Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 16.11.2014, 10:35   #1
BlueBall
 
Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren - Standard

Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren



Hallo Cummunity,

mir ist heute Morgen beim Start des Rechners aufgefallen, dass Microsoft Security Essentials nicht in der Taskleiste erschienen ist. Ein manueller Start bzw. Neuinstallationen waren erfolglos. Auch andere Antivirenprogramme lassen sich nicht installieren. In der Registry sind mir mehrere Disable und Debugger Einträge (nqij.exe) aufgefallen. Daher vermute ich mit meinem begrenzten Wissen einen Schädling... Die Logs lt. Checkliste habe ich beigefügt.
Schon mal vielen Dank für eure Bemühungen!

Viele Grüße

Stefan

GMER
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-16 10:46:16
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST315005 rev.CC34 1397,27GB
Running: cesj47z0.exe; Driver: C:\Users\STEFAN~1\AppData\Local\Temp\axriyuow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                                                                                   fffff80003204000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                                                                                                                   fffff8000320402f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Users\Stefan Möller\AppData\Roaming\Realtek\Audio\RtHDVCpl.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                      0000000074c51465 2 bytes [C5, 74]
.text     C:\Users\Stefan Möller\AppData\Roaming\Realtek\Audio\RtHDVCpl.exe[2984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                     0000000074c514bb 2 bytes [C5, 74]
.text     ...                                                                                                                                                                                                                                                  * 2
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtWaitForSingleObject                                                                                                                                   00000000770df8bc 5 bytes JMP 00000001769a0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtReadFile                                                                                                                                              00000000770df8f0 5 bytes JMP 0000000176ea0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile                                                                                                                                             00000000770df928 5 bytes JMP 0000000176ec0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                                                                 00000000770df9e0 5 bytes JMP 0000000176e20000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtQueryObject                                                                                                                                           00000000770df9f8 5 bytes JMP 0000000176520000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationFile                                                                                                                                  00000000770dfa10 5 bytes JMP 0000000176e40000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey                                                                                                                                               00000000770dfa28 5 bytes JMP 0000000176820000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey                                                                                                                                     00000000770dfa40 5 bytes JMP 00000001768c0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey                                                                                                                                              00000000770dfa90 5 bytes JMP 00000001767e0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey                                                                                                                                         00000000770dfaa8 5 bytes JMP 0000000176620000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationProcess                                                                                                                               00000000770dfad8 5 bytes JMP 00000001764a0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey                                                                                                                                             00000000770dfb40 5 bytes JMP 0000000176940000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                                                                                                                    00000000770dfc38 5 bytes JMP 0000000176e60000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                                                                                                      00000000770dfc50 5 bytes JMP 0000000176c60000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                                                                                                    00000000770dfc80 5 bytes JMP 0000000176c20000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey                                                                                                                                          00000000770dfd4c 5 bytes JMP 00000001768e0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                                                                              00000000770dfd64 5 bytes JMP 00000001770b0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile                                                                                                                                    00000000770dfd98 5 bytes JMP 0000000176b80000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                                                           00000000770dfdc8 5 bytes JMP 0000000176de0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtFsControlFile                                                                                                                                         00000000770dfdf8 5 bytes JMP 00000001769e0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                                                                                       00000000770dfe44 5 bytes JMP 0000000176c00000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile                                                                                                                                   00000000770dfe5c 5 bytes JMP 0000000176da0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtQueryVolumeInformationFile                                                                                                                            00000000770dff8c 2 bytes JMP 0000000176bc0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtQueryVolumeInformationFile + 3                                                                                                                        00000000770dff8f 2 bytes [AE, FF]
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                                                         00000000770dffa4 2 bytes JMP 0000000176e00000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 3                                                                                                                                     00000000770dffa7 2 bytes [D2, FF]
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtFlushBuffersFile                                                                                                                                      00000000770dffbc 2 bytes JMP 0000000176b20000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtFlushBuffersFile + 3                                                                                                                                  00000000770dffbf 2 bytes [A4, FF]
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtQuerySection                                                                                                                                          00000000770e0050 5 bytes JMP 0000000176c40000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                                                            00000000770e00b4 5 bytes JMP 0000000177090000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtWaitForMultipleObjects                                                                                                                                00000000770e0148 5 bytes JMP 0000000176980000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                                                                           00000000770e01c4 5 bytes JMP 0000000176580000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtAccessCheck                                                                                                                                           00000000770e0228 5 bytes JMP 0000000176460000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile                                                                                                                                            00000000770e09e4 5 bytes JMP 0000000176e80000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey                                                                                                                                             00000000770e09fc 5 bytes JMP 0000000176920000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                                                                                                                        00000000770e0a44 5 bytes JMP 0000000176900000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtExtendSection                                                                                                                                         00000000770e0b1c 5 bytes JMP 0000000176960000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey                                                                                                                                              00000000770e0b80 5 bytes JMP 00000001768a0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtFlushVirtualMemory                                                                                                                                    00000000770e0bb4 5 bytes JMP 0000000176dc0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtLoadKey                                                                                                                                               00000000770e0e0c 5 bytes JMP 0000000176880000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtLoadKey2                                                                                                                                              00000000770e0e24 5 bytes JMP 0000000176860000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtLockFile                                                                                                                                              00000000770e0e54 5 bytes JMP 0000000176b60000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeDirectoryFile                                                                                                                             00000000770e0f58 5 bytes JMP 00000001769c0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey                                                                                                                                       00000000770e0f70 5 bytes JMP 0000000176840000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx                                                                                                                                             00000000770e1018 5 bytes JMP 0000000176800000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile                                                                                                                               00000000770e133c 5 bytes JMP 0000000176be0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey                                                                                                                                 00000000770e147c 5 bytes JMP 0000000176640000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject                                                                                                                                   00000000770e1528 5 bytes JMP 0000000176480000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey                                                                                                                                             00000000770e1718 5 bytes JMP 0000000176540000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtReplaceKey                                                                                                                                            00000000770e1748 5 bytes JMP 0000000176600000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtRestoreKey                                                                                                                                            00000000770e17e0 5 bytes JMP 00000001765e0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtSaveKey                                                                                                                                               00000000770e1874 5 bytes JMP 00000001765c0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey                                                                                                                                     00000000770e1a58 5 bytes JMP 00000001765a0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject                                                                                                                                     00000000770e1b9c 5 bytes JMP 0000000176d80000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtSetVolumeInformationFile                                                                                                                              00000000770e1c9c 5 bytes JMP 0000000176ba0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtUnloadKey                                                                                                                                             00000000770e1e70 5 bytes JMP 0000000176560000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtUnlockFile                                                                                                                                            00000000770e1eb8 5 bytes JMP 0000000176b40000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!RtlQueryInformationActivationContext                                                                                                                    00000000770fba2c 5 bytes JMP 0000000176500000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                                                                              00000000770fc4dd 5 bytes JMP 00000001764e0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                                                                            0000000077101287 5 bytes JMP 00000001764c0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                                                       00000000751c103d 5 bytes JMP 0000000174ed0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                                                       00000000751c1072 5 bytes JMP 0000000174fe0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\syswow64\kernel32.dll!CreateActCtxW                                                                                                                                        00000000751c920f 5 bytes JMP 0000000175000000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\syswow64\kernel32.dll!WinExec                                                                                                                                              0000000075242ff1 5 bytes JMP 0000000174eb0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                                                                                                                                 0000000074a8c532 5 bytes JMP 0000000174a70000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\syswow64\ADVAPI32.dll!EncryptFileW                                                                                                                                         0000000074ac28f8 5 bytes JMP 0000000174a50000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\syswow64\ADVAPI32.dll!DecryptFileW                                                                                                                                         0000000074ac2947 5 bytes JMP 0000000174a30000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\syswow64\ole32.dll!CoRegisterClassObject                                                                                                                                   00000000758c21e1 5 bytes JMP 00000001758a0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\syswow64\ole32.dll!CoGetClassObject                                                                                                                                        00000000758e54ad 5 bytes JMP 0000000175800000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                                                                                        00000000758f9d0b 5 bytes JMP 0000000175840000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx                                                                                                                                      00000000758f9d4e 5 bytes JMP 0000000175820000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\syswow64\ole32.dll!CoRevokeClassObject                                                                                                                                     000000007593eacf 5 bytes JMP 0000000175880000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\syswow64\ole32.dll!CoFreeUnusedLibraries                                                                                                                                   0000000075940cc2 5 bytes JMP 0000000175860000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\syswow64\ole32.dll!CoRegisterSurrogate                                                                                                                                     00000000759909bf 5 bytes JMP 00000001757e0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                               0000000074c51465 2 bytes [C5, 74]
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                              0000000074c514bb 2 bytes [C5, 74]
.text     ...                                                                                                                                                                                                                                                  * 2
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtWaitForSingleObject                                                                                                                                   00000000770df8bc 5 bytes JMP 00000001769a0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtReadFile                                                                                                                                              00000000770df8f0 5 bytes JMP 0000000176ea0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile                                                                                                                                             00000000770df928 5 bytes JMP 0000000176ec0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                                                                 00000000770df9e0 5 bytes JMP 0000000176e20000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtQueryObject                                                                                                                                           00000000770df9f8 5 bytes JMP 0000000176520000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationFile                                                                                                                                  00000000770dfa10 5 bytes JMP 0000000176e40000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey                                                                                                                                               00000000770dfa28 5 bytes JMP 0000000176820000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey                                                                                                                                     00000000770dfa40 5 bytes JMP 00000001768c0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey                                                                                                                                              00000000770dfa90 5 bytes JMP 00000001767e0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey                                                                                                                                         00000000770dfaa8 5 bytes JMP 0000000176620000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationProcess                                                                                                                               00000000770dfad8 5 bytes JMP 00000001764a0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey                                                                                                                                             00000000770dfb40 5 bytes JMP 0000000176940000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                                                                                                                    00000000770dfc38 5 bytes JMP 0000000176e60000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                                                                                                      00000000770dfc50 5 bytes JMP 0000000176c60000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                                                                                                    00000000770dfc80 5 bytes JMP 0000000176c20000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey                                                                                                                                          00000000770dfd4c 5 bytes JMP 00000001768e0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                                                                              00000000770dfd64 5 bytes JMP 00000001770b0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile                                                                                                                                    00000000770dfd98 5 bytes JMP 0000000176b80000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                                                           00000000770dfdc8 5 bytes JMP 0000000176de0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtFsControlFile                                                                                                                                         00000000770dfdf8 5 bytes JMP 00000001769e0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                                                                                       00000000770dfe44 5 bytes JMP 0000000176c00000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile                                                                                                                                   00000000770dfe5c 5 bytes JMP 0000000176da0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtQueryVolumeInformationFile                                                                                                                            00000000770dff8c 2 bytes JMP 0000000176bc0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtQueryVolumeInformationFile + 3                                                                                                                        00000000770dff8f 2 bytes [AE, FF]
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                                                         00000000770dffa4 2 bytes JMP 0000000176e00000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 3                                                                                                                                     00000000770dffa7 2 bytes [D2, FF]
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtFlushBuffersFile                                                                                                                                      00000000770dffbc 2 bytes JMP 0000000176b20000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtFlushBuffersFile + 3                                                                                                                                  00000000770dffbf 2 bytes [A4, FF]
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtQuerySection                                                                                                                                          00000000770e0050 5 bytes JMP 0000000176c40000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                                                            00000000770e00b4 5 bytes JMP 0000000177090000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtWaitForMultipleObjects                                                                                                                                00000000770e0148 5 bytes JMP 0000000176980000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                                                                           00000000770e01c4 5 bytes JMP 0000000176580000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtAccessCheck                                                                                                                                           00000000770e0228 5 bytes JMP 0000000176460000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile                                                                                                                                            00000000770e09e4 5 bytes JMP 0000000176e80000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey                                                                                                                                             00000000770e09fc 5 bytes JMP 0000000176920000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                                                                                                                        00000000770e0a44 5 bytes JMP 0000000176900000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtExtendSection                                                                                                                                         00000000770e0b1c 5 bytes JMP 0000000176960000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey                                                                                                                                              00000000770e0b80 5 bytes JMP 00000001768a0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtFlushVirtualMemory                                                                                                                                    00000000770e0bb4 5 bytes JMP 0000000176dc0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtLoadKey                                                                                                                                               00000000770e0e0c 5 bytes JMP 0000000176880000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtLoadKey2                                                                                                                                              00000000770e0e24 5 bytes JMP 0000000176860000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtLockFile                                                                                                                                              00000000770e0e54 5 bytes JMP 0000000176b60000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeDirectoryFile                                                                                                                             00000000770e0f58 5 bytes JMP 00000001769c0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey                                                                                                                                       00000000770e0f70 5 bytes JMP 0000000176840000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx                                                                                                                                             00000000770e1018 5 bytes JMP 0000000176800000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile                                                                                                                               00000000770e133c 5 bytes JMP 0000000176be0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey                                                                                                                                 00000000770e147c 5 bytes JMP 0000000176640000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject                                                                                                                                   00000000770e1528 5 bytes JMP 0000000176480000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey                                                                                                                                             00000000770e1718 5 bytes JMP 0000000176540000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtReplaceKey                                                                                                                                            00000000770e1748 5 bytes JMP 0000000176600000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtRestoreKey                                                                                                                                            00000000770e17e0 5 bytes JMP 00000001765e0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtSaveKey                                                                                                                                               00000000770e1874 5 bytes JMP 00000001765c0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey                                                                                                                                     00000000770e1a58 5 bytes JMP 00000001765a0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject                                                                                                                                     00000000770e1b9c 5 bytes JMP 0000000176d80000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtSetVolumeInformationFile                                                                                                                              00000000770e1c9c 5 bytes JMP 0000000176ba0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtUnloadKey                                                                                                                                             00000000770e1e70 5 bytes JMP 0000000176560000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtUnlockFile                                                                                                                                            00000000770e1eb8 5 bytes JMP 0000000176b40000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!RtlQueryInformationActivationContext                                                                                                                    00000000770fba2c 5 bytes JMP 0000000176500000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                                                                              00000000770fc4dd 5 bytes JMP 00000001764e0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                                                                            0000000077101287 5 bytes JMP 00000001764c0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                                                       00000000751c103d 5 bytes JMP 0000000174ed0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                                                       00000000751c1072 5 bytes JMP 0000000174fe0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\syswow64\kernel32.dll!CreateActCtxW                                                                                                                                        00000000751c920f 5 bytes JMP 0000000175000000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\syswow64\kernel32.dll!WinExec                                                                                                                                              0000000075242ff1 5 bytes JMP 0000000174eb0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                                                                                                                                 0000000074a8c532 5 bytes JMP 0000000174a70000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\syswow64\ADVAPI32.dll!EncryptFileW                                                                                                                                         0000000074ac28f8 5 bytes JMP 0000000174a50000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\syswow64\ADVAPI32.dll!DecryptFileW                                                                                                                                         0000000074ac2947 5 bytes JMP 0000000174a30000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\syswow64\ole32.dll!CoRegisterClassObject                                                                                                                                   00000000758c21e1 5 bytes JMP 00000001758a0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\syswow64\ole32.dll!CoGetClassObject                                                                                                                                        00000000758e54ad 5 bytes JMP 0000000175800000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                                                                                        00000000758f9d0b 5 bytes JMP 0000000175840000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx                                                                                                                                      00000000758f9d4e 5 bytes JMP 0000000175820000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\syswow64\ole32.dll!CoRevokeClassObject                                                                                                                                     000000007593eacf 5 bytes JMP 0000000175880000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\syswow64\ole32.dll!CoFreeUnusedLibraries                                                                                                                                   0000000075940cc2 5 bytes JMP 0000000175860000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\syswow64\ole32.dll!CoRegisterSurrogate                                                                                                                                     00000000759909bf 5 bytes JMP 00000001757e0000
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                               0000000074c51465 2 bytes [C5, 74]
.text     C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[2564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                              0000000074c514bb 2 bytes [C5, 74]
.text     ...                                                                                                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Steam\Steam.exe[1416] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                                                                                                                 0000000074c51465 2 bytes [C5, 74]
.text     C:\Program Files (x86)\Steam\Steam.exe[1416] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                                                                                                                0000000074c514bb 2 bytes [C5, 74]
.text     ...                                                                                                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2388] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint                                                                                                                           00000000770d000c 1 byte [C3]
.text     C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2388] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin                                                                                                                      000000007715f8ea 5 bytes JMP 000000017710d5c1
.text     C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[3288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                              0000000074c51465 2 bytes [C5, 74]
.text     C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[3288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                             0000000074c514bb 2 bytes [C5, 74]
.text     ...                                                                                                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                    0000000074c51465 2 bytes [C5, 74]
.text     C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                   0000000074c514bb 2 bytes [C5, 74]
.text     ...                                                                                                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3496] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                                                                                             0000000074c51465 2 bytes [C5, 74]
.text     C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3496] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                                                                                            0000000074c514bb 2 bytes [C5, 74]
.text     ...                                                                                                                                                                                                                                                  * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe [2188:2664]                                                                                                                                                                                 0000000001deca30
Thread    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe [2188:2676]                                                                                                                                                                                 0000000001dec3c0
Thread    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe [2188:2692]                                                                                                                                                                                 0000000001dec3c0
Thread    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe [2188:1764]                                                                                                                                                                                 0000000001dec3c0
Thread    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe [2188:2700]                                                                                                                                                                                 0000000001dec3c0
Thread    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe [2188:2732]                                                                                                                                                                                 0000000001dec3c0
Thread    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe [2188:2832]                                                                                                                                                                                 0000000001dec3c0
Thread    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe [2188:2752]                                                                                                                                                                                 0000000001dec3c0
Thread    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe [2188:2816]                                                                                                                                                                                 0000000001dec3c0
Thread    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe [2564:3516]                                                                                                                                                                                 0000000001deca30
Thread    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe [2564:3520]                                                                                                                                                                                 0000000001dec3c0
Thread    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe [2564:3524]                                                                                                                                                                                 0000000001dec3c0
Thread    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe [2564:3528]                                                                                                                                                                                 0000000001dec3c0
Thread    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe [2564:3532]                                                                                                                                                                                 0000000001dec3c0
Thread    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe [2564:3536]                                                                                                                                                                                 0000000001dec3c0
Thread    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe [2564:3540]                                                                                                                                                                                 0000000001dec3c0
Thread    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe [2564:3544]                                                                                                                                                                                 0000000001dec3c0
Thread    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe [2564:3548]                                                                                                                                                                                 0000000001dec3c0
---- Processes - GMER 2.1 ----

