0x0f58  [ 1DC2F715792CF33428AD7993ACBD224D, 129FBD517E016914CD61C35894C0B9B2074E680F1EB21201597E5C13CAF4529F ] avmeject        C:\Windows\system32\drivers\avmeject.sys
14:29:59.0227 0x0f58  avmeject - ok
14:29:59.0274 0x0f58  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:29:59.0274 0x0f58  AxInstSV - ok
14:29:59.0336 0x0f58  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
14:29:59.0352 0x0f58  b06bdrv - ok
14:29:59.0383 0x0f58  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:29:59.0399 0x0f58  b57nd60a - ok
14:29:59.0446 0x0f58  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:29:59.0461 0x0f58  BDESVC - ok
14:29:59.0477 0x0f58  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:29:59.0477 0x0f58  Beep - ok
14:29:59.0539 0x0f58  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
14:29:59.0555 0x0f58  BFE - ok
14:29:59.0586 0x0f58  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
14:29:59.0602 0x0f58  BITS - ok
14:29:59.0633 0x0f58  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:29:59.0633 0x0f58  blbdrive - ok
14:29:59.0648 0x0f58  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:29:59.0664 0x0f58  bowser - ok
14:29:59.0680 0x0f58  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:29:59.0695 0x0f58  BrFiltLo - ok
14:29:59.0695 0x0f58  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:29:59.0695 0x0f58  BrFiltUp - ok
14:29:59.0742 0x0f58  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
14:29:59.0742 0x0f58  Browser - ok
14:29:59.0758 0x0f58  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:29:59.0773 0x0f58  Brserid - ok
14:29:59.0773 0x0f58  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:29:59.0789 0x0f58  BrSerWdm - ok
14:29:59.0789 0x0f58  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:29:59.0789 0x0f58  BrUsbMdm - ok
14:29:59.0789 0x0f58  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:29:59.0804 0x0f58  BrUsbSer - ok
14:29:59.0804 0x0f58  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
14:29:59.0804 0x0f58  BTHMODEM - ok
14:29:59.0836 0x0f58  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
14:29:59.0851 0x0f58  bthserv - ok
14:29:59.0867 0x0f58  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:29:59.0882 0x0f58  cdfs - ok
14:29:59.0929 0x0f58  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:29:59.0945 0x0f58  cdrom - ok
14:29:59.0976 0x0f58  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:29:59.0992 0x0f58  CertPropSvc - ok
14:30:00.0007 0x0f58  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
14:30:00.0023 0x0f58  circlass - ok
14:30:00.0054 0x0f58  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
14:30:00.0070 0x0f58  CLFS - ok
14:30:00.0148 0x0f58  [ DEDE5EC7DC09D840D5D74E06FF4DE127, 3F292B370A5D539C381712679D0A08D649C9952E0B7892CF708ADD52815E2467 ] CLKMSVC10_C6F09094 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe
14:30:00.0226 0x0f58  CLKMSVC10_C6F09094 - ok
14:30:00.0288 0x0f58  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:30:00.0288 0x0f58  clr_optimization_v2.0.50727_32 - ok
14:30:00.0350 0x0f58  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:30:00.0350 0x0f58  clr_optimization_v2.0.50727_64 - ok
14:30:00.0444 0x0f58  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:30:00.0460 0x0f58  clr_optimization_v4.0.30319_32 - ok
14:30:00.0475 0x0f58  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:30:00.0491 0x0f58  clr_optimization_v4.0.30319_64 - ok
14:30:00.0538 0x0f58  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:30:00.0538 0x0f58  CmBatt - ok
14:30:00.0553 0x0f58  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:30:00.0569 0x0f58  cmdide - ok
14:30:00.0631 0x0f58  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
14:30:00.0647 0x0f58  CNG - ok
14:30:00.0662 0x0f58  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:30:00.0662 0x0f58  Compbatt - ok
14:30:00.0694 0x0f58  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:30:00.0694 0x0f58  CompositeBus - ok
14:30:00.0709 0x0f58  COMSysApp - ok
14:30:00.0709 0x0f58  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
14:30:00.0709 0x0f58  crcdisk - ok
14:30:00.0756 0x0f58  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:30:00.0772 0x0f58  CryptSvc - ok
14:30:00.0865 0x0f58  [ 61A86809B62769643892BC0812B204AA, 92FAC8176BE88D63C1DB1FF127F1BACD7D735A36DA42ABDE448D34B8D66F2BB9 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
14:30:00.0881 0x0f58  cvhsvc - ok
14:30:01.0115 0x0f58  [ 914A7156B0C0F10BE645A02E13F576B2, C8686CE4DD9C457D56D5535307FD210AE057BFF94AC59665681DA6CF46DBE2E8 ] DAUpdaterSvc    C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
14:30:01.0130 0x0f58  DAUpdaterSvc - ok
14:30:01.0177 0x0f58  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:30:01.0193 0x0f58  DcomLaunch - ok
14:30:01.0224 0x0f58  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
14:30:01.0224 0x0f58  defragsvc - ok
14:30:01.0255 0x0f58  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:30:01.0255 0x0f58  DfsC - ok
14:30:01.0286 0x0f58  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:30:01.0302 0x0f58  Dhcp - ok
14:30:01.0318 0x0f58  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
14:30:01.0318 0x0f58  discache - ok
14:30:01.0349 0x0f58  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
14:30:01.0364 0x0f58  Disk - ok
14:30:01.0427 0x0f58  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:30:01.0442 0x0f58  Dnscache - ok
14:30:01.0474 0x0f58  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:30:01.0489 0x0f58  dot3svc - ok
14:30:01.0520 0x0f58  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
14:30:01.0520 0x0f58  DPS - ok
14:30:01.0567 0x0f58  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:30:01.0567 0x0f58  drmkaud - ok
14:30:01.0645 0x0f58  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:30:01.0661 0x0f58  DXGKrnl - ok
14:30:01.0708 0x0f58  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
14:30:01.0708 0x0f58  EapHost - ok
14:30:01.0817 0x0f58  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
14:30:01.0864 0x0f58  ebdrv - ok
14:30:01.0910 0x0f58  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
14:30:01.0910 0x0f58  EFS - ok
14:30:02.0004 0x0f58  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:30:02.0020 0x0f58  ehRecvr - ok
14:30:02.0051 0x0f58  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
14:30:02.0066 0x0f58  ehSched - ok
14:30:02.0113 0x0f58  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
14:30:02.0129 0x0f58  elxstor - ok
14:30:02.0129 0x0f58  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:30:02.0144 0x0f58  ErrDev - ok
14:30:02.0191 0x0f58  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
14:30:02.0207 0x0f58  EventSystem - ok
14:30:02.0222 0x0f58  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
14:30:02.0222 0x0f58  exfat - ok
14:30:02.0238 0x0f58  ezSharedSvc - ok
14:30:02.0285 0x0f58  FairplayKD - ok
14:30:02.0316 0x0f58  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:30:02.0332 0x0f58  fastfat - ok
14:30:02.0378 0x0f58  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
14:30:02.0394 0x0f58  Fax - ok
14:30:02.0410 0x0f58  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:30:02.0410 0x0f58  fdc - ok
14:30:02.0425 0x0f58  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
14:30:02.0425 0x0f58  fdPHost - ok
14:30:02.0441 0x0f58  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:30:02.0441 0x0f58  FDResPub - ok
14:30:02.0456 0x0f58  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:30:02.0456 0x0f58  FileInfo - ok
14:30:02.0472 0x0f58  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:30:02.0472 0x0f58  Filetrace - ok
14:30:02.0472 0x0f58  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:30:02.0488 0x0f58  flpydisk - ok
14:30:02.0488 0x0f58  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:30:02.0503 0x0f58  FltMgr - ok
14:30:02.0597 0x0f58  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
14:30:02.0612 0x0f58  FontCache - ok
14:30:02.0644 0x0f58  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:30:02.0659 0x0f58  FontCache3.0.0.0 - ok
14:30:02.0675 0x0f58  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:30:02.0675 0x0f58  FsDepends - ok
14:30:02.0722 0x0f58  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:30:02.0722 0x0f58  Fs_Rec - ok
14:30:02.0768 0x0f58  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:30:02.0784 0x0f58  fvevol - ok
14:30:02.0878 0x0f58  [ 4632BB93B668004965246D7911E2DD05, B4CCFFC488C94A0D82A6CC11A9BA2616B339217164719EABA3CF59913EA899FB ] fwlanusb4       C:\Windows\system32\DRIVERS\fwlanusb4.sys
14:30:02.0909 0x0f58  fwlanusb4 - ok
14:30:02.0971 0x0f58  [ 15585492E45E2F30768B2D5B57929D99, C5E6A943C78AAFE10FD9C913324083DD4B3D2F1D998A38C8B69FDEAF22246527 ] fwlanusbn       C:\Windows\system32\DRIVERS\fwlanusbn.sys
14:30:02.0987 0x0f58  fwlanusbn - ok
14:30:03.0002 0x0f58  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
14:30:03.0018 0x0f58  gagp30kx - ok
14:30:03.0049 0x0f58  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
14:30:03.0065 0x0f58  GamesAppService - ok
14:30:03.0112 0x0f58  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:30:03.0127 0x0f58  gpsvc - ok
14:30:03.0190 0x0f58  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
14:30:03.0190 0x0f58  hamachi - ok
14:30:03.0236 0x0f58  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:30:03.0236 0x0f58  hcw85cir - ok
14:30:03.0283 0x0f58  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:30:03.0299 0x0f58  HdAudAddService - ok
14:30:03.0361 0x0f58  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:30:03.0361 0x0f58  HDAudBus - ok
14:30:03.0377 0x0f58  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
14:30:03.0377 0x0f58  HidBatt - ok
14:30:03.0392 0x0f58  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
14:30:03.0392 0x0f58  HidBth - ok
14:30:03.0408 0x0f58  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
14:30:03.0424 0x0f58  HidIr - ok
14:30:03.0439 0x0f58  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
14:30:03.0455 0x0f58  hidserv - ok
14:30:03.0486 0x0f58  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:30:03.0486 0x0f58  HidUsb - ok
14:30:03.0517 0x0f58  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:30:03.0533 0x0f58  hkmsvc - ok
14:30:03.0548 0x0f58  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:30:03.0580 0x0f58  HomeGroupListener - ok
14:30:03.0595 0x0f58  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:30:03.0611 0x0f58  HomeGroupProvider - ok
14:30:03.0689 0x0f58  [ 2A8B93A01621E100A578E83C768AFA2C, 6637D260AF180D1F200D219796FCE6D524FC6BF57C0CEEF9E1B3616E85865AD1 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
14:30:03.0704 0x0f58  HP Support Assistant Service - ok
14:30:03.0767 0x0f58  [ 3DC11A802353401332D49C3CBFBBE5FC, E812E8A4ED64FEC346BE6B175CE651CFC553A23F31B0ABC5D50E6995A7F130DF ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
14:30:03.0782 0x0f58  HPClientSvc - ok
14:30:03.0845 0x0f58  [ D2946D9F020AE76E9CEF9B4A6DF838C0, C29CE594879385DA12B8EAA90B258905827B613839CCD820DE49215B68676995 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
14:30:03.0876 0x0f58  hpqwmiex - ok
14:30:03.0907 0x0f58  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:30:03.0923 0x0f58  HpSAMD - ok
14:30:03.0985 0x0f58  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:30:04.0016 0x0f58  HTTP - ok
14:30:04.0016 0x0f58  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:30:04.0032 0x0f58  hwpolicy - ok
14:30:04.0048 0x0f58  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:30:04.0048 0x0f58  i8042prt - ok
14:30:04.0079 0x0f58  [ F7CE9BE72EDAC499B713ECA6DAE5D26F, AF158C8ADF0815C406435AB051C8D8DD0ECBDBA8644CB75D7611980D70662193 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
14:30:04.0094 0x0f58  iaStor - ok
14:30:04.0126 0x0f58  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:30:04.0126 0x0f58  iaStorV - ok
14:30:04.0219 0x0f58  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:30:04.0235 0x0f58  idsvc - ok
14:30:04.0266 0x0f58  IEEtwCollectorService - ok
14:30:04.0297 0x0f58  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
14:30:04.0297 0x0f58  iirsp - ok
14:30:04.0360 0x0f58  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
14:30:04.0375 0x0f58  IKEEXT - ok
14:30:04.0406 0x0f58  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:30:04.0422 0x0f58  intelide - ok
14:30:04.0438 0x0f58  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:30:04.0453 0x0f58  intelppm - ok
14:30:04.0484 0x0f58  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:30:04.0484 0x0f58  IPBusEnum - ok
14:30:04.0516 0x0f58  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:30:04.0516 0x0f58  IpFilterDriver - ok
14:30:04.0578 0x0f58  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:30:04.0609 0x0f58  iphlpsvc - ok
14:30:04.0625 0x0f58  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:30:04.0640 0x0f58  IPMIDRV - ok
14:30:04.0656 0x0f58  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:30:04.0672 0x0f58  IPNAT - ok
14:30:04.0687 0x0f58  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:30:04.0703 0x0f58  IRENUM - ok
14:30:04.0734 0x0f58  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:30:04.0734 0x0f58  isapnp - ok
14:30:04.0781 0x0f58  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:30:04.0796 0x0f58  iScsiPrt - ok
14:30:04.0812 0x0f58  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:30:04.0812 0x0f58  kbdclass - ok
14:30:04.0828 0x0f58  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:30:04.0828 0x0f58  kbdhid - ok
14:30:04.0859 0x0f58  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
14:30:04.0874 0x0f58  KeyIso - ok
14:30:04.0890 0x0f58  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:30:04.0906 0x0f58  KSecDD - ok
14:30:04.0921 0x0f58  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:30:04.0937 0x0f58  KSecPkg - ok
14:30:04.0968 0x0f58  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:30:04.0968 0x0f58  ksthunk - ok
14:30:04.0999 0x0f58  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:30:05.0015 0x0f58  KtmRm - ok
14:30:05.0062 0x0f58  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:30:05.0077 0x0f58  LanmanServer - ok
14:30:05.0093 0x0f58  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:30:05.0108 0x0f58  LanmanWorkstation - ok
14:30:05.0140 0x0f58  [ FA4A45C179AB0E0F1A31B9751D4B18D7, 4356777C2608A65185C9CB8243F071EC9E11BCD152E0C0ACDE25B6BCFD75A7F4 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:30:05.0171 0x0f58  LightScribeService - ok
14:30:05.0264 0x0f58  [ 156AB2E56DC3CA0B582E3362E07CDED7, 7B03929273861690DC42E4C686E655BE5A1C60136AE5E739D7E62306AFD4AB9A ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
14:30:05.0264 0x0f58  lirsgt - ok
14:30:05.0296 0x0f58  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:30:05.0296 0x0f58  lltdio - ok
14:30:05.0311 0x0f58  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:30:05.0342 0x0f58  lltdsvc - ok
14:30:05.0374 0x0f58  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:30:05.0374 0x0f58  lmhosts - ok
14:30:05.0420 0x0f58  [ 926EBA26A8B49D1597751CED06B50862, 886FC610E379BD77146ADDC376D77437D88B593C7F1C3FEE2B93D934A67310F8 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:30:05.0452 0x0f58  LMS - ok
14:30:05.0483 0x0f58  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
14:30:05.0498 0x0f58  LSI_FC - ok
14:30:05.0498 0x0f58  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
14:30:05.0514 0x0f58  LSI_SAS - ok
14:30:05.0530 0x0f58  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:30:05.0530 0x0f58  LSI_SAS2 - ok
14:30:05.0545 0x0f58  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:30:05.0561 0x0f58  LSI_SCSI - ok
14:30:05.0576 0x0f58  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
14:30:05.0576 0x0f58  luafv - ok
14:30:05.0608 0x0f58  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:30:05.0623 0x0f58  Mcx2Svc - ok
14:30:05.0639 0x0f58  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
14:30:05.0639 0x0f58  megasas - ok
14:30:05.0654 0x0f58  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