Process   C:\Users\Stefan Möller\AppData\Roaming\Realtek\Audio\RtHDVCpl.exe (*** suspicious ***) @ C:\Users\Stefan Möller\AppData\Roaming\Realtek\Audio\RtHDVCpl.exe [2984] (Microsoft® Windows® Operating System/Microsoft Corporation)(2014-10-09 16:39:51)  0000000001230000
Library   C:\Users\Stefan Möller\AppData\Roaming\Realtek\Audio\RtHDVCpl.exe (*** suspicious ***) @ C:\Users\Stefan Möller\AppData\Roaming\Realtek\Audio\RtHDVCpl.exe [2984] (Microsoft® Windows® Operating System/Microsoft Corporation)(2014-10-09 16:39:51)  0000000000400000
Library   :\{9019ACD6-BC11-4308-8C49-92E0601DF38D}\temp\2188\bxsdk32.dll (*** suspicious ***) @ C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe [2188]                                                                                               0000000010000000
Library   C:\Windows\Microsoft.NET\Framework\v2.0.50727\libcurl-4.dll (*** suspicious ***) @ C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe [2188]                                                                                                   0000000070800000
Library   C:\Windows\Microsoft.NET\Framework\v2.0.50727\zlib1.dll (*** suspicious ***) @ C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe [2188]                                                                                                       0000000062e80000
Library   C:\Windows\Microsoft.NET\Framework\v2.0.50727\pthreadGC2.dll (*** suspicious ***) @ C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe [2188]                                                                                                  0000000062480000
Library   :\{9019ACD6-BC11-4308-8C49-92E0601DF38D}\temp\2564\bxsdk32.dll (*** suspicious ***) @ C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe [2564]                                                                                               0000000010000000
Library   C:\Windows\Microsoft.NET\Framework\v2.0.50727\libcurl-4.dll (*** suspicious ***) @ C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe [2564]                                                                                                   0000000070800000
Library   C:\Windows\Microsoft.NET\Framework\v2.0.50727\zlib1.dll (*** suspicious ***) @ C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe [2564]                                                                                                       0000000062e80000
Library   C:\Windows\Microsoft.NET\Framework\v2.0.50727\pthreadGC2.dll (*** suspicious ***) @ C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe [2564]                                                                                                  0000000062480000

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot@OfficeODC                                                                                                                                                                     ????????????????????????????????????????????????????????????rdpwd???? ???w???????????P??????os???????????????????????????s??s??????????????????s??????N???????????D??????????????????????????????????????????????????????????????/??LegacyDriver?E??????????? ???????i?????ft???????S??????????????????????????????????????????????????????????????????????? ????s?????sen??Microsoft???Microsoft????}?<?}???????????????????????????????????????~???6??????????gdi32.dll???????????? ????????????????????????????*?????????????????????????????????s???netfxcustomperfcounters.1.0?SharedPerfIPCBlock?Cor_Private_IPCBlock?Cor_Public_IPCBlock_?????????????????????????/??? ?????????????????????????????????? ???????????? ?????????????????????,????????,?????????s?????????????????????advapi32.dll????????????????????COMDLG32.dll??????,?????????????????%SystemRoot%\system32?????,?????????????????%SystemRoot%\syswow64???????????? ??????????????????2???????????????????IERTUTIL.dll????????????? ??????????IMAGEHLP.dll????????????????2??????????
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                                                                                                                     
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                                                                                  C:\Program Files (x86)\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                                                                                  0xD4 0xC3 0x97 0x02 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                                                                                  0
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                                                                               0x04 0x72 0x15 0xE8 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                                                                                                                            
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                                                                                                         0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                                                                                                      0x9E 0xDE 0xEF 0x64 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                                                                                                                       
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                                                                                                 0x34 0xB4 0x89 0xC0 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                                                                                                                                                       
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                                                                                                                                 0xA7 0x97 0xFA 0x17 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2                                                                                                                                                       
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                                                                                                                                                 0x1E 0x86 0x96 0xAE ...
Reg       HKLM\SYSTEM\ControlSet002\Control\BackupRestore\FilesNotToSnapshot@OfficeODC                                                                                                                                                                         ?????????????????????????????????????????????????f??Of??????Fi???????&????????0?4?(?? d?????????????????{00000000-0000-0000-0000-000000000000}??????????????????????VolumeSnapshot?0?0??????????????????????????disk_install????{8ECC055D-047F-11D1-A537-0000F8753ED1}????????????????????????N???????????D??????????????o??me???????????b???????m??WPD??????????????????s???a??{66ab4164-9472-555d-929d-a4ee336ac12b}?tor??????????????????????????????????????????????????????????? ???????l?????004??UmBus_Device????{8ECC055D-047F-11D1-A537-0000F8753ED1}?dow???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????~??????????????6-21-2006??????????????????d?????????????d?????????????ett??????????????????????? ????????????????????????????r?????????????USB\Class_03&SubClass_01&Prot_02?USB\Class_03&SubClass_01?USB\Class_03??????6.1.7600.16385?g?r???????????????f???????????????????????????????f????????????????????????N??????U?????????????????????????????????????????
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                                                                                                                 
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                                                                                      C:\Program Files (x86)\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                                                                                      0xD4 0xC3 0x97 0x02 ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                                                                                      0
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                                                                                   0x04 0x72 0x15 0xE8 ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                                                                                                                        
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                                                                                                             0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                                                                                                          0x9E 0xDE 0xEF 0x64 ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                                                                                                                   
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                                                                                                     0x34 0xB4 0x89 0xC0 ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)                                                                                                                                   
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                                                                                                                                     0xA7 0x97 0xFA 0x17 ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)                                                                                                                                   
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                                                                                                                                                     0x1E 0x86 0x96 0xAE ...
Reg       HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Stefan M\xf7ller\Desktop\ComboFix.exe                                                                                                    1

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                                                                                                                                                unknown MBR code

---- EOF - GMER 2.1 ----
         
FRST

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014
Ran by S M (administrator) on SM-PC on 16-11-2014 09:09:30
Running from C:\Users\S M\Desktop
Loaded Profile: S M (Available profiles: S M & Internet)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
(Microsoft Corporation) C:\Users\Stefan Möller\AppData\Roaming\Realtek\Audio\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-12-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-26567397-2684912437-3830085727-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG)
HKU\S-1-5-21-26567397-2684912437-3830085727-1000\...\Run: [Xpadder] => C:\Users\Stefan Möller\Downloads\Xpadder.exe [1009664 2013-07-07] ()
HKU\S-1-5-21-26567397-2684912437-3830085727-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1940160 2014-11-12] (Valve Corporation)
HKU\S-1-5-21-26567397-2684912437-3830085727-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)
HKU\S-1-5-21-26567397-2684912437-3830085727-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-26567397-2684912437-3830085727-1000\...\Winlogon: [Shell] C:\Users\Stefan Möller\AppData\Roaming\Realtek\Audio\RtHDVCpl.exe [354304 2014-11-14] (Microsoft Corporation) <==== ATTENTION 
IFEO\AvastSvc.exe: [Debugger] nqij.exe
IFEO\AvastUI.exe: [Debugger] nqij.exe
IFEO\avcenter.exe: [Debugger] nqij.exe
IFEO\avconfig.exe: [Debugger] nqij.exe
IFEO\avgcsrvx.exe: [Debugger] nqij.exe
IFEO\avgidsagent.exe: [Debugger] nqij.exe
IFEO\avgnt.exe: [Debugger] nqij.exe
IFEO\avgrsx.exe: [Debugger] nqij.exe
IFEO\avguard.exe: [Debugger] nqij.exe
IFEO\avgui.exe: [Debugger] nqij.exe
IFEO\avgwdsvc.exe: [Debugger] nqij.exe
IFEO\avp.exe: [Debugger] nqij.exe
IFEO\avscan.exe: [Debugger] nqij.exe
IFEO\bdagent.exe: [Debugger] nqij.exe
IFEO\blindman.exe: [Debugger] nqij.exe
IFEO\ccuac.exe: [Debugger] nqij.exe
IFEO\ComboFix.exe: [Debugger] nqij.exe
IFEO\egui.exe: [Debugger] nqij.exe
IFEO\hijackthis.exe: [Debugger] nqij.exe
IFEO\instup.exe: [Debugger] nqij.exe
IFEO\keyscrambler.exe: [Debugger] nqij.exe
IFEO\mbam.exe: [Debugger] nqij.exe
IFEO\mbamgui.exe: [Debugger] nqij.exe
IFEO\mbampt.exe: [Debugger] nqij.exe
IFEO\mbamscheduler.exe: [Debugger] nqij.exe
IFEO\mbamservice.exe: [Debugger] nqij.exe
IFEO\MpCmdRun.exe: [Debugger] nqij.exe
IFEO\MSASCui.exe: [Debugger] nqij.exe
IFEO\MsMpEng.exe: [Debugger] nqij.exe
IFEO\msseces.exe: [Debugger] nqij.exe
IFEO\NisSrv.exe: [Debugger] nqij.exe
IFEO\rstrui.exe: [Debugger] nqij.exe
IFEO\SDFiles.exe: [Debugger] nqij.exe
IFEO\SDMain.exe: [Debugger] nqij.exe
IFEO\SDWinSec.exe: [Debugger] nqij.exe
IFEO\spybotsd.exe: [Debugger] nqij.exe
IFEO\wireshark.exe: [Debugger] nqij.exe
IFEO\zlclient.exe: [Debugger] nqij.exe
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-26567397-2684912437-3830085727-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {F097D89E-E315-4C3F-9760-15AA4E34C76E} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Handler: haufereader - No CLSID Value
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Stefan Möller\AppData\Roaming\Mozilla\Firefox\Profiles\iepy89s1.default
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-26567397-2684912437-3830085727-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Stefan Möller\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-26567397-2684912437-3830085727-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\Stefan Möller\AppData\Roaming\Mozilla\Firefox\Profiles\iepy89s1.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: NoScript - C:\Users\Stefan Möller\AppData\Roaming\Mozilla\Firefox\Profiles\iepy89s1.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-03-25]
FF Extension: Adblock Plus - C:\Users\Stefan Möller\AppData\Roaming\Mozilla\Firefox\Profiles\iepy89s1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-18]

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Lexware_Datenbank_Plus; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2011-06-29] (iAnywhere Solutions, Inc.)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
S4 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-05-16] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-11-10] (DT Soft Ltd)
S3 IAMTVE; C:\Windows\system32\DRIVERS\IAMTVE.sys [43416 2007-04-11] (Intel Corporation)
S3 IAMTXPE; C:\Windows\system32\DRIVERS\IAMTXPE.sys [51096 2007-04-11] (Intel Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-05-16] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-05-13] (Duplex Secure Ltd.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-16 09:09 - 2014-11-16 09:09 - 00015873 _____ () C:\Users\Stefan Möller\Desktop\FRST.txt
2014-11-16 09:09 - 2014-11-16 09:09 - 00000000 ____D () C:\FRST
2014-11-16 09:06 - 2014-11-16 09:07 - 00000540 _____ () C:\Users\Stefan Möller\Desktop\defogger_disable.log
2014-11-16 09:06 - 2014-11-16 09:06 - 00000188 _____ () C:\Users\Stefan Möller\defogger_reenable
2014-11-16 09:04 - 2014-11-16 09:04 - 00380416 _____ () C:\Users\Stefan Möller\Desktop\cesj47z0.exe
2014-11-16 09:03 - 2014-11-16 09:03 - 02116608 _____ (Farbar) C:\Users\Stefan Möller\Desktop\FRST64.exe
2014-11-16 09:02 - 2014-11-16 09:02 - 00050477 _____ () C:\Users\Stefan Möller\Desktop\Defogger.exe
2014-11-16 08:11 - 2014-11-16 08:13 - 00000000 ____D () C:\9d7e071c4c1227e05ff695065779
2014-11-16 08:10 - 2014-11-16 08:11 - 14107296 _____ (Microsoft Corporation) C:\Users\Stefan Möller\Downloads\mseinstall(4).exe
2014-11-16 08:08 - 2014-11-16 08:08 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Stefan Möller\Downloads\mbam-clean-2.1.1.1001.exe
2014-11-16 07:51 - 2014-11-16 07:51 - 14107296 _____ (Microsoft Corporation) C:\Users\Stefan Möller\Downloads\mseinstall(3).exe
2014-11-16 07:36 - 2014-11-16 07:36 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Stefan Möller\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-16 07:27 - 2014-11-16 07:27 - 14107296 _____ (Microsoft Corporation) C:\Users\Stefan Möller\Downloads\mseinstall(2).exe
2014-11-15 10:26 - 2014-11-15 10:27 - 00000000 __SHD () C:\ProgramData\Realtek Audio
2014-11-14 09:06 - 2014-11-14 09:06 - 00000000 ____D () C:\Users\Stefan Möller\Desktop\Xpadder v2014 01 Multilingual - BRD
2014-11-14 09:05 - 2014-11-16 09:12 - 00054188 _____ () C:\Users\Stefan Möller\AppData\Roaming\msconfig.ini
2014-11-14 09:05 - 2014-11-14 09:05 - 00000000 __SHD () C:\Windows\SysWOW64\Realtek Audio
2014-11-13 13:37 - 2014-11-13 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-11-13 13:30 - 2014-11-13 13:30 - 00001849 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-11-13 13:30 - 2014-11-13 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-13 13:30 - 2014-11-13 13:30 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-13 07:44 - 2014-11-13 07:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-13 07:38 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-13 07:38 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-13 07:38 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-13 07:38 - 2014-10-27 21:32 - 17870336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 07:38 - 2014-10-27 21:13 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 07:38 - 2014-10-27 21:12 - 10921472 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 07:38 - 2014-10-27 21:07 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 07:38 - 2014-10-27 21:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 07:38 - 2014-10-27 21:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 07:38 - 2014-10-27 21:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-13 07:38 - 2014-10-27 21:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 07:38 - 2014-10-27 21:04 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 07:38 - 2014-10-27 21:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-13 07:38 - 2014-10-27 21:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 07:38 - 2014-10-27 21:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 07:38 - 2014-10-27 21:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 07:38 - 2014-10-27 21:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 07:38 - 2014-10-27 21:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 07:38 - 2014-10-27 21:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 07:38 - 2014-10-27 21:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 07:38 - 2014-10-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 07:38 - 2014-10-27 21:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-13 07:38 - 2014-10-27 21:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-13 07:38 - 2014-10-27 21:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-13 07:38 - 2014-10-27 20:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 07:38 - 2014-10-27 20:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 07:38 - 2014-10-27 20:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 07:38 - 2014-10-27 19:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 07:38 - 2014-10-27 19:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 07:38 - 2014-10-27 19:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 07:38 - 2014-10-27 19:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-13 07:38 - 2014-10-27 19:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 07:38 - 2014-10-27 19:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 07:38 - 2014-10-27 19:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-13 07:38 - 2014-10-27 19:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 07:38 - 2014-10-27 19:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 07:38 - 2014-10-27 19:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 07:38 - 2014-10-27 19:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 07:38 - 2014-10-27 19:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 07:38 - 2014-10-27 19:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 07:38 - 2014-10-27 19:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 07:38 - 2014-10-27 19:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-13 07:38 - 2014-10-27 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-13 07:38 - 2014-10-27 19:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-13 07:38 - 2014-10-27 19:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 07:38 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 07:38 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 07:38 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 07:38 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 07:38 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 07:38 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 07:38 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-13 07:38 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 07:38 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 07:38 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 07:38 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 07:38 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 07:38 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 07:38 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 07:38 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-13 07:37 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 07:37 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 07:37 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 07:37 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 07:37 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 07:37 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 07:37 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 07:37 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 07:37 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 07:37 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 07:37 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 07:37 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 07:37 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 07:37 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 07:37 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 07:37 - 2014-09-19 10:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-13 07:37 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 07:37 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 07:37 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 07:37 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 07:37 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 07:37 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 07:37 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-13 07:37 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 07:37 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 07:37 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 07:37 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-13 07:37 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 07:37 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-30 20:17 - 2014-10-30 20:17 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-30 20:17 - 2014-10-30 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-30 20:17 - 2014-10-30 20:17 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-30 20:17 - 2014-10-30 20:17 - 00000000 ____D () C:\Program Files\iTunes
2014-10-30 20:17 - 2014-10-30 20:17 - 00000000 ____D () C:\Program Files\iPod
2014-10-30 20:17 - 2014-10-30 20:17 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-25 11:10 - 2014-10-25 11:11 - 00000000 ____D () C:\Users\Stefan Möller\AppData\Local\{5E073B6A-9506-412A-84AA-9A87D7E5A3D8}
2014-10-25 11:04 - 2014-10-25 11:04 - 00000000 ____D () C:\Users\Stefan Möller\restore
2014-10-25 10:59 - 2014-10-25 10:59 - 00000994 _____ () C:\Users\Public\Desktop\Pixum Fotobuch.lnk
2014-10-25 10:59 - 2014-10-25 10:59 - 00000969 _____ () C:\Users\Public\Desktop\Fotoschau.lnk
2014-10-25 10:59 - 2014-10-25 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixum Fotobuch
2014-10-25 10:56 - 2014-10-25 10:56 - 00000000 ____D () C:\Program Files\Pixum
2014-10-25 10:55 - 2014-10-25 10:55 - 01631072 _____ () C:\Users\Stefan Möller\Downloads\setup_Pixum_Fotobuch.exe
2014-10-23 12:01 - 2014-10-25 11:15 - 00000000 ____D () C:\Users\Stefan Möller\Desktop\Fotos Mama
2014-10-23 08:48 - 2014-10-23 08:48 - 00770048 _____ () C:\Users\Stefan Möller\Documents\image.jpeg
2014-10-23 08:47 - 2014-10-23 08:47 - 00000000 ____D () C:\Users\Stefan Möller\AppData\Local\{05EE08F2-9514-40C8-8B37-FA80196225FE}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-16 09:06 - 2011-05-13 11:42 - 00000000 ____D () C:\Users\Stefan Möller
2014-11-16 09:03 - 2011-05-21 18:31 - 00000000 ____D () C:\Users\Stefan Möller\Documents\Outlook-Dateien
2014-11-16 08:17 - 2009-07-14 05:45 - 00018704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-16 08:17 - 2009-07-14 05:45 - 00018704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-16 08:15 - 2011-05-13 11:39 - 02046938 _____ () C:\Windows\WindowsUpdate.log
2014-11-16 08:13 - 2011-05-22 09:47 - 00002115 _____ () C:\Windows\epplauncher.mif
2014-11-16 08:09 - 2011-06-28 14:40 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-16 08:09 - 2010-11-29 14:52 - 00352048 _____ () C:\Windows\PFRO.log
2014-11-16 08:09 - 2009-07-14 05:51 - 00250738 _____ () C:\Windows\setupact.log
2014-11-14 21:39 - 2012-10-16 18:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-14 20:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 19:21 - 2011-08-14 06:05 - 00000000 ____D () C:\Users\Stefan Möller\AppData\Roaming\vlc
2014-11-14 12:24 - 2011-05-13 12:05 - 00000000 ____D () C:\Users\Stefan Möller\AppData\Roaming\UseNeXT
2014-11-14 12:23 - 2011-05-13 12:05 - 00000000 ___RD () C:\Users\Stefan Möller\Documents\UseNeXT
2014-11-14 09:06 - 2014-10-09 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xpadder
2014-11-14 09:06 - 2014-10-09 17:39 - 00000000 ____D () C:\Program Files (x86)\Xpadder
2014-11-14 09:05 - 2013-07-12 22:20 - 00001778 _____ () C:\Users\Stefan Möller\Desktop\Xpadder.ini
2014-11-14 08:57 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-14 08:57 - 2009-07-14 05:45 - 00449640 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 08:54 - 2014-05-06 22:15 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-14 01:59 - 2013-08-14 22:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-14 01:56 - 2010-11-26 18:57 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 16:22 - 2011-06-06 17:41 - 00000000 ____D () C:\Users\Stefan Möller\Desktop\Britta Carstensen (Dipl. Juristin)
2014-11-13 08:50 - 2012-05-03 17:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-12 13:39 - 2012-10-16 18:04 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 13:39 - 2012-04-09 09:09 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 13:39 - 2011-05-27 18:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-10 21:12 - 2011-06-27 20:27 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-11-10 21:10 - 2010-11-25 17:28 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-11-10 21:10 - 2010-11-25 17:28 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-11-10 21:10 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-08 05:51 - 2011-05-13 13:52 - 00000000 ____D () C:\Users\Stefan Möller\AppData\Local\Adobe
2014-10-30 20:17 - 2014-09-18 12:51 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-30 20:17 - 2014-04-17 07:42 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-30 12:25 - 2010-11-26 18:22 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-25 12:12 - 2013-08-02 12:25 - 00000000 ____D () C:\ProgramData\tmp
2014-10-25 10:59 - 2013-08-02 12:25 - 00000000 ____D () C:\ProgramData\hps
2014-10-22 18:19 - 2011-11-04 09:40 - 02315776 ___SH () C:\Users\Stefan Möller\Desktop\Thumbs.db
2014-10-21 09:31 - 2013-06-14 18:52 - 00000000 ____D () C:\Program Files\Microsoft Office 15

Files to move or delete:
====================
C:\Users\Stefan Möller\Civ5GDF.dll
C:\Users\Stefan Möller\CvGameCoreDLLFinal Release.dll
C:\Users\Stefan Möller\CvGameDatabaseWin32Final Release.dll
C:\Users\Stefan Möller\CvLocalizationWin32Final Release.dll
C:\Users\Stefan Möller\dbghelp.dll
C:\Users\Stefan Möller\libeay32.dll
C:\Users\Stefan Möller\lua51_Win32.dll
C:\Users\Stefan Möller\Mss32.dll
C:\Users\Stefan Möller\mss32midi.dll
C:\Users\Stefan Möller\ssleay32.dll
C:\Users\Stefan Möller\steam_api.dll
C:\Users\Stefan Möller\zlib1.dll
C:\Users\Stefan Möller\AppData\Roaming\msconfig.ini


Some content of TEMP:
====================
C:\Users\Stefan Möller\AppData\Local\Temp\HardwareCheck.exe
C:\Users\Stefan Möller\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Stefan Möller\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\Stefan Möller\AppData\Local\Temp\xmwkwy5e.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2014-11-08 18:48

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Geändert von BlueBall (16.11.2014 um 10:32 Uhr)

Alt 16.11.2014, 10:38   #2
BlueBall
 
Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren - Standard

Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren



Additional
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2014
Ran by S M at 2014-11-16 09:14:31
Running from C:\Users\S M\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Able2Extract 8.0 (HKLM-x32\...\{49272E0B-CF97-4BD6-85A0-9B1C59495851}_is1) (Version: 8.0 - Investintech.com Inc.)
ActiveTrader 5.4.0_b7 (HKU\S-1-5-21-26567397-2684912437-3830085727-1000\...\ActiveTrader 5.4.0_b7) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version:  - Ensemble Studios)
Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-26567397-2684912437-3830085727-1000\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.00.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
Anno 2070 (HKLM-x32\...\Steam App 48240) (Version:  - BlueByte / related Design)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3-Plugin (64 bit) (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq2414) (Version:  - )
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
ElsterFormular (HKLM-x32\...\ElsterFormular 13.2.0.8623k) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
ElsterFormular 2008 - 2009 (HKLM-x32\...\ElsterFormular 2008 - 2009 2008-2009) (Version: 2008-2009 - Landesfinanzdirektion Thüringen)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version:  - Square Enix)
FINAL FANTASY VIII (HKLM-x32\...\Steam App 39150) (Version:  - SQUARE ENIX)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Haufe iDesk-Browser (HKLM-x32\...\{0F32914F-A633-4516-B531-7084C8F19F93}) (Version: 10.10.14.0000 - Haufe-Lexware GmbH & Co. KG)
Haufe iDesk-Service (HKLM-x32\...\{1D081AB0-B1CC-11E0-80C0-005056B12123}) (Version: 11.07.19.8023 - Haufe)
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections 15.6.25.0 (HKLM\...\PROSetDX) (Version: 15.6.25.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Lexware buchhalter 2012 (HKLM-x32\...\{0197D136-598D-4968-BEEA-91C1B764F05D}) (Version: 17.02.00.0185 - Haufe-Lexware GmbH & Co.KG)
Lexware Datenbank plus 2012 (HKLM-x32\...\{448DA1AD-D1CA-4967-8EFA-9482F31E7BFD}) (Version: 12.00.00.0116 - Haufe-Lexware GmbH & Co.KG)
Lexware Elster (HKLM-x32\...\{1923679F-C14B-4790-BC54-EFA3FCDE147B}) (Version: 11.00.00.0109 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (HKLM-x32\...\{85BF9FDB-BD5B-407C-9CAE-3542E5164783}) (Version: 4.00.00.0075 - Haufe-Lexware GmbH & Co.KG)
Lexware reisekosten plus 2012 (HKLM-x32\...\{BE672587-331F-42F7-BC38-D59759311C75}) (Version: 12.01.00.0137 - Haufe-Lexware GmbH & Co.KG)
Lexware reisekosten plus 2012 (x32 Version: 12.01.00.0137 - ) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Might & Magic VI (HKLM-x32\...\Steam App 243380) (Version:  - )
Might & Magic X - Legacy  (HKLM-x32\...\Steam App 238750) (Version:  - Ubisoft)
Might and Magic® VI (HKLM-x32\...\Might and Magic® VI) (Version:  - )
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-26567397-2684912437-3830085727-1000\...\MyFreeCodec) (Version:  - )
Nero 7 Ultra Edition (HKLM-x32\...\{98EFD8F0-08DE-48DB-B922-A2EBAB711031}) (Version: 7.03.1151 - Nero AG)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
PDF24 Creator 6.0.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Pixum Fotobuch (HKLM-x32\...\Pixum Fotobuch) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
QuickSteuer Deluxe 2009 (HKLM-x32\...\{89863727-B08E-401F-995B-14398B28DE3D}) (Version: 15.00.00.0032 - Lexware)
QuickSteuer Deluxe 2009 (x32 Version: 15.00.00.0032 - Lexware) Hidden
QuickSteuer Deluxe 2010 (HKLM-x32\...\{DEE03A90-C723-4E3D-A661-86651D6F0668}) (Version: 16.14.00.0002 - Haufe-Lexware GmbH & Co. KG)
QuickSteuer Deluxe 2011 (HKLM-x32\...\{6BCC7669-A863-4C24-804B-9C811C102F71}) (Version: 17.08.00.0005 - Haufe-Lexware GmbH & Co.KG)
QuickSteuer Deluxe 2012 (HKLM-x32\...\{E4B7F2AF-AEDA-4DE8-8014-9ADAFF7B4164}) (Version: 18.10.00.0006 - Haufe-Lexware GmbH & Co.KG)
QuickSteuer Deluxe 2013 (HKLM-x32\...\{A733DC44-DC71-447D-AD6C-33B9AB537828}) (Version: 19.07.00.0004 - Haufe-Lexware GmbH & Co.KG)
QuickSteuer Deluxe 2014 (HKLM-x32\...\{F0DDB61B-25D1-4159-8F10-7A5B83B86339}) (Version: 20.04.00.0003 - Haufe-Lexware GmbH & Co.KG)
QuickSteuer DELUXE Wissens-Center 2009 (HKLM-x32\...\{353EA50E-26A0-4ADD-A12A-3FE2E59E5BB3}) (Version: 15.0.1.0 - Haufe Mediengruppe)
QuickSteuer DELUXE Wissens-Center 2012 (HKLM-x32\...\{7E3137DC-4564-4267-A8A3-B4342D5106D6}) (Version: 18.1.0.0 - Haufe-Lexware GmbH & Co. KG)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Rise of Nations: Extended Edition (HKLM-x32\...\Rise of Nations: Extended Edition_is1) (Version:  - Microsoft Studios)
Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden
setup version 1.0 (HKU\S-1-5-21-26567397-2684912437-3830085727-1000\...\{8ACF0A2F-1873-4062-9769-0BD350554888}_is1) (Version: 1.0 - )
Sid Meier's Civilization V (HKLM-x32\...\Civilization V) (Version:  - 2K Games, Inc.)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sid Meier's Civilization V SDK (HKLM-x32\...\Steam App 16830) (Version:  - Firaxis Games)
Sid Meier's Railroads! (HKLM-x32\...\{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}) (Version: 1.10 - Firaxis Games)
Sid Meier's Railroads! (x32 Version: 1.00 - Firaxis Games) Hidden
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steuer Update 15.09 (x32 Version: 15.09 - Lexware) Hidden
Sven Bomwollen (HKLM-x32\...\{8751236B-9BF4-4EA6-B599-6FB9F3A74927}) (Version: 1.00.0000 - )
The Bureau: XCOM Declassified (HKLM-x32\...\Steam App 65930) (Version:  - 2K Marin)
Torchlight (HKLM-x32\...\Steam App 41500) (Version:  - Runic Games)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
Xpadder (HKLM-x32\...\Xpadder) (Version: 2014.07.01 - )
Xpadder (x32 Version: 2014.07.01 - ) Hidden
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version:  - DOSBox Team)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-26567397-2684912437-3830085727-1000_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)

==================== Restore Points  =========================

26-10-2014 11:30:37 Windows Update
30-10-2014 19:12:51 Windows Update
03-11-2014 19:37:26 Windows Update
07-11-2014 17:18:58 Windows Update
10-11-2014 20:16:29 Windows Update
14-11-2014 00:54:19 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2013-03-24 20:44 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04E137E5-B7C2-4B25-AAEB-398B59927E54} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {12C88CAA-7130-49CF-88F7-E815CEA66FE6} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {36DDF43E-108E-4B76-B229-6AE13B323619} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {41E8D58A-DC51-41A5-8A4B-62D6552626D4} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {42B4F76E-4399-4E79-9929-52D4D2BCE0A3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {69FD580A-7E01-4F74-91C5-F55A686AA288} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-10-17] (Apple Inc.)
Task: {A3CB9B47-8CA2-43CC-97D2-B2B6777E8FF6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EE98C660-7664-4103-8989-DDD61950B1C1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2006-12-04 00:26 - 2006-12-04 00:26 - 00022016 _____ () C:\Windows\System32\sugs2l6.dll
2014-03-19 10:36 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-09-25 11:23 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-30 09:30 - 2014-11-11 19:48 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-30 09:30 - 2014-11-11 19:48 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-30 09:30 - 2014-11-11 19:48 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-03-12 17:10 - 2014-11-11 19:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-22 18:40 - 2014-11-12 02:04 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-30 09:30 - 2014-11-11 19:48 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-30 09:30 - 2014-11-11 19:48 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2011-07-13 14:38 - 2014-11-12 02:04 - 00690880 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-09-26 12:20 - 2013-09-26 12:20 - 00176168 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2013-09-26 12:20 - 2013-09-26 12:20 - 00043048 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll
2011-06-28 14:41 - 2014-11-11 19:48 - 34589888 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-10-16 15:46 - 2014-10-16 15:46 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2010-11-29 15:39 - 2010-11-06 08:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-11-13 07:44 - 2014-11-13 07:45 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: PLFlash DeviceIoControl Service => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\startupfolder: C:^Users^Stefan Möller^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^An OneNote senden.lnk => C:\Windows\pss\An OneNote senden.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\Stefan Möller\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: GMX SMS-Manager => C:\Program Files (x86)\GMX\GMX SMS-Manager\SMSMngr.exe
MSCONFIG\startupreg: iehighutil => "C:\Temporary\iehighutil.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-26567397-2684912437-3830085727-500 - Administrator - Disabled)
Gast (S-1-5-21-26567397-2684912437-3830085727-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-26567397-2684912437-3830085727-1002 - Limited - Enabled)
Internet (S-1-5-21-26567397-2684912437-3830085727-1003 - Limited - Enabled) => C:\Users\Internet
Stefan Möller (S-1-5-21-26567397-2684912437-3830085727-1000 - Administrator - Enabled) => C:\Users\Stefan Möller

==================== Faulty Device Manager Devices =============

Name: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter
Description: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8192su
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: sptd
Description: sptd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: sptd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/16/2014 08:15:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AllShareDMS.exe, Version: 2.1.1.0, Zeitstempel: 0x4f507dcf
Name des fehlerhaften Moduls: avformat-52.dll, Version: 0.0.0.0, Zeitstempel: 0x4a9e21ae
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000952c
ID des fehlerhaften Prozesses: 0x15e4
Startzeit der fehlerhaften Anwendung: 0xAllShareDMS.exe0
Pfad der fehlerhaften Anwendung: AllShareDMS.exe1
Pfad des fehlerhaften Moduls: AllShareDMS.exe2
Berichtskennung: AllShareDMS.exe3

Error: (11/16/2014 08:15:18 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AllShareDMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 6494952C
Stack:

Error: (11/16/2014 08:13:24 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: StefanMöller-PC)
Description: HRESULT:0x8004FF81
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x8004FF81.

Error: (11/16/2014 08:12:20 AM) (Source: MsiInstaller) (EventID: 11920) (User: StefanMöller-PC)
Description: Product: Microsoft Security Client -- Error 1920. Service 'Microsoft Antimalware Service' (MsMpSvc) failed to start.  Verify that you have sufficient privileges to start system services.

Error: (11/16/2014 07:53:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AllShareDMS.exe, Version: 2.1.1.0, Zeitstempel: 0x4f507dcf
Name des fehlerhaften Moduls: avformat-52.dll, Version: 0.0.0.0, Zeitstempel: 0x4a9e21ae
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000952c
ID des fehlerhaften Prozesses: 0x984
Startzeit der fehlerhaften Anwendung: 0xAllShareDMS.exe0
Pfad der fehlerhaften Anwendung: AllShareDMS.exe1
Pfad des fehlerhaften Moduls: AllShareDMS.exe2
Berichtskennung: AllShareDMS.exe3

Error: (11/16/2014 07:53:44 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AllShareDMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 6494952C
Stack:

Error: (11/16/2014 07:52:36 AM) (Source: MsiInstaller) (EventID: 11920) (User: StefanMöller-PC)
Description: Product: Microsoft Security Client -- Error 1920. Service 'Microsoft Antimalware Service' (MsMpSvc) failed to start.  Verify that you have sufficient privileges to start system services.

Error: (11/16/2014 07:28:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18517, Zeitstempel: 0x53aa2e07
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000009a629
ID des fehlerhaften Prozesses: 0x7e4
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3

Error: (11/16/2014 07:24:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AllShareDMS.exe, Version: 2.1.1.0, Zeitstempel: 0x4f507dcf
Name des fehlerhaften Moduls: clr.dll, Version: 4.0.30319.18444, Zeitstempel: 0x52717e84
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000eb66
ID des fehlerhaften Prozesses: 0xe2c
Startzeit der fehlerhaften Anwendung: 0xAllShareDMS.exe0
Pfad der fehlerhaften Anwendung: AllShareDMS.exe1
Pfad des fehlerhaften Moduls: AllShareDMS.exe2
Berichtskennung: AllShareDMS.exe3

Error: (11/16/2014 07:24:48 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: AllShareDMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 6C61EB66 (6C610000) with exit code 80131506.


System errors:
=============
Error: (11/16/2014 08:15:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Samsung AllShare PC" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/16/2014 08:12:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Microsoft Antimalware Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/16/2014 08:12:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Microsoft Antimalware Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/16/2014 08:12:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Microsoft Antimalware Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/16/2014 08:12:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Microsoft Antimalware Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/16/2014 08:12:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Microsoft Antimalware Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/16/2014 08:11:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Microsoft Antimalware Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/16/2014 08:11:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Microsoft Antimalware Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/16/2014 08:10:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2140993535

Error: (11/16/2014 08:10:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 
%%-2140993535


Microsoft Office Sessions:
=========================
Error: (11/16/2014 08:15:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AllShareDMS.exe2.1.1.04f507dcfavformat-52.dll0.0.0.04a9e21aec00000050000952c15e401d0016c98f92209C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exeC:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avformat-52.dll533b7f82-6d60-11e4-9eb3-6c626d43bcfb

Error: (11/16/2014 08:15:18 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AllShareDMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 6494952C
Stack:

Error: (11/16/2014 08:13:24 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: StefanMöller-PC)
Description: HRESULT:0x8004FF81
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x8004FF81.

Error: (11/16/2014 08:12:20 AM) (Source: MsiInstaller) (EventID: 11920) (User: StefanMöller-PC)
Description: Product: Microsoft Security Client -- Error 1920. Service 'Microsoft Antimalware Service' (MsMpSvc) failed to start.  Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/16/2014 07:53:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AllShareDMS.exe2.1.1.04f507dcfavformat-52.dll0.0.0.04a9e21aec00000050000952c98401d00169c24f5f86C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exeC:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avformat-52.dll4f7a6a1a-6d5d-11e4-b2e8-6c626d43bcfb

Error: (11/16/2014 07:53:44 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AllShareDMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 6494952C
Stack:

Error: (11/16/2014 07:52:36 AM) (Source: MsiInstaller) (EventID: 11920) (User: StefanMöller-PC)
Description: Product: Microsoft Security Client -- Error 1920. Service 'Microsoft Antimalware Service' (MsMpSvc) failed to start.  Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/16/2014 07:28:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7601.175674d672ee4SHELL32.dll6.1.7601.1851753aa2e07c0000005000000000009a6297e401d001668d0fcb43C:\Windows\explorer.exeC:\Windows\system32\SHELL32.dllcb8cb129-6d59-11e4-a235-6c626d43bcfb

Error: (11/16/2014 07:24:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AllShareDMS.exe2.1.1.04f507dcfclr.dll4.0.30319.1844452717e84c00000050000eb66e2c01d00165e1375174C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll44b162b8-6d59-11e4-a235-6c626d43bcfb

Error: (11/16/2014 07:24:48 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: AllShareDMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 6C61EB66 (6C610000) with exit code 80131506.