14:30:05.0670 0x0f58  MegaSR - ok
14:30:05.0701 0x0f58  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
14:30:05.0701 0x0f58  MEIx64 - ok
14:30:05.0717 0x0f58  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
14:30:05.0732 0x0f58  MMCSS - ok
14:30:05.0732 0x0f58  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
14:30:05.0732 0x0f58  Modem - ok
14:30:05.0764 0x0f58  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:30:05.0764 0x0f58  monitor - ok
14:30:05.0795 0x0f58  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:30:05.0795 0x0f58  mouclass - ok
14:30:05.0810 0x0f58  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:30:05.0810 0x0f58  mouhid - ok
14:30:05.0842 0x0f58  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:30:05.0842 0x0f58  mountmgr - ok
14:30:05.0920 0x0f58  [ 28048289E32294004A86935CC40A3252, D397C3BAD6BCDA33FA0982E10677598E8BDF69A0933D19A36873CB45BA4FB819 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:30:05.0935 0x0f58  MozillaMaintenance - ok
14:30:05.0951 0x0f58  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:30:05.0966 0x0f58  mpio - ok
14:30:05.0982 0x0f58  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:30:05.0998 0x0f58  mpsdrv - ok
14:30:06.0029 0x0f58  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:30:06.0060 0x0f58  MpsSvc - ok
14:30:06.0091 0x0f58  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:30:06.0091 0x0f58  MRxDAV - ok
14:30:06.0122 0x0f58  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:30:06.0138 0x0f58  mrxsmb - ok
14:30:06.0169 0x0f58  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:30:06.0185 0x0f58  mrxsmb10 - ok
14:30:06.0185 0x0f58  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:30:06.0200 0x0f58  mrxsmb20 - ok
14:30:06.0232 0x0f58  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:30:06.0232 0x0f58  msahci - ok
14:30:06.0278 0x0f58  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:30:06.0278 0x0f58  msdsm - ok
14:30:06.0294 0x0f58  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
14:30:06.0310 0x0f58  MSDTC - ok
14:30:06.0325 0x0f58  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:30:06.0325 0x0f58  Msfs - ok
14:30:06.0356 0x0f58  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:30:06.0356 0x0f58  mshidkmdf - ok
14:30:06.0372 0x0f58  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:30:06.0372 0x0f58  msisadrv - ok
14:30:06.0403 0x0f58  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:30:06.0419 0x0f58  MSiSCSI - ok
14:30:06.0419 0x0f58  msiserver - ok
14:30:06.0450 0x0f58  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:30:06.0450 0x0f58  MSKSSRV - ok
14:30:06.0450 0x0f58  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:30:06.0466 0x0f58  MSPCLOCK - ok
14:30:06.0466 0x0f58  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:30:06.0466 0x0f58  MSPQM - ok
14:30:06.0481 0x0f58  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:30:06.0497 0x0f58  MsRPC - ok
14:30:06.0512 0x0f58  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:30:06.0512 0x0f58  mssmbios - ok
14:30:06.0528 0x0f58  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:30:06.0528 0x0f58  MSTEE - ok
14:30:06.0528 0x0f58  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
14:30:06.0528 0x0f58  MTConfig - ok
14:30:06.0544 0x0f58  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
14:30:06.0544 0x0f58  Mup - ok
14:30:06.0559 0x0f58  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
14:30:06.0575 0x0f58  napagent - ok
14:30:06.0622 0x0f58  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:30:06.0622 0x0f58  NativeWifiP - ok
14:30:06.0700 0x0f58  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:30:06.0715 0x0f58  NDIS - ok
14:30:06.0731 0x0f58  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:30:06.0731 0x0f58  NdisCap - ok
14:30:06.0746 0x0f58  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:30:06.0762 0x0f58  NdisTapi - ok
14:30:06.0778 0x0f58  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:30:06.0778 0x0f58  Ndisuio - ok
14:30:06.0809 0x0f58  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:30:06.0809 0x0f58  NdisWan - ok
14:30:06.0824 0x0f58  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:30:06.0824 0x0f58  NDProxy - ok
14:30:06.0840 0x0f58  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:30:06.0840 0x0f58  NetBIOS - ok
14:30:06.0871 0x0f58  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:30:06.0887 0x0f58  NetBT - ok
14:30:06.0918 0x0f58  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
14:30:06.0918 0x0f58  Netlogon - ok
14:30:06.0980 0x0f58  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
14:30:06.0996 0x0f58  Netman - ok
14:30:07.0043 0x0f58  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:30:07.0058 0x0f58  NetMsmqActivator - ok
14:30:07.0074 0x0f58  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:30:07.0090 0x0f58  NetPipeActivator - ok
14:30:07.0105 0x0f58  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
14:30:07.0136 0x0f58  netprofm - ok
14:30:07.0230 0x0f58  [ 2EED549279D7FBD10B846B5397573967, 4F7EBB6C1AC58D1EFFA7A86AC799137FC88F5CCA3AC27E563B4EE2AF1EAE4ECC ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
14:30:07.0261 0x0f58  netr28x - ok
14:30:07.0292 0x0f58  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:30:07.0292 0x0f58  NetTcpActivator - ok
14:30:07.0308 0x0f58  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:30:07.0308 0x0f58  NetTcpPortSharing - ok
14:30:07.0339 0x0f58  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
14:30:07.0339 0x0f58  nfrd960 - ok
14:30:07.0370 0x0f58  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:30:07.0370 0x0f58  NlaSvc - ok
14:30:07.0386 0x0f58  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:30:07.0386 0x0f58  Npfs - ok
14:30:07.0417 0x0f58  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
14:30:07.0417 0x0f58  nsi - ok
14:30:07.0433 0x0f58  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:30:07.0433 0x0f58  nsiproxy - ok
14:30:07.0511 0x0f58  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:30:07.0542 0x0f58  Ntfs - ok
14:30:07.0573 0x0f58  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
14:30:07.0573 0x0f58  Null - ok
14:30:07.0573 0x0f58  NVHDA - ok
14:30:07.0589 0x0f58  nvlddmkm - ok
14:30:07.0604 0x0f58  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:30:07.0620 0x0f58  nvraid - ok
14:30:07.0636 0x0f58  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:30:07.0651 0x0f58  nvstor - ok
14:30:07.0682 0x0f58  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:30:07.0682 0x0f58  nv_agp - ok
14:30:07.0698 0x0f58  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:30:07.0714 0x0f58  ohci1394 - ok
14:30:07.0745 0x0f58  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:30:07.0760 0x0f58  ose - ok
14:30:07.0932 0x0f58  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:30:07.0994 0x0f58  osppsvc - ok
14:30:08.0026 0x0f58  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:30:08.0041 0x0f58  p2pimsvc - ok
14:30:08.0057 0x0f58  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
14:30:08.0057 0x0f58  p2psvc - ok
14:30:08.0088 0x0f58  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
14:30:08.0088 0x0f58  Parport - ok
14:30:08.0119 0x0f58  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:30:08.0135 0x0f58  partmgr - ok
14:30:08.0150 0x0f58  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:30:08.0166 0x0f58  PcaSvc - ok
14:30:08.0182 0x0f58  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
14:30:08.0197 0x0f58  pci - ok
14:30:08.0244 0x0f58  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:30:08.0260 0x0f58  pciide - ok
14:30:08.0275 0x0f58  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
14:30:08.0291 0x0f58  pcmcia - ok
14:30:08.0291 0x0f58  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:30:08.0306 0x0f58  pcw - ok
14:30:08.0338 0x0f58  pdfcDispatcher - ok
14:30:08.0353 0x0f58  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:30:08.0384 0x0f58  PEAUTH - ok
14:30:08.0462 0x0f58  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:30:08.0462 0x0f58  PerfHost - ok
14:30:08.0525 0x0f58  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
14:30:08.0540 0x0f58  pla - ok
14:30:08.0587 0x0f58  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:30:08.0587 0x0f58  PlugPlay - ok
14:30:08.0618 0x0f58  PnkBstrA - ok
14:30:08.0634 0x0f58  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:30:08.0634 0x0f58  PNRPAutoReg - ok
14:30:08.0650 0x0f58  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:30:08.0650 0x0f58  PNRPsvc - ok
14:30:08.0681 0x0f58  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:30:08.0696 0x0f58  PolicyAgent - ok
14:30:08.0728 0x0f58  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
14:30:08.0728 0x0f58  Power - ok
14:30:08.0759 0x0f58  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:30:08.0774 0x0f58  PptpMiniport - ok
14:30:08.0790 0x0f58  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
14:30:08.0806 0x0f58  Processor - ok
14:30:08.0852 0x0f58  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:30:08.0852 0x0f58  ProfSvc - ok
14:30:08.0884 0x0f58  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:30:08.0884 0x0f58  ProtectedStorage - ok
14:30:08.0930 0x0f58  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:30:08.0930 0x0f58  Psched - ok
14:30:09.0008 0x0f58  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
14:30:09.0024 0x0f58  ql2300 - ok
14:30:09.0040 0x0f58  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
14:30:09.0040 0x0f58  ql40xx - ok
14:30:09.0071 0x0f58  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
14:30:09.0086 0x0f58  QWAVE - ok
14:30:09.0118 0x0f58  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:30:09.0118 0x0f58  QWAVEdrv - ok
14:30:09.0118 0x0f58  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:30:09.0133 0x0f58  RasAcd - ok
14:30:09.0149 0x0f58  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:30:09.0149 0x0f58  RasAgileVpn - ok
14:30:09.0164 0x0f58  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
14:30:09.0180 0x0f58  RasAuto - ok
14:30:09.0211 0x0f58  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:30:09.0227 0x0f58  Rasl2tp - ok
14:30:09.0242 0x0f58  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
14:30:09.0274 0x0f58  RasMan - ok
14:30:09.0274 0x0f58  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:30:09.0289 0x0f58  RasPppoe - ok
14:30:09.0305 0x0f58  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:30:09.0320 0x0f58  RasSstp - ok
14:30:09.0336 0x0f58  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:30:09.0352 0x0f58  rdbss - ok
14:30:09.0383 0x0f58  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:30:09.0383 0x0f58  rdpbus - ok
14:30:09.0414 0x0f58  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:30:09.0414 0x0f58  RDPCDD - ok
14:30:09.0414 0x0f58  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:30:09.0430 0x0f58  RDPENCDD - ok
14:30:09.0430 0x0f58  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:30:09.0430 0x0f58  RDPREFMP - ok
14:30:09.0508 0x0f58  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:30:09.0508 0x0f58  RdpVideoMiniport - ok
14:30:09.0539 0x0f58  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:30:09.0554 0x0f58  RDPWD - ok
14:30:09.0601 0x0f58  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:30:09.0617 0x0f58  rdyboost - ok
14:30:09.0648 0x0f58  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:30:09.0664 0x0f58  RemoteAccess - ok
14:30:09.0679 0x0f58  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:30:09.0695 0x0f58  RemoteRegistry - ok
14:30:09.0710 0x0f58  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:30:09.0710 0x0f58  RpcEptMapper - ok
14:30:09.0726 0x0f58  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
14:30:09.0726 0x0f58  RpcLocator - ok
14:30:09.0757 0x0f58  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
14:30:09.0773 0x0f58  RpcSs - ok
14:30:09.0788 0x0f58  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:30:09.0804 0x0f58  rspndr - ok
14:30:09.0851 0x0f58  [ AFC12DFA4C7B089673AD67402CA19EDB, 9CA430E8DFAE9B7A245FCD766CB60245418C80CEBCD2E9FACA9DE62E3E60ADDF ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
14:30:09.0866 0x0f58  RTL8167 - ok
14:30:09.0898 0x0f58  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
14:30:09.0898 0x0f58  SamSs - ok
14:30:09.0944 0x0f58  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:30:09.0944 0x0f58  sbp2port - ok
14:30:09.0960 0x0f58  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:30:09.0976 0x0f58  SCardSvr - ok
14:30:09.0991 0x0f58  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:30:10.0007 0x0f58  scfilter - ok
14:30:10.0038 0x0f58  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
14:30:10.0069 0x0f58  Schedule - ok
14:30:10.0085 0x0f58  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:30:10.0085 0x0f58  SCPolicySvc - ok
14:30:10.0100 0x0f58  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:30:10.0116 0x0f58  SDRSVC - ok
14:30:10.0163 0x0f58  [ 331E7BDE228914574FC9AE6CD520DAFA, 15C6364E73328E86E431DA0960DEE794F96A6E83FF82C9CA181E70127E395311 ] SeaPort         C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
14:30:10.0194 0x0f58  SeaPort - ok
14:30:10.0225 0x0f58  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:30:10.0225 0x0f58  secdrv - ok
14:30:10.0241 0x0f58  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
14:30:10.0256 0x0f58  seclogon - ok
14:30:10.0256 0x0f58  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
14:30:10.0272 0x0f58  SENS - ok
14:30:10.0272 0x0f58  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:30:10.0288 0x0f58  SensrSvc - ok
14:30:10.0303 0x0f58  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:30:10.0303 0x0f58  Serenum - ok
14:30:10.0303 0x0f58  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:30:10.0319 0x0f58  Serial - ok
14:30:10.0350 0x0f58  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
14:30:10.0350 0x0f58  sermouse - ok
14:30:10.0381 0x0f58  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
14:30:10.0397 0x0f58  SessionEnv - ok
14:30:10.0397 0x0f58  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:30:10.0412 0x0f58  sffdisk - ok
14:30:10.0428 0x0f58  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:30:10.0428 0x0f58  sffp_mmc - ok
14:30:10.0428 0x0f58  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:30:10.0428 0x0f58  sffp_sd - ok
14:30:10.0428 0x0f58  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
14:30:10.0444 0x0f58  sfloppy - ok
14:30:10.0506 0x0f58  [ D5183ED285D2795491DC15BDDCBEE5AD, 607D208C730485B445EC80EEE5529A8E2BEF44FE2C8558E71A7FB47B0C8C7B56 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
14:30:10.0522 0x0f58  Sftfs - ok
14:30:10.0553 0x0f58  [ BFDB58616FF5EA540A5F58301D50641E, AFBF163938237C7E2578690BE71001016AF7FF61CD84594E7D76CDCBBD1FF4BD ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
14:30:10.0568 0x0f58  sftlist - ok
14:30:10.0584 0x0f58  [ 00F118B68C50D2206DD51634F9142B83, 5C5913ED0E3551DD5FD881830A6F7DBAEB0E9FA3904EE3BB13D8F1DA346EBCE7 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
14:30:10.0600 0x0f58  Sftplay - ok
14:30:10.0600 0x0f58  [ 76A827DF5640BFE16A0CDBB4108ADECA, E7D333A251E0F0DA729DA3CBE6B0F1E5DE2EE585E8B87B5EC78E78E129CA1112 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
14:30:10.0600 0x0f58  Sftredir - ok
14:30:10.0615 0x0f58  [ 1B4C9701645086BAB8CAFFFCE30ED284, B95C995EEB573B5C3D00DBA9D439CACCF3D3C9593E568D2D0F44245E7B09E3F5 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
14:30:10.0615 0x0f58  Sftvol - ok
14:30:10.0631 0x0f58  [ B94C3C4DCA2093243C76CA218EDE2A97, 4D376F825AEEFD8F1BCE48180471C75BDA655B2D8BE6E4205E327D14D797DBF2 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
14:30:10.0646 0x0f58  sftvsa - ok
14:30:10.0693 0x0f58  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:30:10.0709 0x0f58  SharedAccess - ok
14:30:10.0740 0x0f58  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:30:10.0756 0x0f58  ShellHWDetection - ok
14:30:10.0771 0x0f58  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:30:10.0771 0x0f58  SiSRaid2 - ok