CodeIntegrity Errors:
===================================
  Date: 2013-03-24 20:22:53.615
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-24 20:22:53.553
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-24 20:22:53.475
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-24 20:22:53.413
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-24 15:53:49.893
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-24 15:53:49.830
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-06-23 13:00:53.414
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\35446.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-06-23 13:00:53.360
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\35446.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 25%
Total physical RAM: 8173.63 MB
Available physical RAM: 6051.48 MB
Total Pagefile: 16345.45 MB
Available Pagefile: 13746.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:1366.17 GB) (Free:847.74 GB) NTFS
Drive d: (Recover) (Fixed) (Total:30 GB) (Free:9.3 GB) NTFS
Drive f: (Rise of Nations: Extended Editio) (CDROM) (Total:2.09 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1397.3 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1366.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================
         
Defogger Disable
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:07 on 16/11/2014 (S M)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-
         
__________________


Alt 16.11.2014, 18:09   #3
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren - Standard

Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren





Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.



Los geht's:

Bitte alle Online Passwörter (Bank, Email, paypal etc.) von einem anderen PC aus ändern - diesen bis zum clean nicht für sensible Logins verwenden.

Schritt 1

Download: Emsisoft MBR Master
  • Bitte auf dem Desktop abspeichern.
  • Starte die mbrmastr.exe und drücke auf und speichere die Datei als unknown.mbr auf den Desktop.
  • Schließe dann das Programm wieder.
  • Packe die erstellte unknown.mbr in ein zip-Archiv (Rechtsklick -> Senden an -> Zip-komprimierten Ordner) und hänge die Datei hier an.
  • Auf dem Desktop wird ebenfalls eine Textdatei MBRMastr_<date>_<time>.txt erstellt. Poste deren Inhalt bitte hier.

Schritt 2
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.


Schritt 3

Bitte lasse die Datei aus der Code-Box bei
überprüfen.
  • Klicke auf Wählen Sie eine
  • Kopiere nun folgendes in die Suchleiste
    Code:
    ATTFilter
    C:\Users\Stefan Möller\AppData\Roaming\Realtek\Audio\RtHDVCpl.exe
             
  • und klicke auf Öffnen.
  • Klicke auf Scannen!.
  • Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen
    Zitat:
    Diese Datei wurde bereits von VirusTotal analysiert...
    klicke auf Neu analysieren.
  • Warte bis dir das Analysedatum angezeigt wird und der Scan abgeschlossen ist.
  • Kopiere den Link aus deiner Adresszeile und poste ihn hier.
__________________
__________________

Geändert von deeprybka (16.11.2014 um 18:15 Uhr)

Alt 16.11.2014, 18:39   #4
BlueBall
 
Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren - Standard

Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren



Hallo Jürgen!

Vielen Dank für deine Hilfe. Vorab weitere Beobachtungen zu meinem System (der vollständigkeit halber): Geschwindigkeit stark eingeschränkt; Windows Explorer eingeschränkt funktionsfähig

Schritt 1
Code:
ATTFilter
Detected Windows version: 6.1 Build 7601 Service Pack 1
Installing direct disk access driver ...
Driver connection handle: 0x00000114
1 valid drive(s) found.

Details for Disk 0 - ST315005 41AS Rev CC34:
  Device name              : \\.\PhysicalDrive0
  Geometry (C/H/S)         : 182401/255/63
  Boot loader reputation   : Unknown
  Cross view comparison    : Passed
  Partition table integrity: Passed

  Boot loader hashes
    SHA-1                  : 6E9AE3BD5EDC1286A10BBE3FB3550E19D860D691
    MD5                    : 5D949EEA3BEEC2DF38A2D7900AD89A60
         
Schritt 2 (kein Fund)

Code:
ATTFilter
19:20:32.0179 0x0388  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
19:20:37.0821 0x0388  ============================================================
19:20:37.0821 0x0388  Current date / time: 2014/11/16 19:20:37.0821
19:20:37.0821 0x0388  SystemInfo:
19:20:37.0821 0x0388  
19:20:37.0821 0x0388  OS Version: 6.1.7601 ServicePack: 1.0
19:20:37.0821 0x0388  Product type: Workstation
19:20:37.0821 0x0388  ComputerName: STEFANMÖLLER-PC
19:20:37.0821 0x0388  UserName: Stefan Möller
19:20:37.0821 0x0388  Windows directory: C:\Windows
19:20:37.0821 0x0388  System windows directory: C:\Windows
19:20:37.0821 0x0388  Running under WOW64
19:20:37.0821 0x0388  Processor architecture: Intel x64
19:20:37.0821 0x0388  Number of processors: 8
19:20:37.0821 0x0388  Page size: 0x1000
19:20:37.0821 0x0388  Boot type: Normal boot
19:20:37.0821 0x0388  ============================================================
19:20:38.0157 0x0388  KLMD registered as C:\Windows\system32\drivers\25614874.sys
19:20:38.0695 0x0388  System UUID: {93A5FB11-9AB5-E647-8B41-EC6AD9C5D239}
19:20:39.0058 0x0388  Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 ( 1397.27 Gb ), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:20:39.0068 0x0388  ============================================================
19:20:39.0068 0x0388  \Device\Harddisk0\DR0:
19:20:39.0068 0x0388  MBR partitions:
19:20:39.0068 0x0388  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:20:39.0068 0x0388  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAAC54800
19:20:39.0068 0x0388  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xAAC87000, BlocksNum 0x3C00000
19:20:39.0068 0x0388  ============================================================
19:20:39.0096 0x0388  C: <-> \Device\Harddisk0\DR0\Partition2
19:20:39.0142 0x0388  D: <-> \Device\Harddisk0\DR0\Partition3
19:20:39.0143 0x0388  ============================================================
19:20:39.0143 0x0388  Initialize success
19:20:39.0143 0x0388  ============================================================
19:21:27.0221 0x052c  ============================================================
19:21:27.0221 0x052c  Scan started
19:21:27.0221 0x052c  Mode: Manual; SigCheck; TDLFS; 
19:21:27.0221 0x052c  ============================================================
19:21:27.0221 0x052c  KSN ping started
19:21:34.0707 0x052c  KSN ping finished: true
19:21:35.0450 0x052c  ================ Scan system memory ========================
19:21:35.0450 0x052c  System memory - ok
19:21:35.0451 0x052c  ================ Scan services =============================
19:21:35.0563 0x052c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:21:35.0630 0x052c  1394ohci - ok
19:21:35.0672 0x052c  [ A3769020F7E8A70FD3E824C050F33306, BAAB18DD28C753EC90E9552BD5FFC316AD8815505A7998BCE51D21448B373D86 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
19:21:35.0690 0x052c  acedrv11 - ok
19:21:35.0715 0x052c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:21:35.0734 0x052c  ACPI - ok
19:21:35.0741 0x052c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:21:35.0789 0x052c  AcpiPmi - ok
19:21:35.0861 0x052c  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:21:35.0870 0x052c  AdobeARMservice - ok
19:21:35.0947 0x052c  [ D51145F6B0CE987850F13A61DAD5E531, 67CB6AB8C42781FA717CBEF81F3C658747E3B7814383056A56EDA99583FDBFD5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:21:35.0962 0x052c  AdobeFlashPlayerUpdateSvc - ok
19:21:35.0995 0x052c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:21:36.0019 0x052c  adp94xx - ok
19:21:36.0047 0x052c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:21:36.0066 0x052c  adpahci - ok
19:21:36.0097 0x052c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:21:36.0111 0x052c  adpu320 - ok
19:21:36.0139 0x052c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:21:36.0176 0x052c  AeLookupSvc - ok
19:21:36.0235 0x052c  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
19:21:36.0269 0x052c  AFD - ok
19:21:36.0305 0x052c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
19:21:36.0315 0x052c  agp440 - ok
19:21:36.0328 0x052c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
19:21:36.0350 0x052c  ALG - ok
19:21:36.0369 0x052c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:21:36.0377 0x052c  aliide - ok
19:21:36.0417 0x052c  [ 4EAAAAB8759644D572522FBCDD196A13, EF1ECE8073B048C2286F639BA76C523B6B267B64447358383C042BD593194350 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:21:36.0451 0x052c  AMD External Events Utility - ok
19:21:36.0474 0x052c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
19:21:36.0483 0x052c  amdide - ok
19:21:36.0506 0x052c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:21:36.0554 0x052c  AmdK8 - ok
19:21:36.0958 0x052c  [ 22A14DF59FB8D0BE918C597988AF4296, 714BD1BB63D732C6D03DFA1C2D81A2E00659C04052E110F0BF1EB74A7CD39B1C ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:21:37.0485 0x052c  amdkmdag - ok
19:21:37.0531 0x052c  [ EE22D3ED6D55A855E709F811CCCA97ED, 179F34CF6E0C2F821EBC0AECF09AAA0867616CCBB5EA6B17891860B27D56AC66 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
19:21:37.0576 0x052c  amdkmdap - ok
19:21:37.0588 0x052c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:21:37.0599 0x052c  AmdPPM - ok
19:21:37.0625 0x052c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:21:37.0637 0x052c  amdsata - ok
19:21:37.0665 0x052c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:21:37.0679 0x052c  amdsbs - ok
19:21:37.0691 0x052c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:21:37.0701 0x052c  amdxata - ok
19:21:37.0728 0x052c  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
19:21:37.0778 0x052c  AppID - ok
19:21:37.0796 0x052c  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:21:37.0839 0x052c  AppIDSvc - ok
19:21:37.0871 0x052c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
19:21:37.0890 0x052c  Appinfo - ok
19:21:38.0000 0x052c  [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:21:38.0009 0x052c  Apple Mobile Device - ok
19:21:38.0047 0x052c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:21:38.0058 0x052c  arc - ok
19:21:38.0080 0x052c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:21:38.0092 0x052c  arcsas - ok
19:21:38.0166 0x052c  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:21:38.0178 0x052c  aspnet_state - ok
19:21:38.0207 0x052c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:21:38.0256 0x052c  AsyncMac - ok
19:21:38.0290 0x052c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:21:38.0299 0x052c  atapi - ok
19:21:38.0365 0x052c  [ 437F55435623D4D54D36197F5AD8B435, CE004F1E3299E39AFD70C8618253901614C0F3DBD594B6F0E1BA294C7B47FAD6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:21:38.0390 0x052c  AtiHDAudioService - ok
19:21:38.0433 0x052c  [ FC0E8778C000291CAF60EB88C011E931, 09BCCA3DE01021AEF76DFB46F01D21BA6FF409E816FA7547E5C3DFBF3A615ED2 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
19:21:38.0450 0x052c  atksgt - ok
19:21:38.0510 0x052c  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:21:38.0544 0x052c  AudioEndpointBuilder - ok
19:21:38.0566 0x052c  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:21:38.0597 0x052c  AudioSrv - ok
19:21:38.0652 0x052c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:21:38.0671 0x052c  AxInstSV - ok
19:21:38.0704 0x052c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
19:21:38.0743 0x052c  b06bdrv - ok
19:21:38.0768 0x052c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:21:38.0787 0x052c  b57nd60a - ok
19:21:38.0806 0x052c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:21:38.0832 0x052c  BDESVC - ok
19:21:38.0852 0x052c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:21:38.0894 0x052c  Beep - ok
19:21:38.0940 0x052c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
19:21:38.0977 0x052c  BFE - ok
19:21:39.0014 0x052c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
19:21:39.0079 0x052c  BITS - ok
19:21:39.0088 0x052c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:21:39.0112 0x052c  blbdrive - ok
19:21:39.0200 0x052c  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:21:39.0221 0x052c  Bonjour Service - ok
19:21:39.0245 0x052c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:21:39.0282 0x052c  bowser - ok
19:21:39.0307 0x052c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:21:39.0344 0x052c  BrFiltLo - ok
19:21:39.0360 0x052c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:21:39.0384 0x052c  BrFiltUp - ok
19:21:39.0422 0x052c  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
19:21:39.0459 0x052c  BridgeMP - ok
19:21:39.0492 0x052c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
19:21:39.0506 0x052c  Browser - ok
19:21:39.0542 0x052c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:21:39.0569 0x052c  Brserid - ok
19:21:39.0601 0x052c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:21:39.0623 0x052c  BrSerWdm - ok
19:21:39.0643 0x052c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:21:39.0667 0x052c  BrUsbMdm - ok
19:21:39.0685 0x052c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:21:39.0701 0x052c  BrUsbSer - ok
19:21:39.0735 0x052c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:21:39.0762 0x052c  BTHMODEM - ok
19:21:39.0798 0x052c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
19:21:39.0847 0x052c  bthserv - ok
19:21:39.0870 0x052c  catchme - ok
19:21:39.0892 0x052c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:21:39.0930 0x052c  cdfs - ok
19:21:39.0952 0x052c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:21:39.0968 0x052c  cdrom - ok
19:21:39.0996 0x052c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:21:40.0044 0x052c  CertPropSvc - ok
19:21:40.0070 0x052c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:21:40.0083 0x052c  circlass - ok
19:21:40.0117 0x052c  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
19:21:40.0136 0x052c  CLFS - ok
19:21:40.0309 0x052c  [ 871EEE78F98D6E31C80FD39433A8FE2F, 67602F597FADA1E7102BC373287A4A78339E057D37FCEAD0B2502F70450EC7CE ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
19:21:40.0372 0x153c  Object required for P2P: [ D51145F6B0CE987850F13A61DAD5E531 ] AdobeFlashPlayerUpdateSvc
19:21:40.0422 0x052c  ClickToRunSvc - ok
19:21:40.0476 0x052c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:21:40.0486 0x052c  clr_optimization_v2.0.50727_32 - ok
19:21:40.0520 0x052c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:21:40.0531 0x052c  clr_optimization_v2.0.50727_64 - ok
19:21:40.0588 0x052c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:21:40.0602 0x052c  clr_optimization_v4.0.30319_32 - ok
19:21:40.0610 0x052c  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:21:40.0623 0x052c  clr_optimization_v4.0.30319_64 - ok
19:21:40.0654 0x052c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:21:40.0664 0x052c  CmBatt - ok
19:21:40.0694 0x052c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:21:40.0702 0x052c  cmdide - ok
19:21:40.0757 0x052c  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
19:21:40.0787 0x052c  CNG - ok
19:21:40.0805 0x052c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:21:40.0814 0x052c  Compbatt - ok
19:21:40.0839 0x052c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:21:40.0868 0x052c  CompositeBus - ok
19:21:40.0886 0x052c  COMSysApp - ok
19:21:40.0898 0x052c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:21:40.0907 0x052c  crcdisk - ok
19:21:40.0948 0x052c  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:21:40.0974 0x052c  CryptSvc - ok
19:21:41.0011 0x052c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:21:41.0077 0x052c  DcomLaunch - ok
19:21:41.0123 0x052c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
19:21:41.0181 0x052c  defragsvc - ok
19:21:41.0211 0x052c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:21:41.0247 0x052c  DfsC - ok
19:21:41.0290 0x052c  [ E428DFFA96FAD07D8CA3C9082563A225, F3D2E94A9FF2CF68CC99A8B42B8DEA5E57D46000D1845DC0908224493480C79F ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
19:21:41.0302 0x052c  dg_ssudbus - ok
19:21:41.0343 0x052c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:21:41.0380 0x052c  Dhcp - ok
19:21:41.0414 0x052c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
19:21:41.0461 0x052c  discache - ok
19:21:41.0494 0x052c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:21:41.0505 0x052c  Disk - ok
19:21:41.0531 0x052c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:21:41.0569 0x052c  Dnscache - ok
19:21:41.0611 0x052c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:21:41.0654 0x052c  dot3svc - ok
19:21:41.0682 0x052c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
19:21:41.0728 0x052c  DPS - ok
19:21:41.0767 0x052c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:21:41.0776 0x052c  drmkaud - ok
19:21:41.0842 0x052c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:21:41.0882 0x052c  DXGKrnl - ok
19:21:41.0926 0x052c  [ 60633132A929C09FE78FAB16541F9E71, C7B60A4AAD8E0D9519D819A417D8A51383BF1DF571E5EF5A98A693DB0A8E0BE7 ] e1cexpress      C:\Windows\system32\DRIVERS\e1c62x64.sys
19:21:41.0942 0x052c  e1cexpress - ok
19:21:41.0972 0x052c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
19:21:42.0025 0x052c  EapHost - ok
19:21:42.0156 0x052c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
19:21:42.0329 0x052c  ebdrv - ok
19:21:42.0353 0x052c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
19:21:42.0376 0x052c  EFS - ok
19:21:42.0447 0x052c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:21:42.0482 0x052c  ehRecvr - ok
19:21:42.0504 0x052c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
19:21:42.0531 0x052c  ehSched - ok
19:21:42.0666 0x052c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:21:42.0691 0x052c  elxstor - ok
19:21:42.0713 0x052c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:21:42.0739 0x052c  ErrDev - ok
19:21:42.0771 0x052c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
19:21:42.0827 0x052c  EventSystem - ok
19:21:42.0862 0x153c  Object send P2P result: true
19:21:42.0862 0x052c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
19:21:42.0904 0x052c  exfat - ok
19:21:42.0921 0x052c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:21:42.0973 0x052c  fastfat - ok
19:21:43.0015 0x052c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
19:21:43.0049 0x052c  Fax - ok
19:21:43.0078 0x052c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:21:43.0088 0x052c  fdc - ok
19:21:43.0103 0x052c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
19:21:43.0138 0x052c  fdPHost - ok
19:21:43.0156 0x052c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:21:43.0191 0x052c  FDResPub - ok
19:21:43.0210 0x052c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:21:43.0220 0x052c  FileInfo - ok
19:21:43.0233 0x052c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:21:43.0268 0x052c  Filetrace - ok
19:21:43.0287 0x052c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:21:43.0297 0x052c  flpydisk - ok
19:21:43.0323 0x052c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:21:43.0340 0x052c  FltMgr - ok
19:21:43.0423 0x052c  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
19:21:43.0502 0x052c  FontCache - ok
19:21:43.0559 0x052c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:21:43.0568 0x052c  FontCache3.0.0.0 - ok
19:21:43.0582 0x052c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:21:43.0592 0x052c  FsDepends - ok
19:21:43.0613 0x052c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:21:43.0622 0x052c  Fs_Rec - ok
19:21:43.0653 0x052c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:21:43.0671 0x052c  fvevol - ok
19:21:43.0694 0x052c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:21:43.0704 0x052c  gagp30kx - ok
19:21:43.0744 0x052c  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:21:43.0751 0x052c  GEARAspiWDM - ok
19:21:43.0795 0x052c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:21:43.0857 0x052c  gpsvc - ok
19:21:43.0879 0x052c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:21:43.0902 0x052c  hcw85cir - ok
19:21:43.0962 0x052c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:21:43.0987 0x052c  HdAudAddService - ok
19:21:44.0017 0x052c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:21:44.0035 0x052c  HDAudBus - ok
19:21:44.0064 0x052c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:21:44.0074 0x052c  HidBatt - ok
19:21:44.0092 0x052c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:21:44.0121 0x052c  HidBth - ok
19:21:44.0150 0x052c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:21:44.0173 0x052c  HidIr - ok
19:21:44.0199 0x052c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
19:21:44.0247 0x052c  hidserv - ok
19:21:44.0292 0x052c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:21:44.0302 0x052c  HidUsb - ok
19:21:44.0322 0x052c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:21:44.0369 0x052c  hkmsvc - ok
19:21:44.0396 0x052c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:21:44.0428 0x052c  HomeGroupListener - ok
19:21:44.0456 0x052c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:21:44.0471 0x052c  HomeGroupProvider - ok
19:21:44.0489 0x052c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:21:44.0500 0x052c  HpSAMD - ok
19:21:44.0546 0x052c  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:21:44.0623 0x052c  HTTP - ok
19:21:44.0645 0x052c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:21:44.0654 0x052c  hwpolicy - ok
19:21:44.0675 0x052c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:21:44.0688 0x052c  i8042prt - ok
19:21:44.0729 0x052c  [ 87A72502C8AC5E89B5A46FF6E874F5C5, A72C8C96BA29B5894A3085CA2ADB6343FEFA79534B334416F8D4751CF8A30008 ] IAMTVE          C:\Windows\system32\DRIVERS\IAMTVE.sys
19:21:44.0737 0x052c  IAMTVE - ok
19:21:44.0768 0x052c  [ 5516F8E518A2F6A8755498F3E73957CF, 55CCE4501B44F756D31BA0E353597F0C9E12FDFF7205B05114A8CF1D7D506365 ] IAMTXPE         C:\Windows\system32\DRIVERS\IAMTXPE.sys
19:21:44.0776 0x052c  IAMTXPE - ok
19:21:44.0811 0x052c  [ D7921D5A870B11CC1ADAB198A519D50A, 5DF99EB5D5504E9D9EB21658E8B4A58DEE2AD143A1875DB7F9B7BF4877FCB57F ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
19:21:44.0830 0x052c  iaStor - ok
19:21:44.0894 0x052c  [ 8FFF9083252C16FE3960173722605E9E, 6546FDA34B9AF94C5E86E5269BBC2F02F1E78D6D4BE5B5EC01F4B284CC934994 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:21:44.0900 0x052c  IAStorDataMgrSvc - ok
19:21:44.0930 0x052c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:21:44.0951 0x052c  iaStorV - ok
19:21:45.0002 0x052c  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:21:45.0020 0x052c  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
19:21:47.0330 0x052c  Detect skipped due to KSN trusted
19:21:47.0330 0x052c  IDriverT - ok
19:21:47.0399 0x052c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:21:47.0435 0x052c  idsvc - ok
19:21:47.0666 0x052c  [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
19:21:47.0967 0x052c  igfx - ok
19:21:47.0996 0x052c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:21:48.0006 0x052c  iirsp - ok
19:21:48.0058 0x052c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
19:21:48.0113 0x052c  IKEEXT - ok
19:21:48.0238 0x052c  [ 589B94A9B73A0E819FF873743A480834, 49FA8EC38F1C78F38F818CC28F2734802739247F0B89A971D65FDAF3110041A8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:21:48.0350 0x052c  IntcAzAudAddService - ok
19:21:48.0392 0x052c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:21:48.0402 0x052c  intelide - ok
19:21:48.0425 0x052c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:21:48.0453 0x052c  intelppm - ok
19:21:48.0494 0x052c  [ 068EC06F3B6DD7B81B365D8FD2CE27E6, EDAD8F5B3F929C7C6200F38B862B2A03F310ADB55A04007DB6FF5F4F698547A4 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
19:21:48.0504 0x052c  Intel® PROSet Monitoring Service - ok
19:21:48.0523 0x052c  [ E45575812630B049CE0F679D87561A4D, 2645B87960DAA51295530ECF5518E5872B17520293068E7DEA064FEAE3884E87 ] ioatdma1        C:\Windows\System32\Drivers\qd162x64.sys
19:21:48.0530 0x052c  ioatdma1 - ok
19:21:48.0554 0x052c  [ 2C23820DD9E81199E60F553EB50BC449, AF3847AD90A79E9D22DC67F4ED52B1D3FAF7C6420D60F2044C1FB49FD338BB70 ] ioatdma2        C:\Windows\System32\Drivers\qd262x64.sys
19:21:48.0562 0x052c  ioatdma2 - ok
19:21:48.0591 0x052c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:21:48.0638 0x052c  IPBusEnum - ok
19:21:48.0672 0x052c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:21:48.0723 0x052c  IpFilterDriver - ok
19:21:48.0810 0x052c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] IpHlpSvc        C:\Windows\System32\iphlpsvc.dll
19:21:48.0848 0x052c  IpHlpSvc - ok
19:21:48.0873 0x052c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:21:48.0900 0x052c  IPMIDRV - ok
19:21:48.0927 0x052c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:21:48.0979 0x052c  IPNAT - ok
19:21:49.0052 0x052c  [ 7FAE5B6CDB18B0B2E81F32869F595022, D873A7EE94749E1700E8F6B8BB7B485AE1B0B83388D63BE06335720498D4794F ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:21:49.0078 0x052c  iPod Service - ok
19:21:49.0094 0x052c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:21:49.0108 0x052c  IRENUM - ok
19:21:49.0131 0x052c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:21:49.0139 0x052c  isapnp - ok
19:21:49.0176 0x052c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:21:49.0193 0x052c  iScsiPrt - ok
19:21:49.0214 0x052c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:21:49.0223 0x052c  kbdclass - ok
19:21:49.0230 0x052c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:21:49.0256 0x052c  kbdhid - ok
19:21:49.0269 0x052c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
19:21:49.0279 0x052c  KeyIso - ok
19:21:49.0307 0x052c  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:21:49.0318 0x052c  KSecDD - ok
19:21:49.0350 0x052c  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:21:49.0363 0x052c  KSecPkg - ok
19:21:49.0379 0x052c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:21:49.0427 0x052c  ksthunk - ok
19:21:49.0469 0x052c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:21:49.0531 0x052c  KtmRm - ok
19:21:49.0577 0x052c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
19:21:49.0640 0x052c  LanmanServer - ok
19:21:49.0678 0x052c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:21:49.0724 0x052c  LanmanWorkstation - ok
19:21:49.0785 0x052c  Lexware_Datenbank_Plus - ok
19:21:49.0818 0x052c  [ 156AB2E56DC3CA0B582E3362E07CDED7, 7B03929273861690DC42E4C686E655BE5A1C60136AE5E739D7E62306AFD4AB9A ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
19:21:49.0826 0x052c  lirsgt - ok
19:21:49.0850 0x052c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:21:49.0886 0x052c  lltdio - ok
19:21:49.0909 0x052c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:21:49.0965 0x052c  lltdsvc - ok
19:21:49.0979 0x052c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:21:50.0026 0x052c  lmhosts - ok
19:21:50.0068 0x052c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:21:50.0080 0x052c  LSI_FC - ok
19:21:50.0099 0x052c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:21:50.0111 0x052c  LSI_SAS - ok
19:21:50.0124 0x052c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:21:50.0135 0x052c  LSI_SAS2 - ok
19:21:50.0164 0x052c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:21:50.0176 0x052c  LSI_SCSI - ok
19:21:50.0205 0x052c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
19:21:50.0260 0x052c  luafv - ok
19:21:50.0297 0x052c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:21:50.0330 0x052c  Mcx2Svc - ok
19:21:50.0363 0x052c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:21:50.0372 0x052c  megasas - ok
19:21:50.0415 0x052c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:21:50.0432 0x052c  MegaSR - ok
19:21:50.0471 0x052c  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
19:21:50.0478 0x052c  MEIx64 - ok
19:21:50.0492 0x052c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
19:21:50.0542 0x052c  MMCSS - ok
19:21:50.0560 0x052c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
19:21:50.0610 0x052c  Modem - ok
19:21:50.0636 0x052c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:21:50.0655 0x052c  monitor - ok
19:21:50.0658 0x052c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:21:50.0667 0x052c  mouclass - ok
19:21:50.0703 0x052c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:21:50.0726 0x052c  mouhid - ok
19:21:50.0756 0x052c  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:21:50.0767 0x052c  mountmgr - ok
19:21:50.0848 0x052c  [ DEA022193DF8C88F6E2B3E33D148A5DB, 97DFC47DB83E04A975A1969AA120385463FCAF4E1A9984FD3220442D7026B45A ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:21:50.0859 0x052c  MozillaMaintenance - ok
19:21:50.0882 0x052c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:21:50.0895 0x052c  mpio - ok
19:21:50.0918 0x052c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:21:50.0956 0x052c  mpsdrv - ok
19:21:51.0022 0x052c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:21:51.0104 0x052c  MpsSvc - ok
19:21:51.0135 0x052c  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:21:51.0159 0x052c  MRxDAV - ok
19:21:51.0194 0x052c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:21:51.0233 0x052c  mrxsmb - ok
19:21:51.0265 0x052c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:21:51.0284 0x052c  mrxsmb10 - ok
19:21:51.0306 0x052c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:21:51.0319 0x052c  mrxsmb20 - ok
19:21:51.0345 0x052c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:21:51.0354 0x052c  msahci - ok
19:21:51.0385 0x052c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:21:51.0397 0x052c  msdsm - ok
19:21:51.0413 0x052c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
19:21:51.0441 0x052c  MSDTC - ok
19:21:51.0467 0x052c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:21:51.0515 0x052c  Msfs - ok
19:21:51.0532 0x052c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:21:51.0583 0x052c  mshidkmdf - ok
19:21:51.0611 0x052c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:21:51.0620 0x052c  msisadrv - ok
19:21:51.0644 0x052c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:21:51.0698 0x052c  MSiSCSI - ok
19:21:51.0700 0x052c  msiserver - ok
19:21:51.0740 0x052c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:21:51.0783 0x052c  MSKSSRV - ok
19:21:51.0799 0x052c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:21:51.0851 0x052c  MSPCLOCK - ok
19:21:51.0867 0x052c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:21:51.0913 0x052c  MSPQM - ok
19:21:51.0942 0x052c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:21:51.0962 0x052c  MsRPC - ok
19:21:51.0984 0x052c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:21:51.0993 0x052c  mssmbios - ok
19:21:51.0998 0x052c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:21:52.0052 0x052c  MSTEE - ok
19:21:52.0070 0x052c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:21:52.0080 0x052c  MTConfig - ok
19:21:52.0089 0x052c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
19:21:52.0099 0x052c  Mup - ok
19:21:52.0126 0x052c  [ 31A4631D77B2357AC9618E2A60021F11, A566AF57D88F37FA033E64B1D8ABBD3FFDACABA260475FBBC8DAB846A824EFF5 ] NAL             C:\Windows\system32\Drivers\iqvw64e.sys
19:21:52.0134 0x052c  NAL - ok
19:21:52.0166 0x052c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
19:21:52.0217 0x052c  napagent - ok
19:21:52.0251 0x052c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:21:52.0283 0x052c  NativeWifiP - ok
19:21:52.0372 0x052c  [ 3BAE2BFCB6D69E19C8373F635DD544DC, A32DB5282ED5AFC1650883B1870E46FDC029EF9225075E6916D2E371F18D8B9E ] NBService       C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
19:21:52.0403 0x052c  NBService - ok
19:21:52.0463 0x052c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:21:52.0501 0x052c  NDIS - ok
19:21:52.0513 0x052c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:21:52.0564 0x052c  NdisCap - ok
19:21:52.0586 0x052c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:21:52.0635 0x052c  NdisTapi - ok