14:30:10.0787 0x0f58  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
14:30:10.0787 0x0f58  SiSRaid4 - ok
14:30:10.0787 0x0f58  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:30:10.0787 0x0f58  Smb - ok
14:30:10.0818 0x0f58  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:30:10.0834 0x0f58  SNMPTRAP - ok
14:30:10.0849 0x0f58  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:30:10.0849 0x0f58  spldr - ok
14:30:10.0912 0x0f58  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
14:30:10.0927 0x0f58  Spooler - ok
14:30:11.0036 0x0f58  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
14:30:11.0099 0x0f58  sppsvc - ok
14:30:11.0114 0x0f58  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:30:11.0114 0x0f58  sppuinotify - ok
14:30:11.0146 0x0f58  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:30:11.0161 0x0f58  srv - ok
14:30:11.0192 0x0f58  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:30:11.0208 0x0f58  srv2 - ok
14:30:11.0224 0x0f58  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:30:11.0224 0x0f58  srvnet - ok
14:30:11.0286 0x0f58  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:30:11.0302 0x0f58  SSDPSRV - ok
14:30:11.0317 0x0f58  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:30:11.0317 0x0f58  SstpSvc - ok
14:30:11.0411 0x0f58  [ 605ECCCE95ACF7AF12CBCCDAB55B8DD0, 7B676B58C26D880320434066B93C7B8372421699C0006806D4E8E0E824124281 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
14:30:11.0426 0x0f58  STacSV - ok
14:30:11.0536 0x0f58  [ AFE32AFD30464FC59CB8E88DC72F66FA, 24644F8AA47E61B98EF867BE18A9BE383822D64F3AADF2ED35E42FBFBA7B340F ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
14:30:11.0567 0x0f58  Steam Client Service - ok
14:30:11.0598 0x0f58  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
14:30:11.0598 0x0f58  stexstor - ok
14:30:11.0660 0x0f58  [ 5709F6AEECC9C43AD9D550FB1D882209, CF4681AE1D6B15340F5A0787E0EFB682AA3CFA15D25741364D8455C040A5997B ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
14:30:11.0676 0x0f58  STHDA - ok
14:30:11.0707 0x0f58  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
14:30:11.0723 0x0f58  stisvc - ok
14:30:11.0738 0x0f58  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:30:11.0738 0x0f58  swenum - ok
14:30:11.0770 0x0f58  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
14:30:11.0801 0x0f58  swprv - ok
14:30:11.0848 0x0f58  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
14:30:11.0879 0x0f58  SysMain - ok
14:30:11.0894 0x0f58  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:30:11.0910 0x0f58  TabletInputService - ok
14:30:11.0926 0x0f58  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:30:11.0941 0x0f58  TapiSrv - ok
14:30:11.0957 0x0f58  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
14:30:11.0972 0x0f58  TBS - ok
14:30:12.0050 0x0f58  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:30:12.0082 0x0f58  Tcpip - ok
14:30:12.0144 0x0f58  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:30:12.0160 0x0f58  TCPIP6 - ok
14:30:12.0206 0x0f58  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:30:12.0206 0x0f58  tcpipreg - ok
14:30:12.0222 0x0f58  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:30:12.0222 0x0f58  TDPIPE - ok
14:30:12.0253 0x0f58  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:30:12.0253 0x0f58  TDTCP - ok
14:30:12.0269 0x0f58  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:30:12.0284 0x0f58  tdx - ok
14:30:12.0316 0x0f58  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:30:12.0316 0x0f58  TermDD - ok
14:30:12.0378 0x0f58  [ 4FC4C50985E5B840F4D72E57286887B8, 0BCBB4A938803AE3A3532B6D8FFC85594AA9AEF5D8F9792684841BEA8780AE9E ] TermService     C:\Windows\System32\termsrv.dll
14:30:12.0394 0x0f58  TermService - ok
14:30:12.0425 0x0f58  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
14:30:12.0440 0x0f58  Themes - ok
14:30:12.0456 0x0f58  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
14:30:12.0456 0x0f58  THREADORDER - ok
14:30:12.0472 0x0f58  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
14:30:12.0487 0x0f58  TrkWks - ok
14:30:12.0518 0x0f58  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:30:12.0534 0x0f58  TrustedInstaller - ok
14:30:12.0565 0x0f58  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:30:12.0565 0x0f58  tssecsrv - ok
14:30:12.0628 0x0f58  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:30:12.0628 0x0f58  TsUsbFlt - ok
14:30:12.0674 0x0f58  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:30:12.0690 0x0f58  tunnel - ok
14:30:12.0706 0x0f58  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
14:30:12.0721 0x0f58  uagp35 - ok
14:30:12.0752 0x0f58  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:30:12.0768 0x0f58  udfs - ok
14:30:12.0799 0x0f58  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:30:12.0799 0x0f58  UI0Detect - ok
14:30:12.0815 0x0f58  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:30:12.0830 0x0f58  uliagpkx - ok
14:30:12.0846 0x0f58  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
14:30:12.0846 0x0f58  umbus - ok
14:30:12.0862 0x0f58  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:30:12.0862 0x0f58  UmPass - ok
14:30:12.0986 0x0f58  [ FDF92EC84FECEE834FB10A2A0A19BCDA, F81FCA3BEC10C84335DBAD9D2CDAB98C62252A864F23BDD482F97F86D5FA0B15 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
14:30:13.0033 0x0f58  UNS - ok
14:30:13.0064 0x0f58  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
14:30:13.0080 0x0f58  upnphost - ok
14:30:13.0111 0x0f58  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:30:13.0111 0x0f58  usbccgp - ok
14:30:13.0158 0x0f58  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:30:13.0174 0x0f58  usbcir - ok
14:30:13.0205 0x0f58  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
14:30:13.0205 0x0f58  usbehci - ok
14:30:13.0236 0x0f58  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:30:13.0252 0x0f58  usbhub - ok
14:30:13.0283 0x0f58  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:30:13.0283 0x0f58  usbohci - ok
14:30:13.0298 0x0f58  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:30:13.0314 0x0f58  usbprint - ok
14:30:13.0330 0x0f58  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:30:13.0345 0x0f58  USBSTOR - ok
14:30:13.0361 0x0f58  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:30:13.0361 0x0f58  usbuhci - ok
14:30:13.0392 0x0f58  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
14:30:13.0392 0x0f58  UxSms - ok
14:30:13.0423 0x0f58  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
14:30:13.0423 0x0f58  VaultSvc - ok
14:30:13.0470 0x0f58  [ F0FAF3FB9B138F8CAFB65ECFFE9F4AB6, E0869E4E9271B484209BB44E6E17D99BE6CEA08A983132C0D69FA373202B14D7 ] vcd10bus        C:\Windows\system32\DRIVERS\vcd10bus.sys
14:30:13.0470 0x0f58  vcd10bus - ok
14:30:13.0501 0x0f58  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:30:13.0501 0x0f58  vdrvroot - ok
14:30:13.0548 0x0f58  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
14:30:13.0579 0x0f58  vds - ok
14:30:13.0579 0x0f58  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:30:13.0579 0x0f58  vga - ok
14:30:13.0595 0x0f58  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:30:13.0595 0x0f58  VgaSave - ok
14:30:13.0610 0x0f58  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:30:13.0626 0x0f58  vhdmp - ok
14:30:13.0673 0x0f58  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:30:13.0673 0x0f58  viaide - ok
14:30:13.0704 0x0f58  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:30:13.0704 0x0f58  volmgr - ok
14:30:13.0735 0x0f58  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:30:13.0751 0x0f58  volmgrx - ok
14:30:13.0766 0x0f58  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:30:13.0782 0x0f58  volsnap - ok
14:30:13.0813 0x0f58  [ 2EC986F883C8450FA2C5F22524775E40, C4845543CFEA1BA8ACF89B03B445A85D7BEBAB63FA13B1D9E68F86330025B413 ] Vsdatant        C:\Windows\system32\DRIVERS\vsdatant.sys
14:30:13.0829 0x0f58  Vsdatant - ok
14:30:13.0860 0x0f58  vsmon - ok
14:30:13.0891 0x0f58  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
14:30:13.0891 0x0f58  vsmraid - ok
14:30:13.0954 0x0f58  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
14:30:13.0985 0x0f58  VSS - ok
14:30:14.0000 0x0f58  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:30:14.0000 0x0f58  vwifibus - ok
14:30:14.0016 0x0f58  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:30:14.0032 0x0f58  vwififlt - ok
14:30:14.0063 0x0f58  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
14:30:14.0063 0x0f58  W32Time - ok
14:30:14.0078 0x0f58  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
14:30:14.0078 0x0f58  WacomPen - ok
14:30:14.0110 0x0f58  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:30:14.0125 0x0f58  WANARP - ok
14:30:14.0125 0x0f58  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:30:14.0125 0x0f58  Wanarpv6 - ok
14:30:14.0172 0x0f58  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
14:30:14.0203 0x0f58  wbengine - ok
14:30:14.0219 0x0f58  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:30:14.0219 0x0f58  WbioSrvc - ok
14:30:14.0266 0x0f58  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:30:14.0266 0x0f58  wcncsvc - ok
14:30:14.0312 0x0f58  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:30:14.0328 0x0f58  WcsPlugInService - ok
14:30:14.0344 0x0f58  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
14:30:14.0344 0x0f58  Wd - ok
14:30:14.0406 0x0f58  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:30:14.0422 0x0f58  Wdf01000 - ok
14:30:14.0422 0x0f58  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:30:14.0437 0x0f58  WdiServiceHost - ok
14:30:14.0437 0x0f58  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:30:14.0437 0x0f58  WdiSystemHost - ok
14:30:14.0468 0x0f58  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
14:30:14.0484 0x0f58  WebClient - ok
14:30:14.0500 0x0f58  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:30:14.0515 0x0f58  Wecsvc - ok
14:30:14.0531 0x0f58  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:30:14.0531 0x0f58  wercplsupport - ok
14:30:14.0546 0x0f58  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:30:14.0562 0x0f58  WerSvc - ok
14:30:14.0578 0x0f58  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:30:14.0578 0x0f58  WfpLwf - ok
14:30:14.0593 0x0f58  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:30:14.0593 0x0f58  WIMMount - ok
14:30:14.0609 0x0f58  WinDefend - ok
14:30:14.0624 0x0f58  WinHttpAutoProxySvc - ok
14:30:14.0671 0x0f58  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:30:14.0687 0x0f58  Winmgmt - ok
14:30:14.0765 0x0f58  WinRing0_1_2_0 - ok
14:30:14.0843 0x0f58  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
14:30:14.0874 0x0f58  WinRM - ok
14:30:14.0936 0x0f58  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:30:14.0952 0x0f58  Wlansvc - ok
14:30:15.0077 0x0f58  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:30:15.0108 0x0f58  wlidsvc - ok
14:30:15.0124 0x0f58  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:30:15.0139 0x0f58  WmiAcpi - ok
14:30:15.0155 0x0f58  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:30:15.0170 0x0f58  wmiApSrv - ok
14:30:15.0233 0x0f58  WMPNetworkSvc - ok
14:30:15.0264 0x0f58  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:30:15.0280 0x0f58  WPCSvc - ok
14:30:15.0326 0x0f58  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:30:15.0342 0x0f58  WPDBusEnum - ok
14:30:15.0358 0x0f58  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:30:15.0373 0x0f58  ws2ifsl - ok
14:30:15.0389 0x0f58  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
14:30:15.0404 0x0f58  wscsvc - ok
14:30:15.0404 0x0f58  WSearch - ok
14:30:15.0498 0x0f58  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:30:15.0529 0x0f58  wuauserv - ok
14:30:15.0560 0x0f58  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:30:15.0560 0x0f58  WudfPf - ok
14:30:15.0592 0x0f58  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:30:15.0607 0x0f58  WUDFRd - ok
14:30:15.0654 0x0f58  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:30:15.0654 0x0f58  wudfsvc - ok
14:30:15.0701 0x0f58  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:30:15.0716 0x0f58  WwanSvc - ok
14:30:15.0779 0x0f58  [ EBD35BDCE49B94EB247213610094F399, 15A86FD702BED180CD92A78374C8A2D658A93B46EEC99BBC716CE618782E5A0B ] ZAPrivacyService C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
14:30:15.0779 0x0f58  ZAPrivacyService - ok
14:30:15.0794 0x0f58  ================ Scan global ===============================
14:30:15.0810 0x0f58  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
14:30:15.0872 0x0f58  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
14:30:15.0872 0x0f58  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
14:30:15.0904 0x0f58  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
14:30:15.0919 0x0f58  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
14:30:15.0919 0x0f58  [ Global ] - ok
14:30:15.0919 0x0f58  ================ Scan MBR ==================================
14:30:15.0919 0x0f58  [ 4BDA8485EA5F583B4826F4936C5078B3 ] \Device\Harddisk0\DR0
14:30:16.0216 0x0f58  \Device\Harddisk0\DR0 - ok
14:30:16.0216 0x0f58  ================ Scan VBR ==================================
14:30:16.0216 0x0f58  [ 949D48ADB553C6DBAA87ACD2454A8315 ] \Device\Harddisk0\DR0\Partition1
14:30:16.0278 0x0f58  \Device\Harddisk0\DR0\Partition1 - ok
14:30:16.0278 0x0f58  [ 29CCDAD62CBF9693638AF12215ACFDCD ] \Device\Harddisk0\DR0\Partition2
14:30:16.0325 0x0f58  \Device\Harddisk0\DR0\Partition2 - ok
14:30:16.0340 0x0f58  [ B772AEE5C29FEEB714CA1BF0F3373BF4 ] \Device\Harddisk0\DR0\Partition3
14:30:16.0340 0x0f58  \Device\Harddisk0\DR0\Partition3 - ok
14:30:16.0340 0x0f58  ================ Scan generic autorun ======================
14:30:16.0387 0x0f58  [ 554A50B5310E702029D3A675459108FF, 4757D5FFFAC7E73D4A3D931DB1399DDFDBD5811639BDA4517F886C21CC7F2574 ] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
14:30:16.0387 0x0f58  hpsysdrv - ok
14:30:16.0481 0x0f58  [ AD6C376374C21EC68DF33884613D0A05, 65E0668A2A24B9EF2BDABDE044D240F110AEC8B1EF838AB28084B7F899D2A75E ] C:\Program Files\IDT\WDM\sttray64.exe
14:30:16.0496 0x0f58  SysTrayApp - ok
14:30:16.0621 0x0f58  [ DD79A6B15C2F28DE98DF4852AAF6B13B, 0F7E9023E0BA4B40E2DE9A9FA34E85FEAF72B93049AAB3E1D73AD046BB113E05 ] c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe
14:30:16.0637 0x0f58  NCPluginUpdater - ok
14:30:16.0652 0x0f58  [ 5516C26A6AF8EB4E2CAB48EC98A74398, 2BF161DE944090B3B3792AE8F5985FCB09744B3EE626E8253A3861D86284652D ] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
14:30:16.0684 0x0f58  HP Software Update - ok
14:30:16.0762 0x0f58  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
14:30:16.0855 0x0f58  Sidebar - ok
14:30:16.0886 0x0f58  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
14:30:16.0902 0x0f58  mctadmin - ok
14:30:16.0933 0x0f58  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
14:30:16.0949 0x0f58  Sidebar - ok
14:30:16.0949 0x0f58  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
14:30:16.0949 0x0f58  mctadmin - ok
14:30:17.0058 0x0f58  [ B65BEAFA206DB28A71424CC2DC2D6CA5, E3788E33757DBF3445D1C2E337CBAC976DD30DEA9796F14E9F5B9F84B031D84A ] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
14:30:17.0089 0x0f58  HydraVisionDesktopManager - ok
14:30:17.0089 0x0f58  Waiting for KSN requests completion. In queue: 61
14:30:18.0103 0x0f58  Waiting for KSN requests completion. In queue: 61
14:30:19.0117 0x0f58  Waiting for KSN requests completion. In queue: 61
14:30:20.0162 0x0f58  AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.266 ), 0x40000 ( disabled : updated )
14:30:20.0178 0x0f58  FW detected via SS2: ZoneAlarm Free Firewall Firewall, C:\Program Files (x86)\CheckPoint\ZoneAlarm\\MultiFix.exe ( 11.0.780.0 ), 0x41010 ( enabled )
14:30:22.0643 0x0f58  ============================================================
14:30:22.0643 0x0f58  Scan finished
14:30:22.0643 0x0f58  ============================================================
14:30:22.0643 0x1bac  Detected object count: 0
14:30:22.0643 0x1bac  Actual detected object count: 0
14:30:40.0349 0x0258  Deinitialize success
         
__________________
Miniaturansicht angehängter Grafiken
Windows 7: Bootzeit von 10 Minuten-diskinfo.jpg  

Alt 07.11.2014, 14:47   #4
M-K-D-B
/// TB-Ausbilder
 
Windows 7: Bootzeit von 10 Minuten - Standard

Windows 7: Bootzeit von 10 Minuten



Servus,





Schritt 1
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Nein.
  • Klicke auf Scan
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.





Schritt 2
Downloade dir bitte ListParts auf deinen Desktop.
  • Starte das Tool und klicke auf Scan.
  • Am Ende des Suchlaufs wird eine Textdatei Results.txt geöffnet.
    Diese befindet sich auch auf deinem Desktop.
  • Poste mir bitte den Inhalt der Results.txt.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von aswMBR,
  • die Logdatei von ListParts.

Alt 07.11.2014, 14:57   #5
chris224
 
Windows 7: Bootzeit von 10 Minuten - Standard

Windows 7: Bootzeit von 10 Minuten



Beides ausgeführt und hier die Logs:

Code:
ATTFilter
aswMBR version 1.0.1.2201 Copyright(c) 2014 AVAST Software
Run date: 2014-11-07 14:53:22
-----------------------------
14:53:22.690    OS Version: Windows x64 6.1.7601 Service Pack 1
14:53:22.690    Number of processors: 8 586 0x2A07
14:53:22.690    ComputerName: CHRIS-HP  UserName: Chris
14:53:30.334    Initialize success
14:53:30.412    VM: initialized successfully
14:53:30.412    VM: Intel CPU BiosDisabled 
14:54:00.578    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:54:00.594    Disk 0 Vendor:   Size: 0MB BusType: 0
14:54:00.594    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000078
14:54:00.594    Disk 1 Vendor:   Size: 0MB BusType: 0
14:54:00.594    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000079
14:54:00.610    Disk 2 Vendor:   Size: 0MB BusType: 0
14:54:00.610    Disk 3  \Device\Harddisk3\DR3 -> \Device\0000007a
14:54:00.610    Disk 3 Vendor:   Size: 0MB BusType: 0
14:54:00.610    Disk 4  \Device\Harddisk4\DR4 -> \Device\0000007b
14:54:00.610    Disk 4 Vendor:   Size: 0MB BusType: 0
14:54:01.234    Disk 0 MBR read successfully
14:54:01.234    Disk 0 MBR scan
14:54:01.249    Disk 0 unknown MBR code
14:54:01.249    Disk 0 MBR hidden
14:54:01.249    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
14:54:01.265    Disk 0 default boot code
14:54:01.280    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS      1893272 MB offset 206848
14:54:01.421    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        14355 MB offset 3877627904
14:54:01.951    Disk 0 scanning C:\Windows\system32\drivers
14:54:32.387    Service scanning
14:54:46.723    Modules scanning
14:54:46.723    Disk 0 trace - called modules:
14:54:46.739    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
14:54:46.739    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80095d6790]
14:54:46.739    3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80083d6050]
14:54:46.755    Disk 0 statistics 102066/0/0 @ 1,58 MB/s
14:54:46.755    Scan finished successfully
14:54:58.236    Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
14:54:58.236    The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"
         
Code:
ATTFilter
ListParts by Farbar Version: 31-07-2014
Ran by Chris (administrator) on 07-11-2014 at 14:55:35
Windows 7 (X64)
Running From: C:\Users\Chris\Desktop
Language: Deutsch (Deutschland)
************************************************************

========================= Memory info ====================== 

Percentage of memory in use: 41%
Total physical RAM: 8174.53 MB
Available physical RAM: 4753.62 MB
Total Pagefile: 16347.24 MB
Available Pagefile: 12786.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:1848.9 GB) (Free:1221.02 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:14.02 GB) (Free:1.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]

  Datentr„ger ###  Status         Gr”áe    Frei     Dyn  GPT
  ---------------  -------------  -------  -------  ---  ---
  Datentr„ger 0    Online         1863 GB      0 B         
  Datentr„ger 1    Kein Medium        0 B      0 B         
  Datentr„ger 2    Kein Medium        0 B      0 B         
  Datentr„ger 3    Kein Medium        0 B      0 B         
  Datentr„ger 4    Kein Medium        0 B      0 B         

Partitions of Disk 0:
===============

Datentr„ger-ID: 0DCB5C4C

  Partition ###  Typ               GrӇe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Prim„r             100 MB  1024 KB
  Partition 2    Prim„r            1848 GB   101 MB
  Partition 3    Prim„r              14 GB  1848 GB

======================================================================================================

Disk: 0
Partition 1
Typ      : 07
Versteckt: Nein
Aktiv    : Ja

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1         SYSTEM       NTFS   Partition    100 MB  Fehlerfre  System (partition with boot components)  

======================================================================================================

Disk: 0
Partition 2
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   OS           NTFS   Partition   1848 GB  Fehlerfre  Startpar

======================================================================================================

Disk: 0
Partition 3
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     D   HP_RECOVERY  NTFS   Partition     14 GB  Fehlerfre          

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 0DCB5C4C
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1849 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)


****** End Of Log ******
         


Alt 07.11.2014, 15:06   #6
M-K-D-B
/// TB-Ausbilder
 
Windows 7: Bootzeit von 10 Minuten - Standard

Windows 7: Bootzeit von 10 Minuten



Servus,



ComboFix auf den Desktop downloaden und von dort starten:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


Alt 07.11.2014, 15:28   #7
chris224
 
Windows 7: Bootzeit von 10 Minuten - Standard

Windows 7: Bootzeit von 10 Minuten



Ich habe alles deaktiviert und Combofix ausgeführt, jedoch steht er jetzt schon eine ganze Weile bei "Versuche Systemwiederherstellungspunkt zu erstellen".

Kurz zuvor hat antivir geschrieben, dass ein Zugriff auf die Registry geblockt wurde, sprich obwohl Antivir-Guard deaktiviert (Echtzeitscanner ist deaktiviert ) ist läuft Antivir immer noch?

Wie kann ich es ganz beenden?

Edit: Habe jetzt bei Antivir auch noch in der konfiguration die Registryüberwachung ausgeschalten und Combofix neu gestartet, jetzt kommt kein Hinweis mehr aber es kommt immer noch genausoweit (nach 30 min) ich lass es mal weiter laufen mal schaun ob sich was tut.

Geändert von chris224 (07.11.2014 um 16:16 Uhr) Grund: 2. Versuch

Alt 07.11.2014, 16:43   #8
M-K-D-B
/// TB-Ausbilder
 
Windows 7: Bootzeit von 10 Minuten - Standard

Windows 7: Bootzeit von 10 Minuten



Zitat:
Zitat von chris224 Beitrag anzeigen
Edit: Habe jetzt bei Antivir auch noch in der konfiguration die Registryüberwachung ausgeschalten und Combofix neu gestartet, jetzt kommt kein Hinweis mehr aber es kommt immer noch genausoweit (nach 30 min) ich lass es mal weiter laufen mal schaun ob sich was tut.
ok. Lass mal eine gute Stunde laufen. Absolut nichts anderes am Rechner machen, während ComboFix läuft.

Alt 07.11.2014, 17:09   #9
chris224
 
Windows 7: Bootzeit von 10 Minuten - Standard

Windows 7: Bootzeit von 10 Minuten



Hab es einfach mal laufen lassen, leider ist aber nach einiger Zeit ein Bluescreen aufgetreten.
Ich hab die Minidump mal angehängt.
Und hier noch der Hinweis nach dem Neustart:

Code:
ATTFilter
Problemsignatur:
  Problemereignisname:	BlueScreen
  Betriebsystemversion:	6.1.7601.2.1.0.768.3
  Gebietsschema-ID:	1031

Zusatzinformationen zum Problem:
  BCCode:	9f
  BCP1:	0000000000000004
  BCP2:	0000000000000258
  BCP3:	FFFFFA8006D91730
  BCP4:	FFFFF800045113D0
  OS Version:	6_1_7601
  Service Pack:	1_0
  Product:	768_1
         

Alt 07.11.2014, 17:12   #10
M-K-D-B
/// TB-Ausbilder
 
Windows 7: Bootzeit von 10 Minuten - Standard

Windows 7: Bootzeit von 10 Minuten



Servus,



Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3
Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann.
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    ATTFilter
    iedefaults;
    resetIEproxy;
    resethosts;
    resetWMI;
    FFdefaults;
    CHRdefaults;
    emptyclsid;
             
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit der Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:\ .
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken).





Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von Zoek,
  • die beiden neuen Logdateien von FRST.

Alt 07.11.2014, 18:23   #11
chris224
 
Windows 7: Bootzeit von 10 Minuten - Standard

Windows 7: Bootzeit von 10 Minuten



Hab alles erledigt.

Interessant war, das nach dem Neustart von zoek die txt-Datei im Editor schon nach 2 Minuten angezeigt wurde und der Desktop folgte dann wieder erst nach 10+ Minuten.

Logfiles:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Chris (administrator) on CHRIS-HP on 07-11-2014 18:16:25
Running from C:\Users\Chris\Desktop
Loaded Profile: Chris (Available profiles: Chris)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-08-12] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124720 2014-10-09] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1267327803-2283943938-1836921389-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-12-06] (AMD)
HKU\S-1-5-21-1267327803-2283943938-1836921389-1000\...\MountPoints2: {0faa1ba5-6da6-11e0-9613-806e6f6e6963} - E:\Launch.exe
HKU\S-1-5-21-1267327803-2283943938-1836921389-1000\...\MountPoints2: {f458bf77-1779-11e1-aec3-e0699581c5e0} - J:\pushinst.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - {E6AF0E3D-FBF3-43BD-ADD6-BDE09A3765CF} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=de&q={searchTerms}&gu=f92bf0c371da4280886df0b3fe7d2d9c&tu=10GXy00Ad1B0Ca0&sku=&tstsId=&ver=&&r=632
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-04-23] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\43w4q8la.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchEngine: Google
FF DefaultSearchUrl: hxxp://www.google.com/search?btnG=Google+Search&q=
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ghostery - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\43w4q8la.default\Extensions\firefox@ghostery.com.xpi [2014-01-28]
FF Extension: Adblock Plus - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\43w4q8la.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-11-07]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011-04-23]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2011-04-23]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-04-23]