19:21:52.0681 0x052c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:21:52.0734 0x052c  Ndisuio - ok
19:21:52.0760 0x052c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:21:52.0808 0x052c  NdisWan - ok
19:21:52.0858 0x052c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:21:52.0902 0x052c  NDProxy - ok
19:21:52.0919 0x052c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:21:52.0955 0x052c  NetBIOS - ok
19:21:52.0982 0x052c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:21:53.0024 0x052c  NetBT - ok
19:21:53.0032 0x052c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
19:21:53.0042 0x052c  Netlogon - ok
19:21:53.0067 0x052c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
19:21:53.0126 0x052c  Netman - ok
19:21:53.0159 0x052c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:21:53.0173 0x052c  NetMsmqActivator - ok
19:21:53.0190 0x052c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:21:53.0203 0x052c  NetPipeActivator - ok
19:21:53.0229 0x052c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
19:21:53.0280 0x052c  netprofm - ok
19:21:53.0337 0x052c  [ 81B8D0C1CE44A7FDBD596B693783950C, 9F47ACECFE32E935FE03D0134018A9C03698D9E25E6FC9B8A525A4FE4A880642 ] netr7364        C:\Windows\system32\DRIVERS\netr7364.sys
19:21:53.0392 0x052c  netr7364 - ok
19:21:53.0398 0x052c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:21:53.0411 0x052c  NetTcpActivator - ok
19:21:53.0416 0x052c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:21:53.0429 0x052c  NetTcpPortSharing - ok
19:21:53.0471 0x052c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:21:53.0482 0x052c  nfrd960 - ok
19:21:53.0518 0x052c  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:21:53.0538 0x052c  NlaSvc - ok
19:21:53.0590 0x052c  [ 193FA51DDDD0BFFDED1C340F0434999A, C05CA0A8568E9CBDA15633ED420C29F52082114B2B9F24EB61369E42C480C080 ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
19:21:53.0604 0x052c  NMIndexingService - ok
19:21:53.0616 0x052c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:21:53.0651 0x052c  Npfs - ok
19:21:53.0675 0x052c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
19:21:53.0719 0x052c  nsi - ok
19:21:53.0733 0x052c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:21:53.0775 0x052c  nsiproxy - ok
19:21:53.0855 0x052c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:21:53.0933 0x052c  Ntfs - ok
19:21:53.0936 0x052c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
19:21:53.0979 0x052c  Null - ok
19:21:54.0008 0x052c  [ A7127E86F9FFE2A53E271B56B2C4CEDF, 9C8D60290B66976BBC6E6FE0C2B8EBBCF65B019C95116565CA75098E9F66C05D ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
19:21:54.0053 0x052c  nusb3hub - ok
19:21:54.0088 0x052c  [ 49BBEC6F48D5F9284B03ABF3A959B19B, 688AFDFA9E2F0AB3BDE22EC55C70FD592AA0236557DA9310E1557C083307CEC5 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:21:54.0132 0x052c  nusb3xhc - ok
19:21:54.0161 0x052c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:21:54.0173 0x052c  nvraid - ok
19:21:54.0196 0x052c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:21:54.0210 0x052c  nvstor - ok
19:21:54.0224 0x052c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:21:54.0236 0x052c  nv_agp - ok
19:21:54.0247 0x052c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:21:54.0270 0x052c  ohci1394 - ok
19:21:54.0321 0x052c  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:21:54.0334 0x052c  ose - ok
19:21:54.0572 0x052c  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:21:54.0782 0x052c  osppsvc - ok
19:21:54.0824 0x052c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:21:54.0866 0x052c  p2pimsvc - ok
19:21:54.0904 0x052c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
19:21:54.0942 0x052c  p2psvc - ok
19:21:54.0965 0x052c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:21:54.0978 0x052c  Parport - ok
19:21:54.0998 0x052c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:21:55.0008 0x052c  partmgr - ok
19:21:55.0019 0x052c  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:21:55.0053 0x052c  PcaSvc - ok
19:21:55.0069 0x052c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
19:21:55.0082 0x052c  pci - ok
19:21:55.0100 0x052c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
19:21:55.0109 0x052c  pciide - ok
19:21:55.0136 0x052c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:21:55.0151 0x052c  pcmcia - ok
19:21:55.0175 0x052c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:21:55.0185 0x052c  pcw - ok
19:21:55.0218 0x052c  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:21:55.0294 0x052c  PEAUTH - ok
19:21:55.0355 0x052c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:21:55.0382 0x052c  PerfHost - ok
19:21:55.0465 0x052c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
19:21:55.0578 0x052c  pla - ok
19:21:55.0606 0x052c  [ 875E4E0661F3A5994DF9E5E3A0A4F96B, 7198C02935B3714C455EE94305D2A21D900D72AC67049C11A1E842572AD6C5E1 ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe
19:21:55.0619 0x052c  PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic ( 1 )
19:21:57.0920 0x052c  Detect skipped due to KSN trusted
19:21:57.0920 0x052c  PLFlash DeviceIoControl Service - ok
19:21:57.0975 0x052c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:21:58.0006 0x052c  PlugPlay - ok
19:21:58.0015 0x052c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:21:58.0038 0x052c  PNRPAutoReg - ok
19:21:58.0059 0x052c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:21:58.0079 0x052c  PNRPsvc - ok
19:21:58.0120 0x052c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:21:58.0183 0x052c  PolicyAgent - ok
19:21:58.0219 0x052c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
19:21:58.0260 0x052c  Power - ok
19:21:58.0282 0x052c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:21:58.0323 0x052c  PptpMiniport - ok
19:21:58.0354 0x052c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:21:58.0366 0x052c  Processor - ok
19:21:58.0392 0x052c  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:21:58.0408 0x052c  ProfSvc - ok
19:21:58.0411 0x052c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:21:58.0421 0x052c  ProtectedStorage - ok
19:21:58.0459 0x052c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:21:58.0508 0x052c  Psched - ok
19:21:58.0578 0x052c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:21:58.0645 0x052c  ql2300 - ok
19:21:58.0664 0x052c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:21:58.0677 0x052c  ql40xx - ok
19:21:58.0695 0x052c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
19:21:58.0718 0x052c  QWAVE - ok
19:21:58.0738 0x052c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:21:58.0753 0x052c  QWAVEdrv - ok
19:21:58.0768 0x052c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:21:58.0803 0x052c  RasAcd - ok
19:21:58.0828 0x052c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:21:58.0882 0x052c  RasAgileVpn - ok
19:21:58.0898 0x052c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
19:21:58.0943 0x052c  RasAuto - ok
19:21:58.0965 0x052c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:21:59.0018 0x052c  Rasl2tp - ok
19:21:59.0041 0x052c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
19:21:59.0103 0x052c  RasMan - ok
19:21:59.0117 0x052c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:21:59.0168 0x052c  RasPppoe - ok
19:21:59.0189 0x052c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:21:59.0234 0x052c  RasSstp - ok
19:21:59.0259 0x052c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:21:59.0311 0x052c  rdbss - ok
19:21:59.0339 0x052c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:21:59.0359 0x052c  rdpbus - ok
19:21:59.0373 0x052c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:21:59.0425 0x052c  RDPCDD - ok
19:21:59.0450 0x052c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:21:59.0499 0x052c  RDPENCDD - ok
19:21:59.0513 0x052c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:21:59.0559 0x052c  RDPREFMP - ok
19:21:59.0585 0x052c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:21:59.0613 0x052c  RDPWD - ok
19:21:59.0656 0x052c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:21:59.0671 0x052c  rdyboost - ok
19:21:59.0698 0x052c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:21:59.0736 0x052c  RemoteAccess - ok
19:21:59.0760 0x052c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:21:59.0812 0x052c  RemoteRegistry - ok
19:21:59.0828 0x052c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:21:59.0865 0x052c  RpcEptMapper - ok
19:21:59.0893 0x052c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
19:21:59.0914 0x052c  RpcLocator - ok
19:21:59.0951 0x052c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
19:22:00.0002 0x052c  RpcSs - ok
19:22:00.0025 0x052c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:22:00.0069 0x052c  rspndr - ok
19:22:00.0106 0x052c  [ BAEFEE35D27A5440D35092CE10267BEC, FB550D38C01E07B1170C52C1441874B56DD3BECB10CBE8E132EE3276A05C796E ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
19:22:00.0140 0x052c  RTL8167 - ok
19:22:00.0186 0x052c  [ B3F36B4B3F192EA87DDC119F3A0B3E45, DE80502994ED9977AD64483385A0BC0C6060EA9E9C08645E72FBBCFE8B2358C7 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
19:22:00.0215 0x052c  RTL8192su - ok
19:22:00.0234 0x052c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
19:22:00.0244 0x052c  SamSs - ok
19:22:00.0343 0x052c  [ 328100AF2EFD951EAB657384EC361B6F, 2DECBF74E13511395AA13F931F06F4D557E67654DA3314D0095C332FB758B4D9 ] SamsungAllShareV2.0 C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
19:22:00.0349 0x052c  SamsungAllShareV2.0 - ok
19:22:00.0368 0x052c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:22:00.0380 0x052c  sbp2port - ok
19:22:00.0397 0x052c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:22:00.0447 0x052c  SCardSvr - ok
19:22:00.0468 0x052c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:22:00.0513 0x052c  scfilter - ok
19:22:00.0574 0x052c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
19:22:00.0660 0x052c  Schedule - ok
19:22:00.0674 0x052c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:22:00.0710 0x052c  SCPolicySvc - ok
19:22:00.0738 0x052c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:22:00.0768 0x052c  SDRSVC - ok
19:22:00.0796 0x052c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:22:00.0842 0x052c  secdrv - ok
19:22:00.0870 0x052c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
19:22:00.0920 0x052c  seclogon - ok
19:22:00.0943 0x052c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
19:22:00.0980 0x052c  SENS - ok
19:22:01.0002 0x052c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:22:01.0022 0x052c  SensrSvc - ok
19:22:01.0062 0x052c  [ D666EBEC6374B2018CF61EE204C3CF50, 4BA0C0370F0C13AADBAE9724660F13210554B0B84C405494521502C2F6DEF27E ] Ser2pl          C:\Windows\system32\DRIVERS\ser2pl64.sys
19:22:01.0077 0x052c  Ser2pl - ok
19:22:01.0105 0x052c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:22:01.0122 0x052c  Serenum - ok
19:22:01.0153 0x052c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:22:01.0172 0x052c  Serial - ok
19:22:01.0191 0x052c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:22:01.0214 0x052c  sermouse - ok
19:22:01.0254 0x052c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
19:22:01.0309 0x052c  SessionEnv - ok
19:22:01.0330 0x052c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:22:01.0344 0x052c  sffdisk - ok
19:22:01.0355 0x052c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:22:01.0379 0x052c  sffp_mmc - ok
19:22:01.0386 0x052c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:22:01.0399 0x052c  sffp_sd - ok
19:22:01.0414 0x052c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:22:01.0423 0x052c  sfloppy - ok
19:22:01.0459 0x052c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:22:01.0507 0x052c  SharedAccess - ok
19:22:01.0542 0x052c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:22:01.0609 0x052c  ShellHWDetection - ok
19:22:01.0659 0x052c  [ 1980FE1F5A32067DAD1D8776B63C2669, 26B53EAF89CDBBA8FFA154DBB1F1DA348F894FE1F1D0CA4060E32496464DD5D2 ] SimpleSlideShowServer C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
19:22:01.0666 0x052c  SimpleSlideShowServer - ok
19:22:01.0688 0x052c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:22:01.0698 0x052c  SiSRaid2 - ok
19:22:01.0709 0x052c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:22:01.0720 0x052c  SiSRaid4 - ok
19:22:01.0749 0x052c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:22:01.0787 0x052c  Smb - ok
19:22:01.0812 0x052c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:22:01.0823 0x052c  SNMPTRAP - ok
19:22:01.0834 0x052c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:22:01.0843 0x052c  spldr - ok
19:22:01.0880 0x052c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
19:22:01.0923 0x052c  Spooler - ok
19:22:02.0059 0x052c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
19:22:02.0252 0x052c  sppsvc - ok
19:22:02.0274 0x052c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:22:02.0324 0x052c  sppuinotify - ok
19:22:02.0384 0x052c  [ 602884696850C86434530790B110E8EB, C9B734F070E55732B274C70381EA28AB574EF6AD3F606D3DC9B9B0038F3EDEEA ] sptd            C:\Windows\System32\Drivers\sptd.sys
19:22:02.0418 0x052c  sptd - ok
19:22:02.0451 0x052c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:22:02.0509 0x052c  srv - ok
19:22:02.0531 0x052c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:22:02.0569 0x052c  srv2 - ok
19:22:02.0591 0x052c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:22:02.0605 0x052c  srvnet - ok
19:22:02.0622 0x052c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:22:02.0664 0x052c  SSDPSRV - ok
19:22:02.0679 0x052c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:22:02.0716 0x052c  SstpSvc - ok
19:22:02.0760 0x052c  [ AAF6F247F1DC370C593B4430974EAD9C, 232D0D62EC83A5537ADB28B5DC01074BA812FE6C70C54F70CD7A5EF1BC19D3E1 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
19:22:02.0774 0x052c  ssudmdm - ok
19:22:02.0846 0x052c  [ 7A04FB623BE442450E716AA2A5476BE1, A24AD210F545460E0E0EE8F09991E665B34DCE2EF5EC6D495E314ADBB88B18D5 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
19:22:02.0875 0x052c  Steam Client Service - ok
19:22:02.0896 0x052c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:22:02.0905 0x052c  stexstor - ok
19:22:02.0959 0x052c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
19:22:02.0997 0x052c  stisvc - ok
19:22:03.0016 0x052c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:22:03.0025 0x052c  swenum - ok
19:22:03.0049 0x052c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
19:22:03.0101 0x052c  swprv - ok
19:22:03.0189 0x052c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
19:22:03.0298 0x052c  SysMain - ok
19:22:03.0326 0x052c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:22:03.0355 0x052c  TabletInputService - ok
19:22:03.0394 0x052c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:22:03.0453 0x052c  TapiSrv - ok
19:22:03.0468 0x052c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
19:22:03.0505 0x052c  TBS - ok
19:22:03.0591 0x052c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:22:03.0681 0x052c  Tcpip - ok
19:22:03.0754 0x052c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:22:03.0817 0x052c  TCPIP6 - ok
19:22:03.0855 0x052c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:22:03.0866 0x052c  tcpipreg - ok
19:22:03.0883 0x052c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:22:03.0906 0x052c  TDPIPE - ok
19:22:03.0927 0x052c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:22:03.0936 0x052c  TDTCP - ok
19:22:03.0953 0x052c  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:22:04.0005 0x052c  tdx - ok
19:22:04.0022 0x052c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:22:04.0032 0x052c  TermDD - ok
19:22:04.0080 0x052c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
19:22:04.0115 0x052c  TermService - ok
19:22:04.0130 0x052c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
19:22:04.0147 0x052c  Themes - ok
19:22:04.0163 0x052c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
19:22:04.0199 0x052c  THREADORDER - ok
19:22:04.0221 0x052c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
19:22:04.0260 0x052c  TrkWks - ok
19:22:04.0279 0x052c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:22:04.0336 0x052c  TrustedInstaller - ok
19:22:04.0355 0x052c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:22:04.0365 0x052c  tssecsrv - ok
19:22:04.0392 0x052c  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:22:04.0417 0x052c  TsUsbFlt - ok
19:22:04.0456 0x052c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:22:04.0513 0x052c  tunnel - ok
19:22:04.0545 0x052c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:22:04.0555 0x052c  uagp35 - ok
19:22:04.0578 0x052c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:22:04.0624 0x052c  udfs - ok
19:22:04.0640 0x052c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:22:04.0652 0x052c  UI0Detect - ok
19:22:04.0669 0x052c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:22:04.0679 0x052c  uliagpkx - ok
19:22:04.0711 0x052c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:22:04.0737 0x052c  umbus - ok
19:22:04.0767 0x052c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:22:04.0776 0x052c  UmPass - ok
19:22:04.0812 0x052c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
19:22:04.0861 0x052c  upnphost - ok
19:22:04.0899 0x052c  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
19:22:04.0921 0x052c  USBAAPL64 - ok
19:22:04.0954 0x052c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:22:04.0975 0x052c  usbccgp - ok
19:22:05.0020 0x052c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:22:05.0046 0x052c  usbcir - ok
19:22:05.0065 0x052c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
19:22:05.0084 0x052c  usbehci - ok
19:22:05.0106 0x052c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:22:05.0127 0x052c  usbhub - ok
19:22:05.0138 0x052c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:22:05.0169 0x052c  usbohci - ok
19:22:05.0198 0x052c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:22:05.0225 0x052c  usbprint - ok
19:22:05.0259 0x052c  [ 2C42E595E7E381596B9A14F88F5AE027, 948C2AD7FA0B01184312D1ABE43F2F3D85A934CF0658A8B2BDF9F0919568377B ] usbrndis6       C:\Windows\system32\DRIVERS\usb80236.sys
19:22:05.0285 0x052c  usbrndis6 - ok
19:22:05.0321 0x052c  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
19:22:05.0330 0x052c  usbscan - ok
19:22:05.0349 0x052c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:22:05.0370 0x052c  USBSTOR - ok
19:22:05.0378 0x052c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:22:05.0398 0x052c  usbuhci - ok
19:22:05.0421 0x052c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
19:22:05.0458 0x052c  UxSms - ok
19:22:05.0462 0x052c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
19:22:05.0472 0x052c  VaultSvc - ok
19:22:05.0488 0x052c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:22:05.0498 0x052c  vdrvroot - ok
19:22:05.0531 0x052c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
19:22:05.0602 0x052c  vds - ok
19:22:05.0633 0x052c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:22:05.0646 0x052c  vga - ok
19:22:05.0660 0x052c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:22:05.0710 0x052c  VgaSave - ok
19:22:05.0747 0x052c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:22:05.0761 0x052c  vhdmp - ok
19:22:05.0791 0x052c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:22:05.0800 0x052c  viaide - ok
19:22:05.0808 0x052c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:22:05.0818 0x052c  volmgr - ok
19:22:05.0853 0x052c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:22:05.0873 0x052c  volmgrx - ok
19:22:05.0888 0x052c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:22:05.0906 0x052c  volsnap - ok
19:22:05.0941 0x052c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:22:05.0954 0x052c  vsmraid - ok
19:22:06.0033 0x052c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
19:22:06.0155 0x052c  VSS - ok
19:22:06.0179 0x052c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:22:06.0192 0x052c  vwifibus - ok
19:22:06.0217 0x052c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:22:06.0248 0x052c  vwififlt - ok
19:22:06.0273 0x052c  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
19:22:06.0303 0x052c  vwifimp - ok
19:22:06.0340 0x052c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
19:22:06.0423 0x052c  W32Time - ok
19:22:06.0455 0x052c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:22:06.0480 0x052c  WacomPen - ok
19:22:06.0513 0x052c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:22:06.0566 0x052c  WANARP - ok
19:22:06.0587 0x052c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:22:06.0622 0x052c  Wanarpv6 - ok
19:22:06.0681 0x052c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
19:22:06.0766 0x052c  wbengine - ok
19:22:06.0788 0x052c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:22:06.0810 0x052c  WbioSrvc - ok
19:22:06.0848 0x052c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:22:06.0877 0x052c  wcncsvc - ok
19:22:06.0885 0x052c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:22:06.0911 0x052c  WcsPlugInService - ok
19:22:06.0943 0x052c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:22:06.0952 0x052c  Wd - ok
19:22:07.0009 0x052c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:22:07.0044 0x052c  Wdf01000 - ok
19:22:07.0070 0x052c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:22:07.0089 0x052c  WdiServiceHost - ok
19:22:07.0092 0x052c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:22:07.0111 0x052c  WdiSystemHost - ok
19:22:07.0132 0x052c  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
19:22:07.0161 0x052c  WebClient - ok
19:22:07.0184 0x052c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:22:07.0228 0x052c  Wecsvc - ok
19:22:07.0243 0x052c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:22:07.0282 0x052c  wercplsupport - ok
19:22:07.0303 0x052c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:22:07.0341 0x052c  WerSvc - ok
19:22:07.0361 0x052c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:22:07.0395 0x052c  WfpLwf - ok
19:22:07.0412 0x052c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:22:07.0421 0x052c  WIMMount - ok
19:22:07.0478 0x052c  WinDefend - ok
19:22:07.0480 0x052c  WinHttpAutoProxySvc - ok
19:22:07.0524 0x052c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:22:07.0568 0x052c  Winmgmt - ok
19:22:07.0658 0x052c  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:22:07.0783 0x052c  WinRM - ok
19:22:07.0826 0x052c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:22:07.0839 0x052c  WinUsb - ok
19:22:07.0881 0x052c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:22:07.0928 0x052c  Wlansvc - ok
19:22:07.0973 0x052c  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:22:07.0982 0x052c  wlcrasvc - ok
19:22:08.0094 0x052c  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:22:08.0235 0x052c  wlidsvc - ok
19:22:08.0270 0x052c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:22:08.0293 0x052c  WmiAcpi - ok
19:22:08.0309 0x052c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:22:08.0335 0x052c  wmiApSrv - ok
19:22:08.0363 0x052c  WMPNetworkSvc - ok
19:22:08.0388 0x052c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:22:08.0398 0x052c  WPCSvc - ok
19:22:08.0419 0x052c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:22:08.0435 0x052c  WPDBusEnum - ok
19:22:08.0453 0x052c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:22:08.0487 0x052c  ws2ifsl - ok
19:22:08.0518 0x052c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
19:22:08.0536 0x052c  wscsvc - ok
19:22:08.0537 0x052c  WSearch - ok
19:22:08.0647 0x052c  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:22:08.0761 0x052c  wuauserv - ok
19:22:08.0798 0x052c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:22:08.0829 0x052c  WudfPf - ok
19:22:08.0859 0x052c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:22:08.0884 0x052c  WUDFRd - ok
19:22:08.0903 0x052c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:22:08.0915 0x052c  wudfsvc - ok
19:22:08.0948 0x052c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:22:08.0975 0x052c  WwanSvc - ok
19:22:09.0026 0x052c  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B, 2C324592F3F2D50BABA7123B6F9FC922667CC132777E019FF615F2D6F273A45E ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
19:22:09.0051 0x052c  xusb21 - ok
19:22:09.0080 0x052c  ================ Scan global ===============================
19:22:09.0097 0x052c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
19:22:09.0144 0x052c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:22:09.0158 0x052c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:22:09.0180 0x052c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
19:22:09.0201 0x052c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
19:22:09.0211 0x052c  [ Global ] - ok
19:22:09.0212 0x052c  ================ Scan MBR ==================================
19:22:09.0218 0x052c  [ 5D949EEA3BEEC2DF38A2D7900AD89A60 ] \Device\Harddisk0\DR0
19:22:12.0099 0x052c  \Device\Harddisk0\DR0 - ok
19:22:12.0099 0x052c  ================ Scan VBR ==================================
19:22:12.0101 0x052c  [ 0C8B9ADFE52F19E462B61E5D9BC90F20 ] \Device\Harddisk0\DR0\Partition1
19:22:12.0150 0x052c  \Device\Harddisk0\DR0\Partition1 - ok
19:22:12.0152 0x052c  [ B880AD6696E3EB9C3E77CF98A9AE4FD2 ] \Device\Harddisk0\DR0\Partition2
19:22:12.0208 0x052c  \Device\Harddisk0\DR0\Partition2 - ok
19:22:12.0210 0x052c  [ 4644BD661FDAF29CC4B29FEBB9F76E6B ] \Device\Harddisk0\DR0\Partition3
19:22:12.0211 0x052c  \Device\Harddisk0\DR0\Partition3 - ok
19:22:12.0211 0x052c  ================ Scan generic autorun ======================
19:22:12.0536 0x052c  [ FBDF607ED7EF0467639DB501E1FD938C, 040528158D85D13122DB043144A982D6DC8744E75D140DB17A9BA5B93DC6B74D ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
19:22:12.0876 0x052c  RtHDVCpl - ok
19:22:12.0947 0x052c  [ 4CB7CEE3F7540B0BEDBD158D75F06509, 73348467A976AF06928B402E12A622BB1B5BD8BB2AC6446117E1FD1EEAFED217 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
19:22:12.0973 0x052c  StartCCC - ok
19:22:12.0995 0x052c  [ 34CA7536C887700B3A529EEF502BE431, B85E63A3BFCE89BD0069969C1D5B1652717AAF2E18065FB756D5527DA1F1E574 ] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
19:22:13.0005 0x052c  AllShareAgent - ok
19:22:13.0055 0x052c  [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
19:22:13.0079 0x052c  Adobe ARM - ok
19:22:13.0147 0x052c  [ 4A73AB8412D3AA6CFAD24051FF9DBFA7, 7C1F6BDECE92F2A58E88FC603F1BEE9B0F72130136AE9A368892323A9A327FD1 ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
19:22:13.0166 0x052c  IAStorIcon - ok
19:22:13.0302 0x052c  [ 7F60FAE3DF4832DFA65A029011A7959F, 7CBA677157F797136811BBB45C471026453838BE3D7BDBF8B839DF3A54F936F8 ] C:\Program Files (x86)\Steam\Steam.exe
19:22:13.0338 0x052c  Steam - ok
19:22:13.0340 0x052c  Waiting for KSN requests completion. In queue: 168
19:22:13.0994 0x1674  Object required for P2P: [ 7A04FB623BE442450E716AA2A5476BE1 ] Steam Client Service
19:22:14.0340 0x052c  Waiting for KSN requests completion. In queue: 98
19:22:15.0340 0x052c  Waiting for KSN requests completion. In queue: 98
19:22:15.0657 0x1bac  Object required for P2P: [ 7F60FAE3DF4832DFA65A029011A7959F ] C:\Program Files (x86)\Steam\Steam.exe
19:22:16.0340 0x052c  Waiting for KSN requests completion. In queue: 93
19:22:16.0420 0x1674  Object send P2P result: true
19:22:17.0340 0x052c  Waiting for KSN requests completion. In queue: 1
19:22:18.0099 0x1bac  Object send P2P result: true
19:22:18.0356 0x052c  Win FW state via NFP2: enabled
19:22:33.0712 0x052c  ============================================================
19:22:33.0712 0x052c  Scan finished
19:22:33.0712 0x052c  ============================================================
19:22:33.0713 0x0fb4  Detected object count: 0
19:22:33.0713 0x0fb4  Actual detected object count: 0
         