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [162096 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
S2 CLKMSVC10_C6F09094; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [245232 2010-11-26] (CyberLink)
S4 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2013-12-09] (BioWare)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-12] ()
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-08-12] (Check Point Software Technologies LTD)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-06-16] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-06-16] ()
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [451096 2013-06-13] (Check Point Software Technologies LTD)
U4 bdselfpr; No ImagePath
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\1.3\temp\FairplayKD.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\Chris\Downloads\openhardwaremonitor-v0.6.0-beta\OpenHardwareMonitor\OpenHardwareMonitor.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-07 18:12 - 2014-11-07 18:12 - 00009156 _____ () C:\Users\Chris\Desktop\zoek-results.txt
2014-11-07 17:58 - 2014-11-07 17:58 - 24994162 _____ () C:\Windows\repository.backup
2014-11-07 17:58 - 2014-11-07 17:51 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-11-07 17:56 - 2014-11-07 18:02 - 00009156 _____ () C:\zoek-results.log
2014-11-07 17:51 - 2014-11-07 17:51 - 00001202 _____ () C:\Users\Chris\Desktop\mbam.txt
2014-11-07 17:51 - 2014-11-07 17:51 - 00000000 ____D () C:\zoek_backup
2014-11-07 17:30 - 2014-11-07 17:30 - 00009422 _____ () C:\Users\Chris\Desktop\AdwCleaner[S0].txt
2014-11-07 17:16 - 2014-11-07 17:17 - 00000000 ____D () C:\AdwCleaner
2014-11-07 17:15 - 2014-11-07 17:15 - 01998336 _____ () C:\Users\Chris\Desktop\AdwCleaner_4.002.exe
2014-11-07 17:14 - 2014-11-07 17:14 - 01294848 _____ () C:\Users\Chris\Desktop\zoek.exe
2014-11-07 17:09 - 2014-11-07 17:09 - 00025403 _____ () C:\Users\Chris\Downloads\Minidump.rar
2014-11-07 17:08 - 2014-11-07 16:40 - 00289352 _____ () C:\Users\Chris\Downloads\110714-24445-01.dmp
2014-11-07 15:47 - 2014-11-07 15:47 - 00000000 ___SD () C:\ComboFix
2014-11-07 15:10 - 2014-11-07 15:10 - 00000000 ____D () C:\Windows\erdnt
2014-11-07 15:10 - 2014-11-07 15:10 - 00000000 ____D () C:\Qoobox
2014-11-07 15:10 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-07 15:10 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-07 15:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-07 15:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-07 15:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-07 15:10 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-07 15:10 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-07 15:10 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-07 15:08 - 2014-11-07 15:08 - 05591672 ____R (Swearware) C:\Users\Chris\Desktop\ComboFix.exe
2014-11-07 14:55 - 2014-11-07 14:55 - 00003331 _____ () C:\Users\Chris\Desktop\Result.txt
2014-11-07 14:54 - 2014-11-07 14:54 - 00002282 _____ () C:\Users\Chris\Desktop\aswMBR.txt
2014-11-07 14:54 - 2014-11-07 14:54 - 00000512 _____ () C:\Users\Chris\Desktop\MBR.dat
2014-11-07 14:52 - 2014-11-07 14:52 - 05194752 _____ (AVAST Software) C:\Users\Chris\Desktop\aswMBR.exe
2014-11-07 14:50 - 2014-11-07 14:50 - 00957952 _____ (Farbar) C:\Users\Chris\Desktop\ListParts64.exe
2014-11-07 14:26 - 2014-11-07 14:27 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Chris\Desktop\tdsskiller.exe
2014-11-07 13:58 - 2014-11-07 13:58 - 00005563 _____ () C:\Users\Chris\Desktop\Malwarebytes.txt
2014-11-07 13:56 - 2014-11-07 18:16 - 00017102 _____ () C:\Users\Chris\Desktop\FRST.txt
2014-11-07 13:56 - 2014-11-07 12:04 - 00049113 _____ () C:\Users\Chris\Desktop\Addition.txt
2014-11-07 13:56 - 2014-11-07 12:02 - 00000472 _____ () C:\Users\Chris\Desktop\defogger_disable.log
2014-11-07 13:54 - 2014-11-07 13:54 - 00004027 _____ () C:\Users\Chris\Desktop\Gmer.txt
2014-11-07 12:02 - 2014-11-07 12:02 - 00000472 _____ () C:\Users\Chris\Downloads\defogger_disable.log
2014-11-07 12:02 - 2014-11-07 12:02 - 00000000 _____ () C:\Users\Chris\defogger_reenable
2014-11-07 11:59 - 2014-11-07 12:00 - 00380416 _____ () C:\Users\Chris\Downloads\Gmer-19357.exe
2014-11-07 11:59 - 2014-11-07 11:59 - 00050477 _____ () C:\Users\Chris\Downloads\Defogger.exe
2014-11-07 11:51 - 2014-11-07 12:04 - 00049113 _____ () C:\Users\Chris\Downloads\Addition.txt
2014-11-07 11:50 - 2014-11-07 18:16 - 00000000 ____D () C:\FRST
2014-11-07 11:50 - 2014-11-07 12:04 - 00042017 _____ () C:\Users\Chris\Downloads\FRST.txt
2014-11-07 11:49 - 2014-11-07 11:49 - 02114560 _____ (Farbar) C:\Users\Chris\Desktop\FRST64.exe
2014-11-07 11:19 - 2014-11-07 11:19 - 00526371 _____ () C:\Users\Chris\Downloads\openhardwaremonitor-v0.6.0-beta.zip
2014-11-07 11:19 - 2014-11-07 11:19 - 00000000 ____D () C:\Users\Chris\Downloads\openhardwaremonitor-v0.6.0-beta
2014-11-07 10:07 - 2014-11-07 10:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-05 18:52 - 2014-11-05 18:52 - 00000000 ____D () C:\Users\Chris\Downloads\CrystalDiskInfo6_2_1
2014-11-04 19:19 - 2014-11-07 17:35 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-04 19:18 - 2014-11-04 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-04 19:18 - 2014-11-04 19:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-04 19:18 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-04 19:18 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-04 19:18 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-03 15:10 - 2014-11-03 15:17 - 00100409 _____ () C:\Windows\iis7.log
2014-11-03 15:10 - 2014-11-03 15:17 - 00000000 ____D () C:\inetpub
2014-10-24 15:33 - 2014-10-24 15:33 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-24 15:33 - 2014-10-24 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-21 17:05 - 2014-10-21 17:05 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-16 20:12 - 2014-10-16 20:12 - 00056720 _____ () C:\Windows\SysWOW64\CCCInstall_201410162112037458.log
2014-10-16 20:12 - 2014-10-16 20:12 - 00000000 ____D () C:\ProgramData\ATI
2014-10-16 20:12 - 2014-10-16 20:12 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-10-16 20:11 - 2014-10-16 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-10-16 20:04 - 2014-10-16 20:04 - 00000000 ____D () C:\AMD
2014-10-16 19:41 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 19:41 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 19:41 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 19:41 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 19:41 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 19:41 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 19:41 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 19:41 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 19:41 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 19:41 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 19:41 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 19:41 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 19:41 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 19:41 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 19:41 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 19:41 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 19:41 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 19:41 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 19:41 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 19:41 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 19:41 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 19:41 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 19:41 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 19:41 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 19:41 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 19:41 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 19:41 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 19:41 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 19:41 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 19:41 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 19:41 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 19:41 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 19:41 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 19:41 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 19:41 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 19:41 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 19:41 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 19:41 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 19:41 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 19:41 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 19:41 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 19:41 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 19:41 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 19:41 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 19:41 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 19:41 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 19:41 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 19:41 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 19:41 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 19:41 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 19:41 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 19:41 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 19:41 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 19:41 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 19:41 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 19:41 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 19:40 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 19:40 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-16 19:40 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-16 19:40 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 19:40 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 19:40 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 19:40 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 19:40 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 19:40 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 19:40 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 19:40 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 19:40 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 19:40 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 19:40 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 19:40 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 19:40 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 19:40 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 19:40 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 19:40 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 19:40 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 19:40 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 19:40 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 19:40 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 19:40 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 19:40 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 19:40 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 19:40 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 19:39 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 19:39 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 18:53 - 2014-10-15 18:53 - 00000000 __SHD () C:\Users\Chris\AppData\Local\EmieUserList
2014-10-15 18:53 - 2014-10-15 18:53 - 00000000 __SHD () C:\Users\Chris\AppData\Local\EmieSiteList
2014-10-14 17:54 - 2014-10-14 17:54 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\ATI
2014-10-14 17:54 - 2014-10-14 17:54 - 00000000 ____D () C:\Users\Chris\AppData\Local\ATI
2014-10-14 17:52 - 2014-10-14 17:52 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-10-14 17:49 - 2014-10-16 20:12 - 00000000 ____D () C:\ProgramData\AMD
2014-10-14 17:48 - 2014-10-14 17:48 - 00061389 _____ () C:\Windows\SysWOW64\CCCInstall_201410141848541929.log
2014-10-14 17:47 - 2014-10-14 17:47 - 00000000 ____D () C:\Program Files\AMD
2014-10-14 17:47 - 2013-12-06 22:38 - 01187342 _____ () C:\Windows\system32\amdocl_as64.exe
2014-10-14 17:47 - 2013-12-06 22:38 - 01061902 _____ () C:\Windows\system32\amdocl_ld64.exe
2014-10-14 17:47 - 2013-12-06 22:38 - 00995342 _____ () C:\Windows\SysWOW64\amdocl_as32.exe
2014-10-14 17:47 - 2013-12-06 22:38 - 00798734 _____ () C:\Windows\SysWOW64\amdocl_ld32.exe
2014-10-14 17:46 - 2013-12-06 21:39 - 00204952 _____ () C:\Windows\SysWOW64\ativvsvl.dat
2014-10-14 17:46 - 2013-12-06 21:39 - 00204952 _____ () C:\Windows\system32\ativvsvl.dat
2014-10-14 17:46 - 2013-12-06 21:39 - 00157144 _____ () C:\Windows\SysWOW64\ativvsva.dat
2014-10-14 17:46 - 2013-12-06 21:39 - 00157144 _____ () C:\Windows\system32\ativvsva.dat
2014-10-14 17:46 - 2013-09-30 21:48 - 00047887 _____ () C:\Windows\atiogl.xml
2014-10-14 17:46 - 2011-09-12 23:06 - 00003917 _____ () C:\Windows\SysWOW64\atipblag.dat
2014-10-14 17:46 - 2011-09-12 23:06 - 00003917 _____ () C:\Windows\system32\atipblag.dat
2014-10-14 17:45 - 2014-10-14 17:49 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-10-14 17:45 - 2014-10-14 17:45 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-10-14 17:37 - 2014-10-16 20:11 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-10-14 17:37 - 2014-10-14 17:37 - 00000000 ____D () C:\Program Files\ATI
2014-10-09 16:23 - 2014-10-09 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-10-09 16:23 - 2014-10-09 16:23 - 00000000 ____D () C:\Program Files\CPUID

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-07 18:14 - 2011-04-23 12:27 - 00735652 _____ () C:\Windows\system32\perfh007.dat
2014-11-07 18:14 - 2011-04-23 12:27 - 00165254 _____ () C:\Windows\system32\perfc007.dat
2014-11-07 18:14 - 2009-07-14 06:13 - 01717942 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-07 18:13 - 2011-04-23 11:49 - 01593118 _____ () C:\Windows\WindowsUpdate.log
2014-11-07 18:05 - 2012-04-04 16:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-07 18:02 - 2012-03-20 15:07 - 00000546 _____ () C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job
2014-11-07 18:00 - 2013-02-24 18:50 - 00000440 ____H () C:\Windows\Tasks\schedule!1818212897.job
2014-11-07 18:00 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-07 17:59 - 2013-08-08 09:07 - 00256166 _____ () C:\Windows\PFRO.log
2014-11-07 17:59 - 2013-08-08 09:07 - 00031736 _____ () C:\Windows\setupact.log
2014-11-07 17:17 - 2013-07-03 10:07 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Common
2014-11-07 17:17 - 2011-11-11 17:10 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\CheckPoint
2014-11-07 17:11 - 2009-07-14 05:45 - 00015568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-07 17:11 - 2009-07-14 05:45 - 00015568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-07 16:40 - 2012-04-26 16:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-07 16:40 - 2011-11-22 13:28 - 00000000 ____D () C:\Windows\Minidump
2014-11-07 16:40 - 2011-04-23 13:34 - 00289352 ____N () C:\Windows\Minidump\110714-24445-01.dmp
2014-11-07 12:02 - 2011-07-07 10:28 - 00000000 ____D () C:\Users\Chris
2014-11-07 11:19 - 2013-08-26 11:11 - 00000000 ____D () C:\Users\Chris\Downloads\schrott
2014-11-07 11:09 - 2012-12-07 14:20 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-07 11:09 - 2011-07-08 18:21 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-06 17:27 - 2011-10-26 16:38 - 01691286 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-11-04 19:37 - 2013-12-27 14:11 - 00000000 ____D () C:\ProgramData\Browser Stabilizer
2014-11-04 19:18 - 2012-04-16 21:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-04 18:33 - 2014-05-03 14:51 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-04 18:33 - 2013-04-19 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-04 18:33 - 2011-08-28 15:28 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-04 18:33 - 2009-07-14 08:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-04 18:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-11-04 18:17 - 2012-06-22 20:45 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForChris
2014-11-04 18:17 - 2012-06-22 20:45 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForChris.job
2014-11-03 15:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2014-11-03 15:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-11-01 23:30 - 2011-08-03 12:02 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Skype
2014-10-29 17:14 - 2014-08-06 16:20 - 00001099 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-29 17:14 - 2013-04-19 09:55 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-28 06:34 - 2011-09-06 19:00 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 18:55 - 2011-08-08 11:55 - 00003218 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCHRIS-HP$
2014-10-27 18:55 - 2011-08-08 11:55 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForCHRIS-HP$.job
2014-10-24 15:33 - 2014-06-09 13:59 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-24 15:33 - 2011-08-03 12:01 - 00000000 ____D () C:\ProgramData\Skype
2014-10-23 21:12 - 2011-11-13 17:27 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\SoftGrid Client
2014-10-21 17:06 - 2013-10-19 11:05 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-21 17:05 - 2014-08-10 09:50 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-21 17:05 - 2014-07-20 09:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-21 17:05 - 2014-07-20 09:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-21 17:05 - 2011-07-26 16:52 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-18 13:07 - 2013-12-10 18:41 - 00435122 _____ () C:\Windows\DirectX.log
2014-10-18 11:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 18:28 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-17 08:43 - 2009-07-14 05:45 - 00311552 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 20:34 - 2011-11-22 13:34 - 00007605 _____ () C:\Users\Chris\AppData\Local\Resmon.ResmonCfg
2014-10-16 19:49 - 2011-04-23 11:43 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-10-16 19:45 - 2013-08-21 20:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 19:42 - 2011-07-14 10:31 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-16 19:34 - 2011-07-07 12:37 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-10-16 19:34 - 2011-07-07 12:37 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-10-16 19:15 - 2011-11-01 16:29 - 00000000 ____D () C:\Users\Chris\Documents\OpenTTD
2014-10-16 18:13 - 2011-07-07 15:53 - 00000000 ____D () C:\Users\Chris\Documents\Studium
2014-10-14 17:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2014-10-14 17:36 - 2013-05-02 10:17 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-14 17:36 - 2013-04-19 09:55 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-14 17:36 - 2013-04-19 09:55 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-09 15:57 - 2011-04-23 13:34 - 00338432 ____N () C:\Windows\Minidump\100914-16489-01.dmp

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some content of TEMP:
====================
C:\Users\Chris\AppData\Local\Temp\avgnt.exe
C:\Users\Chris\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Chris\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Chris\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Chris\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Chris\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Chris\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Chris\AppData\Local\Temp\Quarantine.exe
C:\Users\Chris\AppData\Local\Temp\sp64126.exe
C:\Users\Chris\AppData\Local\Temp\sqlite3.dll
C:\Users\Chris\AppData\Local\Temp\UninstallHPSA.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-28 18:39

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by Chris at 2014-11-07 18:17:15
Running from C:\Users\Chris\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