Schritt 3

Code:
ATTFilter
https://www.virustotal.com/de/file/7c8088412693e4da64131071f2de58f94721b085e3a47864aefc942a7374ca64/analysis/1416162761/
         

Alt 16.11.2014, 19:26   #5
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren - Standard

Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren



Prima Mitarbeit von Dir!

Schritt 1
Downloade Dir Rkill von Grinler herunter und speicher das Tool auf Deinen Desktop.
  • Link
  • Starte das Tool mit Doppelklick.
  • Ist der Scan beendet erzeugt RKill eine Log-Datei. Diese bitte posten.
  • PC nicht rebooten!

Schritt 2
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 16.11.2014, 19:40   #6
BlueBall
 
Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren - Standard

Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren



Stets bemüht!

Schritt 1:

Code:
ATTFilter
Rkill 2.6.8 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 hxxp://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/16/2014 08:30:20 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Users\Stefan Möller\AppData\Roaming\Realtek\Audio\RtHDVCpl.exe (PID: 2828) [UP-HEUR]
 * C:\Users\Stefan Möller\AppData\Roaming\Realtek\Audio\RtHDVCpl.exe (PID: 6476) [UP-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Backup Registry file created at:
 C:\Users\Stefan Möller\Desktop\rkill\rkill-11-16-2014-08-30-57.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Modified HKCU\...\Winlogon: [Shell] => explorer.exe,"C:\Users\Stefan Möller\AppData\Roaming\Realtek\Audio\RtHDVCpl.exe"

 * No issues found.

Checking Windows Service Integrity: 

 * No issues found.

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * HOSTS file entries found: 

  127.0.0.1       localhost

Program finished at: 11/16/2014 08:31:57 PM
Execution time: 0 hours(s), 1 minute(s), and 36 seconds(s)
         
Schritt 2

Leider konnte ich die combofix.exe nicht ausführen. Es erscheint folgende Fehlermeldung:
Datei konnte nicht gefunden werden. Stellen Sie sicher, dass (bla bla)

Die gleiche Fehlermeldung habe ich erhalten, als ich meine Antivirensoftware neu installieren wollte.....

Alt 16.11.2014, 19:45   #7
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren - Standard

Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren



Bitte die "Combofix.exe" in "CF.com" umbenennen und dann starten.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 16.11.2014, 21:01   #8
BlueBall
 
Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren - Standard

Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren



sooooo hat ein bissel gedauert, aber hier kommt die Log Schritt 2:

Code:
ATTFilter
ComboFix 14-11-15.01 - Stefan Möller 16.11.2014  21:37:31.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8174.4981 [GMT 1:00]
ausgeführt von:: c:\users\Stefan M÷ller\Desktop\CF.com.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-10-16 bis 2014-11-16  ))))))))))))))))))))))))))))))
.
.
2014-11-16 20:44 . 2014-11-16 20:44	--------	d-----w-	c:\users\Stefan Möller\AppData\Local\temp
2014-11-16 20:44 . 2014-11-16 20:44	--------	d-----w-	c:\users\Stefan M”ller\AppData\Local\temp
2014-11-16 20:44 . 2014-11-16 20:44	--------	d-----w-	c:\users\Public\AppData\Local\temp
2014-11-16 20:44 . 2014-11-16 20:44	--------	d-----w-	c:\users\Internet\AppData\Local\temp
2014-11-16 20:44 . 2014-11-16 20:44	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-11-16 12:28 . 2014-11-16 12:28	2560	----a-w-	c:\windows\_MSRSTRT.EXE
2014-11-16 12:17 . 2014-11-16 12:17	--------	d-----w-	c:\program files (x86)\VS Revo Group
2014-11-16 08:09 . 2014-11-16 08:14	--------	d-----w-	C:\FRST
2014-11-15 09:26 . 2014-11-15 09:27	--------	d-sh--w-	c:\programdata\Realtek Audio
2014-11-14 08:05 . 2014-11-14 08:05	--------	d-sh--w-	c:\windows\SysWow64\Realtek Audio
2014-11-13 12:30 . 2014-11-13 12:30	--------	d-----w-	c:\program files (x86)\QuickTime
2014-11-13 06:37 . 2014-10-03 02:12	500224	----a-w-	c:\windows\system32\AUDIOKSE.dll
2014-10-30 19:17 . 2014-10-30 19:17	--------	d-----w-	c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-30 19:17 . 2014-10-30 19:17	--------	d-----w-	c:\program files\iTunes
2014-10-30 19:17 . 2014-10-30 19:17	--------	d-----w-	c:\program files (x86)\iTunes
2014-10-30 19:17 . 2014-10-30 19:17	--------	d-----w-	c:\program files\iPod
2014-10-25 10:10 . 2014-10-25 10:11	--------	d-----w-	c:\users\Stefan Möller\AppData\Local\{5E073B6A-9506-412A-84AA-9A87D7E5A3D8}
2014-10-25 10:04 . 2014-10-25 10:04	--------	d-----w-	c:\users\Stefan Möller\restore
2014-10-25 09:56 . 2014-11-16 12:38	--------	d-----w-	c:\program files\Pixum
2014-10-23 07:47 . 2014-10-23 07:47	--------	d-----w-	c:\users\Stefan Möller\AppData\Local\{05EE08F2-9514-40C8-8B37-FA80196225FE}
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-14 00:56 . 2010-11-26 17:57	103374192	----a-w-	c:\windows\system32\MRT.exe
2014-11-12 12:39 . 2012-04-09 08:09	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-12 12:39 . 2011-05-27 17:27	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-30 11:25 . 2010-11-26 17:22	275080	------w-	c:\windows\system32\MpSigStub.exe
2014-10-21 08:28 . 2013-06-14 18:22	590536	----a-w-	c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-10-02 13:23 . 2014-10-02 13:23	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2014-10-02 13:23 . 2014-10-02 13:23	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2014-09-25 02:08 . 2014-10-01 11:42	371712	----a-w-	c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 11:42	519680	----a-w-	c:\windows\SysWow64\qdvd.dll
2014-09-09 22:11 . 2014-10-01 11:42	2048	----a-w-	c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-10-01 11:42	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-09-04 05:23 . 2014-10-16 08:32	424448	----a-w-	c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-16 08:32	372736	----a-w-	c:\windows\SysWow64\rastls.dll
2014-09-03 04:49 . 2014-09-03 04:49	169984	----a-w-	c:\windows\system32\drivers\ser2pl64.sys
2014-08-29 06:44 . 2012-07-07 16:21	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-08-28 10:20	404480	----a-w-	c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 10:20	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-10-21 08:29	1729232	----a-w-	c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-10-21 08:29	1729232	----a-w-	c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-10-21 08:29	1729232	----a-w-	c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-11-12 1940160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"AllShareAgent"="c:\program files (x86)\Samsung\AllShare\AllShareAgent.exe" [2012-03-01 285072]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"shell"="explorer.exe,\"c:\users\Stefan Möller\AppData\Roaming\Realtek\Audio\RtHDVCpl.exe\""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IAMTVE;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTVE.sys;c:\windows\SYSNATIVE\DRIVERS\IAMTVE.sys [x]
R3 IAMTXPE;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTXPE.sys;c:\windows\SYSNATIVE\DRIVERS\IAMTXPE.sys [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys;c:\windows\SYSNATIVE\Drivers\qd162x64.sys [x]
R3 ioatdma2;Intel(R) QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys;c:\windows\SYSNATIVE\Drivers\qd262x64.sys [x]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usbrndis6;USB-RNDIS6-Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 Lexware_Datenbank_Plus;Lexware Datenbank Plus;c:\program files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe;c:\program files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [x]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 12:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-10-21 08:29	2334416	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-10-21 08:29	2334416	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-10-21 08:29	2334416	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-09 11613288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Stefan Möller\AppData\Roaming\Mozilla\Firefox\Profiles\iepy89s1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Might and Magic® VI - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\users\Stefan Möller\AppData\Roaming\Realtek\Audio\RtHDVCpl.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-11-16  21:55:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-11-16 20:55
.
Vor Suchlauf: 18 Verzeichnis(se), 911.259.807.744 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 913.268.080.640 Bytes frei
.
- - End Of File - - B0ED4EB1A962631025A704B2693F9124
         

Alt 16.11.2014, 21:04   #9
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren - Standard

Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren



OK...

Schritt 1
Downloade Dir HitmanProauf Deinen Desktop:

HitmanPro-32 Bit Version
HitmanPro-64 Bit Version
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

Schritt 2



Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 16.11.2014, 21:26   #10
BlueBall
 
Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren - Standard

Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren



Schritt 1

Code:
ATTFilter
Code:
ATTFilter
HitmanPro 3.7.9.232
www.hitmanpro.com

   Computer name . . . . : STEFANMÖLLER-PC
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : StefanMöller-PC\Stefan Möller
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2014-11-16 22:18:13
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 31s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 2
   Traces  . . . . . . . : 16

   Objects scanned . . . : 2.273.598
   Files scanned . . . . : 115.698
   Remnants scanned  . . : 657.687 files / 1.500.213 keys

Malware _____________________________________________________________________

   C:\Users\Stefan Möller\AppData\Roaming\Realtek\Audio\RtHDVCpl.exe
      Size . . . . . . . : 354.304 bytes
      Age  . . . . . . . : 38.2 days (2014-10-09 17:39:51)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 7C8088412693E4DA64131071F2DE58F94721B085E3A47864AEFC942A7374CA64
      Product  . . . . . : Microsoft® Windows® Operating System
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : Microsoft® Windows® Operating System
      Version  . . . . . : 6.1.0
      LanguageID . . . . : 0
      Running processes  : 2336
    > Bitdefender  . . . : Trojan.GenericKD.1920524
    > Kaspersky  . . . . : Trojan.MSIL.BitMiner.afa
      Fuzzy  . . . . . . : 137.0
      Startup
         HKU\S-1-5-21-26567397-2684912437-3830085727-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
      Network Ports
         192.168.178.21:49164	185.5.175.225:2294

   C:\Users\Stefan Möller\Documents\UseNeXT\wizard\# Software\Xpadder (5.7) - _Xpadder (5.7).rar_ (2_3) (01_12)\Xpadder (5.7).exe
      Size . . . . . . . : 4.719.616 bytes
      Age  . . . . . . . : 497.4 days (2013-07-07 12:37:06)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : F4603E019AD69172D4AAA856F64A9C5542C020C37ABFAD2E1A63FD411C1AF01B
    > Bitdefender  . . . : Trojan.Generic.9057554
    > Kaspersky  . . . . : Trojan.Win32.BitMin.n
      Fuzzy  . . . . . . : 113.0


Suspicious files ____________________________________________________________

   C:\Users\Stefan Möller\Desktop\FRST64.exe
      Size . . . . . . . : 2.116.608 bytes
      Age  . . . . . . . : 0.6 days (2014-11-16 09:03:52)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 5E456B9E62A9865FB614FC2FAEA78BCE24F067B814D67D203C489580035EE216
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\AppID\secman.DLL\ (Babylon)
   HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\secman.DLL\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}\ (Babylon)
         
Schritt 2


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-11-2014 03
Ran by Stefan Möller (administrator) on STEFANMÖLLER-PC on 16-11-2014 22:24:48
Running from C:\Users\Stefan Möller\Desktop
Loaded Profiles: Stefan Möller & Internet (Available profiles: Stefan Möller & Internet)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
(Microsoft Corporation) C:\Users\Stefan Möller\AppData\Roaming\Realtek\Audio\RtHDVCpl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-12-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKU\S-1-5-21-26567397-2684912437-3830085727-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1940160 2014-11-12] (Valve Corporation)
HKU\S-1-5-21-26567397-2684912437-3830085727-1000\...\Winlogon: [Shell] C:\Users\Stefan Möller\AppData\Roaming\Realtek\Audio\RtHDVCpl.exe [354304 2014-11-14] (Microsoft Corporation) <==== ATTENTION 
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-26567397-2684912437-3830085727-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-26567397-2684912437-3830085727-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=MDND&bmod=MDND
HKU\S-1-5-21-26567397-2684912437-3830085727-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDND&bmod=MDND
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {F097D89E-E315-4C3F-9760-15AA4E34C76E} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Handler: haufereader - No CLSID Value
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Stefan Möller\AppData\Roaming\Mozilla\Firefox\Profiles\iepy89s1.default
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-26567397-2684912437-3830085727-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Stefan Möller\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-26567397-2684912437-3830085727-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\Stefan Möller\AppData\Roaming\Mozilla\Firefox\Profiles\iepy89s1.default\user.js
FF Extension: NoScript - C:\Users\Stefan Möller\AppData\Roaming\Mozilla\Firefox\Profiles\iepy89s1.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-03-25]
FF Extension: Adblock Plus - C:\Users\Stefan Möller\AppData\Roaming\Mozilla\Firefox\Profiles\iepy89s1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-18]