0 A.D. (HKCU\...\0 A.D.) (Version: r11863-alpha - Wildfire Games)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Age of Conan - Hyborian Adventures (HKLM-x32\...\Age of Conan_is1) (Version:  - Funcom)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Age of Empires Online (HKLM-x32\...\GFWL_{4D530FA3-9B89-4186-98B7-F51000000100}) (Version: 1.0.0000.1 - Microsoft Studios)
Age of Empires Online (x32 Version: 1.0.0000.1 - Microsoft Studios) Hidden
Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version:  - )
Age of Wulin (HKLM-x32\...\{A1CD76EB-30CA-45EE-9946-5FC20BA62012}) (Version: 0.0.1.011 - gPotato)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ANNO 1404 - Venedig (HKLM-x32\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.01.5010 - Ubisoft)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.03.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
ANNO 1404 Venedig Entwickler-Tools (HKLM-x32\...\{13C1E98C-4434-4026-AADB-4A8A348B9402}) (Version: 1.00.0000 - Related Designs)
ANNO 1602 Königs-Edition (HKLM-x32\...\{077A7810-A937-4465-AD08-ACED9807995F}) (Version: 1.00 - )
Arx Fatalis (HKLM-x32\...\Steam App 1700) (Version:  - Arkane Studios)
Arx Libertatis (HKCU\...\ArxLibertatis) (Version: 1.0.3 - )
Assassin's Creed Brotherhood (HKLM-x32\...\Steam App 48190) (Version:  - )
Assassin's Creed II (HKLM-x32\...\Steam App 33230) (Version:  - Ubisoft Montreal)
Avira (HKLM-x32\...\{dc9a688a-12cb-4a22-b449-23d849d01dc7}) (Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.0.2282.0 - Microsoft Corporation)
Bing Bar Platform (x32 Version: 6.0.2282.0 - Microsoft Corporation) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-Lot - The Elizabethan Era (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CoCenter (HKLM-x32\...\CoCenter_is1) (Version: 1.4.9 - coocox.org)
CoFlash (HKLM-x32\...\CoFlash_is1) (Version: 1.4.6 - coocox.org)
CoIDE (HKLM-x32\...\CoIDE_is1) (Version: 1.7.7 - coocox.org)
Command and Conquer 3: Kane's Wrath (HKLM-x32\...\Steam App 24810) (Version:  - EA Los Angeles)
Command and Conquer 3: Tiberium Wars (HKLM-x32\...\Steam App 24790) (Version:  - EA Los Angeles)
Commander Keen 5 - The Armageddon Machine 1991 version 1.0 (HKLM-x32\...\{A4810069-DB03-48A4-8DDC-004330CDCEEF}}_is1) (Version: 1.0 - Pyramid Games, Inc.)
Common RTP 1.0 (HKLM-x32\...\RPGAdvocates_RTP_1.0) (Version:  - )
ContentMod2.6.2 (HKLM-x32\...\ContentMod_2.6.2) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - )
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version:  - Team Psykskallar)
CyberLink DVD Suite Premium (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DarkRadiant 1.7.3 (HKLM\...\DarkRadiant_is1) (Version:  - The Dark Mod)
DAvE (HKLM-x32\...\DAvE) (Version:  - )
Die Siedler III Gold Edition (HKLM-x32\...\S3) (Version:  - )
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - )
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
EAGLE 6.5.0 (HKLM-x32\...\EAGLE 6.5.0) (Version: 6.5.0 - CadSoft Computer GmbH)
EarthView V3.8.5 (HKLM-x32\...\EarthView) (Version:  - )
EasyLife Updater (HKLM\...\EasyLife Updater) (Version: 1.0 - BetterSoft)
Empire Earth Gold Edition (HKLM-x32\...\GOGPACKEMPIREEARTHGOLD_is1) (Version: 2.0.0.14 - GOG.com)
Empire Earth II Gold Edition (HKLM-x32\...\GOGPACKEMPIREEARTH2GOLD_is1) (Version: 2.0.0.17 - GOG.com)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Freeciv 2.3.2 (GTK+ client) (HKCU\...\Freeciv-2.3.2-gtk2) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
GNU Tools for ARM Embedded Processors 4.8 2014q2 (HKLM-x32\...\552277EA-F57E-7211-F7F4-B8BA1274B46C) (Version: 20140726 - ARM Holdings)
Gothic 3 (HKLM-x32\...\Steam App 39500) (Version:  - Piranha – Bytes )
Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version:  - Rockstar Games)
GUILD WARS (HKLM-x32\...\Guild Wars) (Version:  - )
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life Deathmatch: Source (HKLM-x32\...\Steam App 360) (Version:  - Valve)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6302.0 - IDT)
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Jade Empire: Special Edition (HKLM-x32\...\Steam App 7110) (Version:  - BioWare Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle)
Java(TM) 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
Jewel Quest II (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Keil µVision4 (HKLM-x32\...\Keil µVision4) (Version:  - )
Lara Croft and the Guardian of Light (HKLM-x32\...\Steam App 35130) (Version:  - Crystal Dynamics)
League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games)
Legend of Grimrock (HKLM-x32\...\Steam App 207170) (Version:  - Almost Human Games)
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.7.9.30 - www.leaguereplays.com)
LTspice IV (HKLM-x32\...\LTspice IV) (Version:  - )
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios AB)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version:  - Klei Entertainment)
Mathcad 2001 Professional (HKLM-x32\...\{31A38B62-9168-4052-920A-F1405F43FEA8}) (Version: 10.01.0000 - MathSoft)
MATLAB R2011b (HKLM\...\Matlab R2011b) (Version: 7.13 - The MathWorks, Inc.)
Medieval II: Total War (HKLM-x32\...\Steam App 4700) (Version:  - The Creative Assembly)
Medieval II: Total War Kingdoms (HKLM-x32\...\Steam App 4780) (Version:  - The Creative Assembly)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Age of Empires (HKLM-x32\...\Age of Empires) (Version:  - )
Microsoft Age of Empires Expansion (HKLM-x32\...\Age of Empires Expansion 1.0) (Version:  - )
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
Mount & Blade: With Fire and Sword (HKLM-x32\...\Steam App 48720) (Version:  - TaleWorlds Entertainment)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Mozilla Firefox 33.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 de)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.8 (HKLM-x32\...\{1BC144A3-20EF-49DD-8EBB-E421E128E30F}) (Version: 1.2.8 - Thorvald Natvig)
MusicStation (HKLM-x32\...\MusicStationNetstaller) (Version: 1.0.1.5 - Hewlett-Packard)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.1 - Notepad++ Team)
Obsidian Conflict Beta 1.35 Full (HKCU\...\{C2477B44-8AB4-4E65-AED0-46B67EFCC97A}_is1) (Version: 1.35 - Obsidian Conflict Team)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
OpenTTD 1.3.1 (HKLM-x32\...\OpenTTD) (Version: 1.3.1 - OpenTTD)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
PSpice Student 9.1 (HKLM-x32\...\PSpice Student) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Questpaket 4 Update 2 Deinstallation (HKLM-x32\...\G3QP231012008_is1) (Version: 4.2.0.0 - Humanforce)
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\GOGPACKRCT3_is1) (Version: 2.0.0.13 - GOG.com)
Rome: Total War (HKLM-x32\...\Steam App 4760) (Version:  - The Creative Assembly)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RTP for RM2K (Png, Wav, Midi, Fonts) (HKLM-x32\...\RTP for RM2K (Png, Wav, Midi, Fonts)) (Version:  - )
S.T.A.L.K.E.R.: Lost Alpha version 1.3.0013 (HKLM-x32\...\S.T.A.L.K.E.R.: Lost Alpha_is1) (Version: 1.3.0013 - dezowave)
Sacred Gold (HKLM-x32\...\Steam App 12320) (Version:  - Ascaron Entertainment)
Sea3D 1.2.0a (HKLM-x32\...\Sea3D_is1) (Version: 1.2.0a - Jason Fugate)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Source Multiplayer Dedicated Server (HKLM-x32\...\Steam App 310) (Version:  - Valve)
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version:  - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: 1.4.1.19776 - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - )
Synergy (HKLM-x32\...\Steam App 17520) (Version:  - Synergy Team)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - )
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Witcher 2 (HKLM-x32\...\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}) (Version: 1.00.0000 - CD Projekt Red)
The Witcher Enhanced Edition (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.4.5.1280 - CD Projekt Red)
Thief 2 (HKLM-x32\...\Steam App 211740) (Version:  - Looking Glass Studios)
Third Age - Total War 3.0 (Part 1of2) (HKCU\...\Third Age - Total War 3.0 (Part 1of2)) (Version:  - )
Third Age - Total War 3.0 (Part 2of2) (HKCU\...\Third Age - Total War 3.0 (Part 2of2)) (Version:  - )
Tomb Raider II (HKLM-x32\...\Steam App 225300) (Version:  - Core Design)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unknown Horizons (HKLM-x32\...\Unknown Horizons) (Version: 2013.2 - The Unknown Horizons Team)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
VVVVVV (HKLM-x32\...\Steam App 70300) (Version:  - )
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Widelands (HKLM-x32\...\{WIDELANDS-WIN32-IS}_is1) (Version: Widelands - Widelands Development Team)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.14 - WildTangent)
Winamp (HKLM-x32\...\Winamp) (Version: 5.62  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}) (Version: 16.0.9715 - WinZip Computing, S.L. )
World of Tanks - Common Test (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812CT}_is1) (Version:  - Wargaming.net)
World of Tanks v.0.6.6 (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1) (Version:  - Wargaming.net)
World of Tanks v.0.7.4_CT (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C8CT}_is1) (Version:  - Wargaming.net)
World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813}_is1) (Version:  - Wargaming.net)
Worms Revolution (HKLM-x32\...\Steam App 200170) (Version:  - )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
YGOPro DevPro Version 1.9.6 r0 (HKLM-x32\...\{3CF2634F-3F38-4DD3-9201-CB2FE6B5FF23}_is1) (Version: 1.9.6 r0 - YGOPro DevPro Online)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
ZoneAlarm Firewall (x32 Version: 11.0.780.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 11.0.780.000 - Check Point)
ZoneAlarm Security (x32 Version: 11.0.780.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (x32 Version: 1.8.22.0 - Check Point Software Technologies LTD) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1267327803-2283943938-1836921389-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1267327803-2283943938-1836921389-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1267327803-2283943938-1836921389-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1267327803-2283943938-1836921389-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1267327803-2283943938-1836921389-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\ooofilt_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1267327803-2283943938-1836921389-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1267327803-2283943938-1836921389-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1267327803-2283943938-1836921389-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1267327803-2283943938-1836921389-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1267327803-2283943938-1836921389-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1267327803-2283943938-1836921389-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================

21-10-2014 16:04:05 Installed Java 7 Update 71
28-10-2014 17:45:57 Geplanter Prüfpunkt
03-11-2014 14:46:36 Windows Update
04-11-2014 17:24:32 Wiederherstellungsvorgang
04-11-2014 18:59:28 Windows Update
06-11-2014 16:25:23 Windows Update
07-11-2014 16:57:02 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-11-07 17:57 - 00000840 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost 
::1             localhost 

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {11E42C9A-E4A1-4D3B-A71C-6E3FF514F795} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {13D75616-0279-4B59-A2F3-2D20070C734B} - System32\Tasks\MATLAB R2011b Startup Accelerator => C:\Program Files\MATLAB\R2011b\bin\win64\MATLABStartupAccelerator.exe [2011-07-08] ()
Task: {1AE96EA9-F398-4261-A022-A1F856225200} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {29F37828-D704-43B9-A85C-A2A4340503EA} - System32\Tasks\schedule!1818212897 => C:\ProgramData\BetterSoft\EasyLife Updater\EasyLife Updater.exe <==== ATTENTION
Task: {2F52DBE2-C41A-40C7-8FA9-AFD3FE38633C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {364467D4-F0E9-4D32-B2ED-344EE171B784} - System32\Tasks\HPCeeScheduleForCHRIS-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {3B0E2777-DB59-4AF0-9A46-44D6C1BC8DC0} - System32\Tasks\{DE79BC77-856F-43F0-996A-E951E84E1077} => C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto San Andreas\gta_sa.exe
Task: {3D17CBCE-0DEE-4C01-AA9F-8D33AFA5BCAF} - System32\Tasks\{CCC07322-662F-4265-A297-B441064C7641} => C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto San Andreas\gta_sa.exe
Task: {5329A8FF-44A3-40AD-B304-60999B1A7855} - System32\Tasks\{183F217A-26EC-43F0-B8DD-54A55A105FC5} => C:\Users\Chris\Documents\Studium\4. Semester\Mikrocomputer\HC11-IDE\wookie182upx.exe [2006-07-19] (Milwaukee School of Engineering: Kalle Anderson, Jason Buttron, Paul Clarke, Mathew Enwald, Blake Adams, Jake Buysse, Brian Farmer, Dainen Bugh, Ian Kasprzak, University of Wisconsin - Milwaukee: Craig Irving)
Task: {5F5B5D21-2CB5-454E-BB3F-BF717FE9B9A1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {75E5D67F-41EF-48EC-A0F9-527ABFC5585C} - System32\Tasks\HPCeeScheduleForChris => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {81E8A5E5-A750-4D34-AD6A-85A1F55B3ACC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {9E204386-0021-4230-8BF1-ED6CF0C298AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {D6F982B9-31C3-4548-A247-3EFE7C0C93F3} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-09-27] ()
Task: {E553AEB1-4CC4-423E-9E13-F481C32732D0} - System32\Tasks\{46F2A24F-DD55-4126-A556-8BC0E3A32E2B} => C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto San Andreas\gta_sa.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCHRIS-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForChris.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job => C:\Program Files\MATLAB\R2011b\bin\win64\MATLABStartupAccelerator.exe
Task: C:\Windows\Tasks\schedule!1818212897.job => C:\ProgramData\BetterSoft\EasyLife Updater\EasyLife Updater.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Chris\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Chris\AppData\Roaming:NT

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: DAUpdaterSvc => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: DataMgr => "C:\Users\Chris\AppData\Roaming\DataMgr\DataMgr.exe"
MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MSCONFIG\startupreg: Intermediate => "C:\Users\Chris\AppData\Roaming\Intermediate\Intermediate.exe"
MSCONFIG\startupreg: Magic Desktop for HP notification => "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: SCheck => "C:\Users\Chris\AppData\Roaming\SCheck\SCheck.exe" check 
MSCONFIG\startupreg: Sixth => "C:\Users\Chris\AppData\Roaming\Sixth\Sixth.exe"
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: Snoozer => "C:\Users\Chris\AppData\Roaming\Snz\Snz.exe"
MSCONFIG\startupreg: SSync => "C:\Users\Chris\AppData\Roaming\SSync\SSync.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1267327803-2283943938-1836921389-500 - Administrator - Disabled)
Chris (S-1-5-21-1267327803-2283943938-1836921389-1000 - Administrator - Enabled) => C:\Users\Chris
Gast (S-1-5-21-1267327803-2283943938-1836921389-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1267327803-2283943938-1836921389-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/04/2014 06:52:44 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Geplanter Prüfpunkt). Zusätzliche Informationen: 0x80070005.

Error: (11/03/2014 03:10:17 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: MS_SNMP_ENCAPSULATED_EVENT_PROVIDERselect * from SnmpNotificationSnmpNotification//./root/snmp/localhost

Error: (11/03/2014 03:10:17 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: select * from SnmpNotificationSnmpNotification//./root/snmp/localhost

Error: (11/03/2014 03:10:17 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: MS_SNMP_REFERENT_EVENT_PROVIDERselect * from SnmpExtendedNotificationSnmpExtendedNotification//./root/snmp/localhost

Error: (11/03/2014 03:10:17 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: select * from SnmpExtendedNotificationSnmpExtendedNotification//./root/snmp/localhost

Error: (11/03/2014 03:09:46 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\servicing\TrustedInstaller.exe; Beschreibung = Windows Modules Installer; Fehler = 0x8007043c).

Error: (11/02/2014 05:14:35 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (11/02/2014 02:37:50 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (10/31/2014 06:35:03 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (10/28/2014 06:41:20 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.


System errors:
=============
Error: (11/07/2014 06:10:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Software Protection" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/07/2014 06:10:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Software Protection erreicht.

Error: (11/07/2014 06:08:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Intel(R) Management and Security Application Local Management Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/07/2014 06:08:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Management and Security Application Local Management Service erreicht.

Error: (11/07/2014 06:06:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HP Support Assistant Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/07/2014 06:06:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HP Support Assistant Service erreicht.

Error: (11/07/2014 06:05:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.

Error: (11/07/2014 06:05:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

Error: (11/07/2014 06:01:49 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (11/07/2014 06:01:45 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.


Microsoft Office Sessions:
=========================
Error: (11/04/2014 06:52:44 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Geplanter Prüfpunkt0x80070005

Error: (11/03/2014 03:10:17 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: MS_SNMP_ENCAPSULATED_EVENT_PROVIDERselect * from SnmpNotificationSnmpNotification//./root/snmp/localhost

Error: (11/03/2014 03:10:17 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: select * from SnmpNotificationSnmpNotification//./root/snmp/localhost

Error: (11/03/2014 03:10:17 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: MS_SNMP_REFERENT_EVENT_PROVIDERselect * from SnmpExtendedNotificationSnmpExtendedNotification//./root/snmp/localhost

Error: (11/03/2014 03:10:17 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: select * from SnmpExtendedNotificationSnmpExtendedNotification//./root/snmp/localhost

Error: (11/03/2014 03:09:46 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x8007043c

Error: (11/02/2014 05:14:35 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (11/02/2014 02:37:50 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (10/31/2014 06:35:03 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (10/28/2014 06:41:20 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3


CodeIntegrity Errors:
===================================
  Date: 2013-10-21 13:14:26.805
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-21 00:15:18.419
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-20 20:49:30.926
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-20 18:10:32.096
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-20 17:38:27.191
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-20 17:22:21.487
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-20 13:44:16.173
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-20 12:43:48.323
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-19 23:08:16.893
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-19 20:59:42.371
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 29%
Total physical RAM: 8174.53 MB
Available physical RAM: 5739.94 MB
Total Pagefile: 16347.24 MB
Available Pagefile: 13748.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1848.9 GB) (Free:1220.88 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:14.02 GB) (Free:1.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 0DCB5C4C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1848.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Code:
ATTFilter
# AdwCleaner v4.002 - Bericht erstellt am 07/11/2014 um 17:17:52
# DB v2014-11-02.1
# Aktualisiert 27/10/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Chris - CHRIS-HP
# Gestartet von : C:\Users\Chris\Desktop\AdwCleaner_4.002.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\BetterSoft
Ordner Gelöscht : C:\Users\Chris\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gelöscht : C:\Users\Chris\AppData\Roaming\Common\LuaRT
Ordner Gelöscht : C:\Users\Chris\AppData\Roaming\DataMgr
Ordner Gelöscht : C:\Program Files (x86)\EasyLife
Ordner Gelöscht : C:\Users\Chris\AppData\Roaming\Intermediate
Ordner Gelöscht : C:\Users\Chris\AppData\Local\Temp\mt_ffx
Ordner Gelöscht : C:\Users\Chris\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Chris\AppData\Roaming\SCheck
Ordner Gelöscht : C:\Users\Chris\AppData\Roaming\SendSpace
Ordner Gelöscht : C:\Users\Chris\AppData\Roaming\Sixth
Ordner Gelöscht : C:\Users\Chris\AppData\Roaming\Snz
Ordner Gelöscht : C:\ProgramData\SoftSafe
Ordner Gelöscht : C:\ProgramData\CheAPMe
Ordner Gelöscht : C:\ProgramData\ExsttroaCooupon
Ordner Gelöscht : C:\ProgramData\MinimumPraicee
Ordner Gelöscht : C:\ProgramData\UTubbeNoAds
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Users\Chris\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\43w4q8la.default\invalidprefs.js
Datei Gelöscht : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\43w4q8la.default\user.js

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\easylifeapp.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_pdfgrabber_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_pdfgrabber_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_sea3d_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_sea3d_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
Schlüssel Gelöscht : HKCU\Software\httogroup
Schlüssel Gelöscht : HKCU\Software\piccshare
Schlüssel Gelöscht : HKCU\Software\Protector
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\SOFTWARE\SP Global
Schlüssel Gelöscht : HKLM\SOFTWARE\SProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{98449C67-C7AF-BB53-112D-26C916814611}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C6E49138-C2CF-5337-D358-0734FD33EFB4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA1838EF-A497-194E-3850-37A62CEE398B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F6C44C71-2CFE-8176-3A4D-CBD0DCE5AEFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v33.0.3 (x86 de)


*************************

AdwCleaner[R0].txt - [10438 octets] - [07/11/2014 17:16:36]
AdwCleaner[S0].txt - [9246 octets] - [07/11/2014 17:17:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9306 octets] ##########
         
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 07.11.2014
Suchlauf-Zeit: 17:35:43
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.07.03
Rootkit Datenbank: v2014.11.01.02
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Chris

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 332740
Verstrichene Zeit: 14 Min, 4 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
Code:
ATTFilter
Zoek.exe v5.0.0.0 Updated 06-November-2014
Tool run by Chris on 07.11.2014 at 17:53:13,90.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Chris\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

07.11.2014 17:57:17 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp. 
# 
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 
# 
# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 
# 
# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 
# 
# For example: 
# 
#      102.54.94.97     rhino.acme.com          # source server 
#       38.25.63.10     x.acme.com              # x client host 
 
# localhost name resolution is handle within DNS itself. 
127.0.0.1       localhost 
::1             localhost 

==== Deleting CLSID Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5D2D3B24-2566-3EC3-9FEF-7411C7E8C4D1} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F7347D78-EF6B-1515-721E-A2CCBF6F1777} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD1766BC-F41C-B11B-A9DC-061320F83BFD} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1267327803-2283943938-1836921389-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} deleted successfully
HKEY_USERS\S-1-5-21-1267327803-2283943938-1836921389-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} deleted successfully
HKEY_USERS\S-1-5-21-1267327803-2283943938-1836921389-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{5D2D3B24-2566-3EC3-9FEF-7411C7E8C4D1} deleted successfully
HKEY_USERS\S-1-5-21-1267327803-2283943938-1836921389-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{F7347D78-EF6B-1515-721E-A2CCBF6F1777} deleted successfully
HKEY_USERS\S-1-5-21-1267327803-2283943938-1836921389-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{FD1766BC-F41C-B11B-A9DC-061320F83BFD} deleted successfully
HKEY_USERS\S-1-5-21-1267327803-2283943938-1836921389-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{5C2DD58F-613F-4580-8AC0-F10D760AF938} deleted successfully
HKEY_USERS\S-1-5-21-1267327803-2283943938-1836921389-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\FFToolbar@bitdefender.com deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\43w4q8la.default\prefs.js:
user_pref("browser.startup.homepage", "www.google.de");

Added to C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\43w4q8la.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Chris\AppData\Roaming\Thunderbird\Profiles\kqdiv6p3.default\prefs.js:

Added to C:\Users\Chris\AppData\Roaming\Thunderbird\Profiles\kqdiv6p3.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}"="C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension" [23.04.2011 12:04]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\43w4q8la.default
- Ghostery - %ProfilePath%\extensions\firefox@ghostery.com.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\Chris\AppData\Roaming\Thunderbird\Profiles\kqdiv6p3.default
- Deutsches Wrterbuch - %ProfilePath%\extensions\de-DE@dictionaries.addons.mozilla.org

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\43w4q8la.default
DFC9460CC37E5C414DC4680B10C19E7A	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll -	Shockwave Flash


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.de/?gws_rd=ssl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=de&gu=f92bf0c371da4280886df0b3fe7d2d9c&tu=10GX0008N1B0008&sku=&tstsId=&ver=&"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=de&gu=f92bf0c371da4280886df0b3fe7d2d9c&tu=10GX0008N1B0008&sku=&tstsId=&ver=&"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{d944bb61-2e34-4dbf-a683-47e505c587dc} eBay  Url="hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Desktops"
{E6AF0E3D-FBF3-43BD-ADD6-BDE09A3765CF} Search By ZoneAlarm Url="hxxp://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=de&q={searchTerms}&gu=f92bf0c371da4280886df0b3fe7d2d9c&tu=10GXy00Ad1B0Ca0&sku=&tstsId=&ver=&&r=632"

==== Reset Google Chrome ======================

Nothing found to reset

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="fritz.box"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Reset WMI ======================

Die folgenden Dienste h„ngen vom Dienst Windows-Verwaltungsinstrumentation ab.
Das Beenden des Dienstes Windows-Verwaltungsinstrumentation beendet auch diese Dienste.

   Sicherheitscenter
   IP-Hilfsdienst
   Avira Service Host

Sicherheitscenter wird beendet.
Sicherheitscenter wurde erfolgreich beendet.

IP-Hilfsdienst wird beendet.
IP-Hilfsdienst wurde erfolgreich beendet.

Avira Service Host wird beendet.
Avira Service Host wurde erfolgreich beendet.

Windows-Verwaltungsinstrumentation wird beendet.
Windows-Verwaltungsinstrumentation wurde erfolgreich beendet.

C:\Windows\system32\wbem\repository renamed to repository.old
C:\Windows\syswow64\wbem\repository renamed to repository.old

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== After Reboot ======================

==== EOF on 07.11.2014 at 18:02:06,51 ======================
         

Alt 07.11.2014, 22:01   #12
M-K-D-B
/// TB-Ausbilder
 
Windows 7: Bootzeit von 10 Minuten - Standard

Windows 7: Bootzeit von 10 Minuten



Wir entfernen die letzten Reste und kontrollieren nochmal alles. EEK und ESET können länger (> 2 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKCU - {E6AF0E3D-FBF3-43BD-ADD6-BDE09A3765CF} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=de&q={searchTerms}&gu=f92bf0c371da4280886df0b3fe7d2d9c&tu=10GXy00Ad1B0Ca0&sku=&tstsId=&ver=&&r=632
C:\ProgramData\hash.dat
Task: {29F37828-D704-43B9-A85C-A2A4340503EA} - System32\Tasks\schedule!1818212897 => C:\ProgramData\BetterSoft\EasyLife Updater\EasyLife Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\schedule!1818212897.job => C:\ProgramData\BetterSoft\EasyLife Updater\EasyLife Updater.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DataMgr
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Intermediate
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SCheck
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sixth
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Snoozer
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SSync
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2
Lade Dir bitte von hier Emsisoft Emergency Kit Download Emsisoft Emergency Kit herunter.
  • Bitte installiere das Programm in den vorgegebenen Pfad.
  • Starte das Programm durch Doppelklick der Desktopverknüpfung.
  • Das EEK ist nach dem Laden der Malwaresignaturen für den Scan bereit.
  • Folge nun bitte der bebilderten Bildanleitung zu Emergency Kit, entferne alle Funde und poste am Ende des Scans bzw. der Bereinigung das Log.






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von EEK,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

Alt 08.11.2014, 21:53   #13
chris224
 
Windows 7: Bootzeit von 10 Minuten - Standard

Windows 7: Bootzeit von 10 Minuten



Ich hab zwischendurch mal so 300GB deinstalliert, da der Scan so schon 4 Stunden+ dauert.

Also hier erstmal die ersten 2 die anderen folgen später:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-11-2014
Ran by Chris at 2014-11-08 10:32:49 Run:1
Running from C:\Users\Chris\Desktop
Loaded Profile: Chris (Available profiles: Chris)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKCU - {E6AF0E3D-FBF3-43BD-ADD6-BDE09A3765CF} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=de&q={searchTerms}&gu=f92bf0c371da4280886df0b3fe7d2d9c&tu=10GXy00Ad1B0Ca0&sku=&tstsId=&ver=&&r=632
C:\ProgramData\hash.dat
Task: {29F37828-D704-43B9-A85C-A2A4340503EA} - System32\Tasks\schedule!1818212897 => C:\ProgramData\BetterSoft\EasyLife Updater\EasyLife Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\schedule!1818212897.job => C:\ProgramData\BetterSoft\EasyLife Updater\EasyLife Updater.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DataMgr
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Intermediate
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SCheck
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sixth
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Snoozer
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SSync
EmptyTemp:
end
*****************

Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E6AF0E3D-FBF3-43BD-ADD6-BDE09A3765CF}" => Key deleted successfully.
"HKCR\CLSID\{E6AF0E3D-FBF3-43BD-ADD6-BDE09A3765CF}" => Key not found.
C:\ProgramData\hash.dat => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{29F37828-D704-43B9-A85C-A2A4340503EA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29F37828-D704-43B9-A85C-A2A4340503EA}" => Key deleted successfully.
C:\Windows\System32\Tasks\schedule!1818212897 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\schedule!1818212897" => Key deleted successfully.
C:\Windows\Tasks\schedule!1818212897.job => Moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DataMgr => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Intermediate => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SCheck => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sixth => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Snoozer => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SSync => Key Deleted successfully.
EmptyTemp: => Removed 844.4 MB temporary data.


The system needed a reboot. 

==== End of Fixlog ====
         
Code:
ATTFilter
Emsisoft Emergency Kit - Version 9.0
Letztes Update: 11/8/2014 10:55:54 AM
Benutzerkonto: Chris-HP\Chris

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, Q:\

PUPs-Erkennung: An
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:	11/8/2014 3:09:06 PM
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} 	gefunden: Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-20\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} 	gefunden: Application.AdGenie (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} 	gefunden: Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-19\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} 	gefunden: Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-20\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} 	gefunden: Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} 	gefunden: Application.AdGenie (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} 	gefunden: Application.AdGenie (A)
Value: HKEY_USERS\S-1-5-21-1267327803-2283943938-1836921389-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS 	gefunden: Setting.DisableRegistryTools (A)
C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Roaming\Intermediate\chunprot.dll.vir 	gefunden: Application.Generic.863477 (B)
C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Roaming\SCheck\chunprot.dll.vir 	gefunden: Application.Generic.863477 (B)
C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Roaming\Snz\Snz.exe.vir -> (NSIS o) -> zlib_nsis0007 	gefunden: Application.Generic.863477 (B)
C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe 	gefunden: Application.Win32.InstallTool (A)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\00438c8e.qua -> (Quarantine-8) 	gefunden: Gen:Variant.Adware.Bprotector.5 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\10d621ee.qua -> (Quarantine-8) 	gefunden: Gen:Variant.Application.Dropper.111 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\1f193c63.qua -> (Quarantine-8) 	gefunden: Gen:Variant.Adware.BProtector.4 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\420c984e.qua -> (Quarantine-8) 	gefunden: Gen:Variant.Adware.Bprotector.5 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\42b97b73.qua -> (Quarantine-8) 	gefunden: Adware.Agent.NWJ (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4c009bde.qua -> (Quarantine-8) 	gefunden: Application.Generic.593921 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4d465928.qua -> (Quarantine-8) 	gefunden: Gen:Variant.Adware.BProtector.4 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\525a8888.qua -> (Quarantine-8) 	gefunden: Trojan.Dropper.WXI (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\550fed80.qua -> (Quarantine-8) 	gefunden: Adware.BHO.Agent.E (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\55d17c3f.qua -> (Quarantine-8) 	gefunden: Gen:Variant.Adware.BProtector.4 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5a0054a9.qua -> (Quarantine-8) 	gefunden: Adware.Agent.NWJ (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5a9bbd99.qua -> (Quarantine-8) 	gefunden: Gen:Variant.Adware.Bprotector.5 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5b42d51f.qua -> (Quarantine-8) 	gefunden: Gen:Variant.Application.Dropper.111 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\76658773.qua -> (Quarantine-8) 	gefunden: Application.Generic.593921 (B)
C:\ProgramData\gcjkmkejbhkheegipnfpghdnojggmpam\gcjkmkejbhkheegipnfpghdnojggmpam.crx -> P5C2eDwQxpy.js 	gefunden: Adware.MultiPlug.CY (B)
C:\ProgramData\InstallMate\EasyLife Updater\Custom.dll 	gefunden: Application.Win32.AdLoad (A)

Gescannt	648771
Gefunden	28

Scan Ende:	11/8/2014 6:35:18 PM
Scan Zeit:	3:26:12

C:\ProgramData\InstallMate\EasyLife Updater\Custom.dll	Quarantäne Application.Win32.AdLoad (A)
C:\ProgramData\gcjkmkejbhkheegipnfpghdnojggmpam\gcjkmkejbhkheegipnfpghdnojggmpam.crx	Quarantäne Adware.MultiPlug.CY (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\76658773.qua	Quarantäne Application.Generic.593921 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5b42d51f.qua	Quarantäne Gen:Variant.Application.Dropper.111 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5a9bbd99.qua	Quarantäne Gen:Variant.Adware.Bprotector.5 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5a0054a9.qua	Quarantäne Adware.Agent.NWJ (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\55d17c3f.qua	Quarantäne Gen:Variant.Adware.BProtector.4 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\550fed80.qua	Quarantäne Adware.BHO.Agent.E (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\525a8888.qua	Quarantäne Trojan.Dropper.WXI (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4d465928.qua	Quarantäne Gen:Variant.Adware.BProtector.4 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4c009bde.qua	Quarantäne Application.Generic.593921 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\42b97b73.qua	Quarantäne Adware.Agent.NWJ (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\420c984e.qua	Quarantäne Gen:Variant.Adware.Bprotector.5 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\1f193c63.qua	Quarantäne Gen:Variant.Adware.BProtector.4 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\10d621ee.qua	Quarantäne Gen:Variant.Application.Dropper.111 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\00438c8e.qua	Quarantäne Gen:Variant.Adware.Bprotector.5 (B)
C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe	Quarantäne Application.Win32.InstallTool (A)
C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Roaming\Snz\Snz.exe.vir	Quarantäne Application.Generic.863477 (B)
C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Roaming\SCheck\chunprot.dll.vir	Quarantäne Application.Generic.863477 (B)
C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Roaming\Intermediate\chunprot.dll.vir	Quarantäne Application.Generic.863477 (B)
Value: HKEY_USERS\S-1-5-21-1267327803-2283943938-1836921389-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS	Quarantäne Setting.DisableRegistryTools (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B}	Quarantäne Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-20\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B}	Quarantäne Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-19\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B}	Quarantäne Application.AdGenie (A)

Quarantäne	24
         
Und die anderen 2:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=933a4d1c4dadf443b6088802d4245b70
# engine=20993
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-08 08:40:55
# local_time=2014-11-08 09:40:55 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 40869 160027833 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 351631 167109105 0 0
# scanned=598401
# found=14
# cleaned=0
# scan_time=10368
sh=D80C82126B62DDFCA25FE2C8D46B0306374515F9 ft=1 fh=989a5d3959e2490e vn="Win32/AdWare.Snoozer.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Roaming\SCheck\ntcrxinst.exe.vir"
sh=ACE6476A793879A308D35C842B46EE3C9015DAEB ft=1 fh=dbbb2733165a4ed9 vn="Win32/AdWare.Snoozer.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Roaming\SCheck\ntdllinst.exe.vir"
sh=718259773FCF6931DEE2154697FB9D997299BEA5 ft=1 fh=18effc849236beec vn="Win32/AdWare.Snoozer.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Roaming\SCheck\ntxpiinst.exe.vir"
sh=4CD483AE1ADF0BD259C612CD356D19B3315A73AF ft=1 fh=69773bfd872c2fda vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\uninstall.exe"
sh=AE638A448B587E19589F749E9CDCB2C6282B5C7F ft=1 fh=fb95174cb413b8bf vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\zonealarmEng.dll"
sh=2C7E92DBF6A14DE89382CCC9C9E2807B5EB3F906 ft=1 fh=d7cdf3a9bac82201 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\zonealarmsrv.exe"
sh=83AF8438702BC3B8C19C1D5DF45125F58351A558 ft=1 fh=2d34ad7ad94c7467 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\uninstall.exe"
sh=7D88383C44FDAA38E0D29B63F997635CDE9BF1DC ft=1 fh=c71c00111b20784d vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmApp.dll"
sh=BC1E722817649F418D69AC649F876A51678080AD ft=1 fh=c71c0011931c2410 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmEng.dll"
sh=218D826DF7CEFCE7B428F53A7ACDF10F50F026C2 ft=1 fh=8db84d6f75cab766 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmsrv.exe"
sh=839C7BD3E480D2B2E52EBB7784DA99FBEF0BE1B3 ft=1 fh=087cc1d5e496e287 vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll"
sh=7A219354FC60B0CF6ED52E610C3140CE704CC656 ft=1 fh=83737b1a97540dba vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll"
sh=28F81FA9CC2F237BB3DCB5F2D9E43DBB64E6CB34 ft=1 fh=51b4fcd41bbc33f1 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\CheckPoint\Install\zatb.exe"
sh=DBD0C320C253E1AB035A116243442B5AB54A1FA0 ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\ab463.msi"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
 Avira successfully updated! 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 71  
 Java(TM) 6 Update 22  
 Java(TM) 6 Update 33  
 Java version out of Date! 
 Adobe Flash Player 15.0.0.152  
 Adobe Reader 10.1.12 Adobe Reader out of Date!  
 Mozilla Firefox (33.0.3) 
 Mozilla Thunderbird (24.6.0) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 CheckPoint ZoneAlarm vsmon.exe  
 CheckPoint ZoneAlarm ZAPrivacyService.exe  
 CheckPoint ZoneAlarm zatray.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Alt 09.11.2014, 13:23   #14
M-K-D-B
/// TB-Ausbilder
 
Windows 7: Bootzeit von 10 Minuten - Standard

Windows 7: Bootzeit von 10 Minuten



Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
C:\ProgramData\gcjkmkejbhkheegipnfpghdnojggmpam
C:\Windows\Installer\ab463.msi
C:\Program Files (x86)\CheckPoint\Install\zatb.exe
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird!






Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.





Schritt 1
Ändere regelmäßig alle deine Passwörter, jetzt nach der Bereinigung ist ein idealer Zeitpunkt dafür!
  • Verwende für jede Anwendung und jeden Account ein anderes Passwort.
  • Ändere regelmäßig dein Passwort, vor allem bei Onlinebanking oder deinem Emailpostfach ist das sehr wichtig.
  • Speichere keine Passwörter auf deinem PC, gib diese nicht an Dritte weiter.
  • Ein sicheres Passwort besteht aus mindestens 8 Zeichen und beinhaltet Groß- und Kleinbuchstaben, Zahlen und Sonderzeichen.
  • Benutze keine Zahlen- oder Buchstabenkombinationen, ( zB 12345678, qwertzui) auch keine Zahlen oder Buchstabenmuster.
  • Verwende keine Passwörter die einen Bezug zu dir, deinem Wohnort, Familienmitglied oder Haustier (Geburtsdatum, Postleitzahl, Adresse, Name) haben.





Schritt 2
Du verwendest veraltete Software auf deinem Rechner, was ein Sicherheitsrisiko darstellt. Daher solltest du veraltete Software deinstallieren und anschließend die aktuellste Version installieren.
Folge dem Pfad Start > Systemsteuerung > Sofware / Programme deinstallieren.
Deinstalliere die folgenden Programme von deinem Rechner:
  • Java 7 Update 71
  • Java(TM) 6 Update 22
  • Java(TM) 6 Update 33
  • Adobe Flash Player
  • Adobe Reader 10
Starte deinen Rechner nach der Deinstallation neu auf.
Downloade und installiere dir bitte nun:Starte deinen Rechner nach der Installation neu auf.





Schritt 3
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.







Schritt 4
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist! Ein kostenloses Anti-Viren Programm, das wir empfehlen, wäre z. B. Avast! Free Antivirus oder Microsoft Security Essentials.
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt. Du kannst es zusätzlich zu deinem Anti-Viren Programm verwenden.
    Update das Tool und lasse es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwünschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt von der Herstellerseite auf den Desktop herunterladen. Auch dieses Programm kann parallel zu deinem Anti-Viren Programm verwendet werden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..).
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Alt 09.11.2014, 13:55   #15
chris224
 
Windows 7: Bootzeit von 10 Minuten - Standard

Windows 7: Bootzeit von 10 Minuten



Hallo,

hier erstmal die fixlog.txt :

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014
Ran by Chris at 2014-11-09 13:37:03 Run:2
Running from C:\Users\Chris\Desktop
Loaded Profile: Chris (Available profiles: Chris)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\ProgramData\gcjkmkejbhkheegipnfpghdnojggmpam
C:\Windows\Installer\ab463.msi
C:\Program Files (x86)\CheckPoint\Install\zatb.exe
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0
EmptyTemp:
end

*****************

Processes closed successfully.
C:\ProgramData\gcjkmkejbhkheegipnfpghdnojggmpam => Moved successfully.
C:\Windows\Installer\ab463.msi => Moved successfully.
C:\Program Files (x86)\CheckPoint\Install\zatb.exe => Moved successfully.
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0 => Moved successfully.
EmptyTemp: => Removed 21.3 MB temporary data.


The system needed a reboot. 

==== End of Fixlog ====
         

Antwort

Themen zu Windows 7: Bootzeit von 10 Minuten
adware.bho.agent.e, adware.multiplug.cy, application.win32.adload, bccode: 9f, boot or start, cpu-z, crystaldiskinfo, fehlercode 22, langsamer start, pup.optional.babylon.a, pup.optional.booster.a, pup.optional.browserstabilizer.a, pup.optional.datamgr.a, pup.optional.easylife.a, pup.optional.piccshare.a, pup.optional.simplenewtab.a, pup.optional.softonic.a, pup.optional.sprotector.a, this device is disabled. (code 22), trojan.dropper.wxi, win32/adware.snoozer.a, win32/systweak.l, win32/toolbar.escort.a, win32/toolbar.montiera.a, win32/toolbar.montiera.b, win32/toolbar.montiera.f, win32/toolbar.montiera.i



Ähnliche Themen: Windows 7: Bootzeit von 10 Minuten


  1. Windows 7 lädt ca. 6 Minuten, Desktop dann 2 weitere Minuten, Combofix zeigte Infektion
    Log-Analyse und Auswertung - 30.08.2015 (25)
  2. Windows 7 lädt ca. 6 Minuten, Desktop dann 2 weitere Minuten, Combofix zeigte Infektion
    Alles rund um Windows - 09.08.2015 (4)
  3. Windows Vista braucht ca. 10 Minuten zum booten
    Alles rund um Windows - 16.06.2015 (21)
  4. Bootzeit von Windows lange!
    Alles rund um Windows - 11.11.2014 (25)
  5. Windows 7: Bootzeit von 10 Minuten, keine Malware sonder Windows Problem.
    Alles rund um Windows - 10.11.2014 (9)
  6. WIN XP: extrem lange Bootzeit, NT-AUTORITÄT\SYSTEM-Meldung (RPC) fährt den PC runter
    Log-Analyse und Auswertung - 30.08.2014 (21)
  7. Windows 7: u.A. Lange Bootzeit / Verdächtige Dateien im Ordner Windows/SysWOW64
    Log-Analyse und Auswertung - 23.09.2013 (21)
  8. Lange Bootzeit und ständige Kaspersky 2013 Fehler
    Plagegeister aller Art und deren Bekämpfung - 26.04.2013 (9)
  9. Lange Bootzeit und komisches Verhalten vom PC
    Plagegeister aller Art und deren Bekämpfung - 12.02.2013 (1)
  10. Lange Bootzeit
    Alles rund um Windows - 13.11.2012 (5)
  11. XP SP3 - Bootzeit wird immer länger
    Alles rund um Windows - 15.09.2012 (1)
  12. Windows Systemstart dauert über 2 Minuten (Windows XP)
    Alles rund um Windows - 08.08.2012 (6)
  13. Sehr lange Bootzeit von Win 7
    Plagegeister aller Art und deren Bekämpfung - 26.05.2012 (13)
  14. Windows XP Bootvorgang dauert Minuten
    Log-Analyse und Auswertung - 02.06.2008 (2)
  15. pc braucht 10 minuten zum hochfahren,programme brauchen minuten zum starten,hängt si.
    Plagegeister aller Art und deren Bekämpfung - 16.08.2007 (22)
  16. PC hat seit kurzem sehr lange bootzeit + dauernde medlungen vom virenscanner
    Log-Analyse und Auswertung - 20.03.2007 (3)
  17. Windows ändert sich anch 5 minuten!
    Log-Analyse und Auswertung - 28.08.2006 (6)

Zum Thema Windows 7: Bootzeit von 10 Minuten - Hallo Zusammen, eine kurze Beschreibung vorweg: Die Bootzeit meines Windows 7 Rechners ist seit einer Woche plötzlich 10 Minuten (nach der Eingabe das Passwortes gemessen, davor geht alles normal schnell). - Windows 7: Bootzeit von 10 Minuten...
Archiv
Du betrachtest: Windows 7: Bootzeit von 10 Minuten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.