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Lexware_Datenbank_Plus; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2011-06-29] (iAnywhere Solutions, Inc.)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
S4 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-05-16] ()
S3 IAMTVE; C:\Windows\system32\DRIVERS\IAMTVE.sys [43416 2007-04-11] (Intel Corporation)
S3 IAMTXPE; C:\Windows\system32\DRIVERS\IAMTXPE.sys [51096 2007-04-11] (Intel Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-05-16] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-05-13] (Duplex Secure Ltd.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 catchme; \??\C:\CF.com\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-16 22:24 - 2014-11-16 22:24 - 00008192 _____ () C:\Users\Stefan Möller\Desktop\HitmanPro_20141116_2224.log
2014-11-16 22:24 - 2014-11-16 22:24 - 00000000 ____D () C:\Users\Stefan Möller\Desktop\FRST-OlderVersion
2014-11-16 22:07 - 2014-11-16 22:16 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-16 22:06 - 2014-11-16 22:06 - 11222744 _____ (SurfRight B.V.) C:\Users\Stefan Möller\Desktop\HitmanPro_x64.exe
2014-11-16 21:55 - 2014-11-16 21:55 - 00020641 _____ () C:\ComboFix.txt
2014-11-16 21:35 - 2014-11-16 21:55 - 00000000 ____D () C:\Qoobox
2014-11-16 21:35 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-16 21:35 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-16 21:35 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-16 21:35 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-16 21:35 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-16 21:35 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-16 21:35 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-16 21:35 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-16 20:34 - 2014-11-16 20:35 - 05598504 ____R (Swearware) C:\Users\Stefan Möller\Desktop\CF.com.exe
2014-11-16 20:30 - 2014-11-16 20:31 - 00002928 _____ () C:\Users\Stefan Möller\Desktop\Rkill.txt
2014-11-16 20:30 - 2014-11-16 20:30 - 00000000 ____D () C:\Users\Stefan Möller\Desktop\rkill
2014-11-16 20:29 - 2014-11-16 20:30 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Stefan Möller\Desktop\rkill.com
2014-11-16 19:18 - 2014-11-16 19:18 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Stefan Möller\Desktop\tdsskiller.exe
2014-11-16 19:18 - 2014-11-16 19:18 - 00000604 _____ () C:\Users\Stefan Möller\Desktop\unknown.zip
2014-11-16 19:17 - 2014-11-16 19:17 - 00000577 _____ () C:\Users\Stefan Möller\Desktop\MBRMastr_2014.11.16_19.17.42.txt
2014-11-16 19:17 - 2014-11-16 19:17 - 00000512 _____ () C:\Users\Stefan Möller\Desktop\unknown.mbr
2014-11-16 19:15 - 2014-11-16 19:15 - 00788728 _____ (Emsisoft GmbH) C:\Users\Stefan Möller\Desktop\mbrmastr.exe
2014-11-16 19:15 - 2014-11-16 19:15 - 00000577 _____ () C:\Users\Stefan Möller\Desktop\MBRMastr_2014.11.16_19.15.55.txt
2014-11-16 13:28 - 2014-11-16 13:28 - 00002560 _____ () C:\Windows\_MSRSTRT.EXE
2014-11-16 13:17 - 2014-11-16 13:17 - 00001268 _____ () C:\Users\Stefan Möller\Desktop\Revo Uninstaller.lnk
2014-11-16 13:17 - 2014-11-16 13:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-16 13:16 - 2014-11-16 13:16 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Stefan Möller\Desktop\revosetup95.exe
2014-11-16 10:46 - 2014-11-16 10:46 - 00070599 _____ () C:\Users\Stefan Möller\Desktop\gmer.log
2014-11-16 09:14 - 2014-11-16 09:23 - 00044002 _____ () C:\Users\Stefan Möller\Desktop\Addition.txt
2014-11-16 09:09 - 2014-11-16 22:24 - 00011964 _____ () C:\Users\Stefan Möller\Desktop\FRST.txt
2014-11-16 09:09 - 2014-11-16 22:24 - 00000000 ____D () C:\FRST
2014-11-16 09:06 - 2014-11-16 09:23 - 00000522 _____ () C:\Users\Stefan Möller\Desktop\defogger_disable.log
2014-11-16 09:06 - 2014-11-16 09:06 - 00000188 _____ () C:\Users\Stefan Möller\defogger_reenable
2014-11-16 09:04 - 2014-11-16 09:04 - 00380416 _____ () C:\Users\Stefan Möller\Desktop\cesj47z0.exe
2014-11-16 09:03 - 2014-11-16 22:24 - 02117120 _____ (Farbar) C:\Users\Stefan Möller\Desktop\FRST64.exe
2014-11-16 09:02 - 2014-11-16 09:02 - 00050477 _____ () C:\Users\Stefan Möller\Desktop\Defogger.exe
2014-11-16 08:10 - 2014-11-16 08:11 - 14107296 _____ (Microsoft Corporation) C:\Users\Stefan Möller\Downloads\mseinstall(4).exe
2014-11-16 08:08 - 2014-11-16 08:08 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Stefan Möller\Downloads\mbam-clean-2.1.1.1001.exe
2014-11-16 07:51 - 2014-11-16 07:51 - 14107296 _____ (Microsoft Corporation) C:\Users\Stefan Möller\Downloads\mseinstall(3).exe
2014-11-16 07:36 - 2014-11-16 07:36 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Stefan Möller\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-16 07:27 - 2014-11-16 07:27 - 14107296 _____ (Microsoft Corporation) C:\Users\Stefan Möller\Downloads\mseinstall(2).exe
2014-11-15 10:26 - 2014-11-15 10:27 - 00000000 __SHD () C:\ProgramData\Realtek Audio
2014-11-14 09:06 - 2014-11-14 09:06 - 00000000 ____D () C:\Users\Stefan Möller\Desktop\Xpadder v2014 01 Multilingual - BRD
2014-11-14 09:05 - 2014-11-16 22:24 - 00131116 _____ () C:\Users\Stefan Möller\AppData\Roaming\msconfig.ini
2014-11-14 09:05 - 2014-11-14 09:05 - 00000000 __SHD () C:\Windows\SysWOW64\Realtek Audio
2014-11-13 13:37 - 2014-11-13 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-11-13 13:30 - 2014-11-13 13:30 - 00001849 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-11-13 13:30 - 2014-11-13 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-13 13:30 - 2014-11-13 13:30 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-13 07:44 - 2014-11-13 07:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-13 07:38 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-13 07:38 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-13 07:38 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-13 07:38 - 2014-10-27 21:32 - 17870336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 07:38 - 2014-10-27 21:13 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 07:38 - 2014-10-27 21:12 - 10921472 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 07:38 - 2014-10-27 21:07 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 07:38 - 2014-10-27 21:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 07:38 - 2014-10-27 21:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 07:38 - 2014-10-27 21:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-13 07:38 - 2014-10-27 21:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 07:38 - 2014-10-27 21:04 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 07:38 - 2014-10-27 21:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-13 07:38 - 2014-10-27 21:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 07:38 - 2014-10-27 21:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 07:38 - 2014-10-27 21:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 07:38 - 2014-10-27 21:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 07:38 - 2014-10-27 21:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 07:38 - 2014-10-27 21:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 07:38 - 2014-10-27 21:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 07:38 - 2014-10-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 07:38 - 2014-10-27 21:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-13 07:38 - 2014-10-27 21:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-13 07:38 - 2014-10-27 21:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-13 07:38 - 2014-10-27 20:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 07:38 - 2014-10-27 20:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 07:38 - 2014-10-27 20:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 07:38 - 2014-10-27 19:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 07:38 - 2014-10-27 19:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 07:38 - 2014-10-27 19:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 07:38 - 2014-10-27 19:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-13 07:38 - 2014-10-27 19:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 07:38 - 2014-10-27 19:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 07:38 - 2014-10-27 19:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-13 07:38 - 2014-10-27 19:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 07:38 - 2014-10-27 19:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 07:38 - 2014-10-27 19:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 07:38 - 2014-10-27 19:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 07:38 - 2014-10-27 19:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 07:38 - 2014-10-27 19:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 07:38 - 2014-10-27 19:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 07:38 - 2014-10-27 19:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-13 07:38 - 2014-10-27 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-13 07:38 - 2014-10-27 19:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-13 07:38 - 2014-10-27 19:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 07:38 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 07:38 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 07:38 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 07:38 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 07:38 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 07:38 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 07:38 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-13 07:38 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 07:38 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 07:38 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 07:38 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 07:38 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 07:38 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 07:38 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 07:38 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-13 07:37 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 07:37 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 07:37 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 07:37 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 07:37 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 07:37 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 07:37 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 07:37 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 07:37 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 07:37 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 07:37 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 07:37 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 07:37 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 07:37 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 07:37 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 07:37 - 2014-09-19 10:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-13 07:37 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 07:37 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 07:37 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 07:37 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 07:37 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 07:37 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 07:37 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-13 07:37 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 07:37 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 07:37 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 07:37 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-13 07:37 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 07:37 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-30 20:17 - 2014-10-30 20:17 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-30 20:17 - 2014-10-30 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-30 20:17 - 2014-10-30 20:17 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-30 20:17 - 2014-10-30 20:17 - 00000000 ____D () C:\Program Files\iTunes
2014-10-30 20:17 - 2014-10-30 20:17 - 00000000 ____D () C:\Program Files\iPod
2014-10-30 20:17 - 2014-10-30 20:17 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-25 11:10 - 2014-10-25 11:11 - 00000000 ____D () C:\Users\Stefan Möller\AppData\Local\{5E073B6A-9506-412A-84AA-9A87D7E5A3D8}
2014-10-25 11:04 - 2014-10-25 11:04 - 00000000 ____D () C:\Users\Stefan Möller\restore
2014-10-25 10:56 - 2014-11-16 13:38 - 00000000 ____D () C:\Program Files\Pixum
2014-10-25 10:55 - 2014-10-25 10:55 - 01631072 _____ () C:\Users\Stefan Möller\Downloads\setup_Pixum_Fotobuch.exe
2014-10-23 12:01 - 2014-10-25 11:15 - 00000000 ____D () C:\Users\Stefan Möller\Desktop\Fotos Mama
2014-10-23 08:48 - 2014-10-23 08:48 - 00770048 _____ () C:\Users\Stefan Möller\Documents\image.jpeg
2014-10-23 08:47 - 2014-10-23 08:47 - 00000000 ____D () C:\Users\Stefan Möller\AppData\Local\{05EE08F2-9514-40C8-8B37-FA80196225FE}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-16 21:59 - 2009-07-14 05:45 - 00018704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-16 21:59 - 2009-07-14 05:45 - 00018704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-16 21:57 - 2011-05-21 18:31 - 00000000 ____D () C:\Users\Stefan Möller\Documents\Outlook-Dateien
2014-11-16 21:57 - 2011-05-16 19:09 - 01648918 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-11-16 21:57 - 2010-11-25 17:28 - 00703108 _____ () C:\Windows\system32\perfh007.dat
2014-11-16 21:57 - 2010-11-25 17:28 - 00150692 _____ () C:\Windows\system32\perfc007.dat
2014-11-16 21:49 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-16 21:47 - 2009-07-14 05:51 - 00250850 _____ () C:\Windows\setupact.log
2014-11-16 21:46 - 2012-08-07 23:50 - 00000000 ____D () C:\Program Files (x86)\ActiveTraderDE
2014-11-16 21:46 - 2010-11-29 14:52 - 00354826 _____ () C:\Windows\PFRO.log
2014-11-16 21:45 - 2009-07-14 03:34 - 19922944 _____ () C:\Windows\system32\config\system.bak
2014-11-16 21:45 - 2009-07-14 03:34 - 115081216 _____ () C:\Windows\system32\config\software.bak
2014-11-16 21:45 - 2009-07-14 03:34 - 01048576 _____ () C:\Windows\system32\config\default.bak
2014-11-16 21:45 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-11-16 21:45 - 2009-07-14 03:34 - 00024576 _____ () C:\Windows\system32\config\security.bak
2014-11-16 21:44 - 2013-03-24 15:36 - 00000000 ____D () C:\Windows\erdnt
2014-11-16 21:44 - 2011-06-28 14:40 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-16 21:44 - 2011-05-13 11:39 - 02059714 _____ () C:\Windows\WindowsUpdate.log
2014-11-16 13:34 - 2010-11-26 17:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-16 10:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-16 09:06 - 2011-05-13 11:42 - 00000000 ____D () C:\Users\Stefan Möller
2014-11-16 08:13 - 2011-05-22 09:47 - 00002115 _____ () C:\Windows\epplauncher.mif
2014-11-14 21:39 - 2012-10-16 18:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-14 20:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 19:21 - 2011-08-14 06:05 - 00000000 ____D () C:\Users\Stefan Möller\AppData\Roaming\vlc
2014-11-14 12:24 - 2011-05-13 12:05 - 00000000 ____D () C:\Users\Stefan Möller\AppData\Roaming\UseNeXT
2014-11-14 12:23 - 2011-05-13 12:05 - 00000000 ___RD () C:\Users\Stefan Möller\Documents\UseNeXT
2014-11-14 09:06 - 2014-10-09 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xpadder
2014-11-14 09:06 - 2014-10-09 17:39 - 00000000 ____D () C:\Program Files (x86)\Xpadder
2014-11-14 09:05 - 2013-07-12 22:20 - 00001778 _____ () C:\Users\Stefan Möller\Desktop\Xpadder.ini
2014-11-14 08:57 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-14 08:57 - 2009-07-14 05:45 - 00449640 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 08:54 - 2014-05-06 22:15 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-14 01:59 - 2013-08-14 22:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-14 01:56 - 2010-11-26 18:57 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 16:22 - 2011-06-06 17:41 - 00000000 ____D () C:\Users\Stefan Möller\Desktop\Britta Carstensen (Dipl. Juristin)
2014-11-13 08:50 - 2012-05-03 17:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-12 13:39 - 2012-10-16 18:04 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 13:39 - 2012-04-09 09:09 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 13:39 - 2011-05-27 18:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-10 21:12 - 2011-06-27 20:27 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-11-10 21:10 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-08 05:51 - 2011-05-13 13:52 - 00000000 ____D () C:\Users\Stefan Möller\AppData\Local\Adobe
2014-10-30 20:17 - 2014-09-18 12:51 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-30 20:17 - 2014-04-17 07:42 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-30 12:25 - 2010-11-26 18:22 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-25 12:12 - 2013-08-02 12:25 - 00000000 ____D () C:\ProgramData\tmp
2014-10-25 10:59 - 2013-08-02 12:25 - 00000000 ____D () C:\ProgramData\hps
2014-10-22 18:19 - 2011-11-04 09:40 - 02315776 ___SH () C:\Users\Stefan Möller\Desktop\Thumbs.db
2014-10-21 09:31 - 2013-06-14 18:52 - 00000000 ____D () C:\Program Files\Microsoft Office 15

Files to move or delete:
====================
C:\Users\Stefan Möller\Civ5GDF.dll
C:\Users\Stefan Möller\CvGameCoreDLLFinal Release.dll
C:\Users\Stefan Möller\CvGameDatabaseWin32Final Release.dll
C:\Users\Stefan Möller\CvLocalizationWin32Final Release.dll
C:\Users\Stefan Möller\dbghelp.dll
C:\Users\Stefan Möller\libeay32.dll
C:\Users\Stefan Möller\lua51_Win32.dll
C:\Users\Stefan Möller\Mss32.dll
C:\Users\Stefan Möller\mss32midi.dll
C:\Users\Stefan Möller\ssleay32.dll
C:\Users\Stefan Möller\steam_api.dll
C:\Users\Stefan Möller\zlib1.dll
C:\Users\Stefan Möller\AppData\Roaming\msconfig.ini


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2014-11-08 18:48

==================== End Of Log ============================
         
--- --- ---

Alt 16.11.2014, 21:42   #11
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren - Standard

Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren



Wie läuft der Rechner nach dem Fix & Reboot:

Schritt 1



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
ATTFilter
CloseProcesses:
HKU\S-1-5-21-26567397-2684912437-3830085727-1000\...\Winlogon: [Shell] C:\Users\Stefan Möller\AppData\Roaming\Realtek\Audio\RtHDVCpl.exe [354304 2014-11-14] (Microsoft Corporation) <==== ATTENTION 
C:\Users\Stefan Möller\AppData\Roaming\Realtek\Audio\RtHDVCpl.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL 
"C:\Users\Stefan Möller\Documents\UseNeXT\wizard\# Software\Xpadder (5.7) - _Xpadder (5.7).rar_ (2_3) (01_12)\Xpadder (5.7).exe"
EmptyTemp:
         
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.


Schritt 2



Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 16.11.2014, 22:03   #12
BlueBall
 
Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren - Standard

Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren



Das System läuft soweit stabil, wirkt aber immer noch "langsam"

Schritt 1

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-11-2014 03
Ran by Stefan Möller at 2014-11-16 22:52:10 Run:1
Running from C:\Users\Stefan Möller\Desktop
Loaded Profiles: Stefan Möller & Internet (Available profiles: Stefan Möller & Internet)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKU\S-1-5-21-26567397-2684912437-3830085727-1000\...\Winlogon: [Shell] C:\Users\Stefan Möller\AppData\Roaming\Realtek\Audio\RtHDVCpl.exe [354304 2014-11-14] (Microsoft Corporation) <==== ATTENTION 
C:\Users\Stefan Möller\AppData\Roaming\Realtek\Audio\RtHDVCpl.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL 
"C:\Users\Stefan Möller\Documents\UseNeXT\wizard\# Software\Xpadder (5.7) - _Xpadder (5.7).rar_ (2_3) (01_12)\Xpadder (5.7).exe"
EmptyTemp:
         
*****************

Processes closed successfully.
HKU\S-1-5-21-26567397-2684912437-3830085727-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
C:\Users\Stefan Möller\AppData\Roaming\Realtek\Audio\RtHDVCpl.exe => Moved successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL => Value not found.
C:\Users\Stefan Möller\Documents\UseNeXT\wizard\# Software\Xpadder (5.7) - _Xpadder (5.7).rar_ (2_3) (01_12)\Xpadder (5.7).exe => Moved successfully.
EmptyTemp: => Removed 157.5 MB temporary data.


The system needed a reboot. 

==== End of Fixlog ====
         
Schritt 2


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-11-2014 03
Ran by Stefan Möller (administrator) on STEFANMÖLLER-PC on 16-11-2014 22:57:05
Running from C:\Users\Stefan Möller\Desktop
Loaded Profile: Stefan Möller (Available profiles: Stefan Möller & Internet)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-12-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKU\S-1-5-21-26567397-2684912437-3830085727-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1940160 2014-11-12] (Valve Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-26567397-2684912437-3830085727-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {F097D89E-E315-4C3F-9760-15AA4E34C76E} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Handler: haufereader - No CLSID Value
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Stefan Möller\AppData\Roaming\Mozilla\Firefox\Profiles\iepy89s1.default
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-26567397-2684912437-3830085727-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Stefan Möller\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-26567397-2684912437-3830085727-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\Stefan Möller\AppData\Roaming\Mozilla\Firefox\Profiles\iepy89s1.default\user.js
FF Extension: NoScript - C:\Users\Stefan Möller\AppData\Roaming\Mozilla\Firefox\Profiles\iepy89s1.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-03-25]
FF Extension: Adblock Plus - C:\Users\Stefan Möller\AppData\Roaming\Mozilla\Firefox\Profiles\iepy89s1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-18]

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Lexware_Datenbank_Plus; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2011-06-29] (iAnywhere Solutions, Inc.)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
S4 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-05-16] ()
S3 IAMTVE; C:\Windows\system32\DRIVERS\IAMTVE.sys [43416 2007-04-11] (Intel Corporation)
S3 IAMTXPE; C:\Windows\system32\DRIVERS\IAMTXPE.sys [51096 2007-04-11] (Intel Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-05-16] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-05-13] (Duplex Secure Ltd.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 catchme; \??\C:\CF.com\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-16 22:24 - 2014-11-16 22:24 - 00008192 _____ () C:\Users\Stefan Möller\Desktop\HitmanPro_20141116_2224.log
2014-11-16 22:24 - 2014-11-16 22:24 - 00000000 ____D () C:\Users\Stefan Möller\Desktop\FRST-OlderVersion
2014-11-16 22:07 - 2014-11-16 22:16 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-16 22:06 - 2014-11-16 22:06 - 11222744 _____ (SurfRight B.V.) C:\Users\Stefan Möller\Desktop\HitmanPro_x64.exe
2014-11-16 21:55 - 2014-11-16 21:55 - 00020641 _____ () C:\ComboFix.txt
2014-11-16 21:35 - 2014-11-16 21:55 - 00000000 ____D () C:\Qoobox
2014-11-16 21:35 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-16 21:35 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-16 21:35 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-16 21:35 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-16 21:35 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-16 21:35 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-16 21:35 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-16 21:35 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-16 20:34 - 2014-11-16 20:35 - 05598504 ____R (Swearware) C:\Users\Stefan Möller\Desktop\CF.com.exe
2014-11-16 20:30 - 2014-11-16 20:31 - 00002928 _____ () C:\Users\Stefan Möller\Desktop\Rkill.txt
2014-11-16 20:30 - 2014-11-16 20:30 - 00000000 ____D () C:\Users\Stefan Möller\Desktop\rkill
2014-11-16 20:29 - 2014-11-16 20:30 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Stefan Möller\Desktop\rkill.com
2014-11-16 19:18 - 2014-11-16 19:18 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Stefan Möller\Desktop\tdsskiller.exe
2014-11-16 19:18 - 2014-11-16 19:18 - 00000604 _____ () C:\Users\Stefan Möller\Desktop\unknown.zip
2014-11-16 19:17 - 2014-11-16 19:17 - 00000577 _____ () C:\Users\Stefan Möller\Desktop\MBRMastr_2014.11.16_19.17.42.txt
2014-11-16 19:17 - 2014-11-16 19:17 - 00000512 _____ () C:\Users\Stefan Möller\Desktop\unknown.mbr
2014-11-16 19:15 - 2014-11-16 19:15 - 00788728 _____ (Emsisoft GmbH) C:\Users\Stefan Möller\Desktop\mbrmastr.exe
2014-11-16 19:15 - 2014-11-16 19:15 - 00000577 _____ () C:\Users\Stefan Möller\Desktop\MBRMastr_2014.11.16_19.15.55.txt
2014-11-16 13:28 - 2014-11-16 13:28 - 00002560 _____ () C:\Windows\_MSRSTRT.EXE
2014-11-16 13:17 - 2014-11-16 13:17 - 00001268 _____ () C:\Users\Stefan Möller\Desktop\Revo Uninstaller.lnk
2014-11-16 13:17 - 2014-11-16 13:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-16 13:16 - 2014-11-16 13:16 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Stefan Möller\Desktop\revosetup95.exe
2014-11-16 10:46 - 2014-11-16 10:46 - 00070599 _____ () C:\Users\Stefan Möller\Desktop\gmer.log
2014-11-16 09:14 - 2014-11-16 09:23 - 00044002 _____ () C:\Users\Stefan Möller\Desktop\Addition.txt
2014-11-16 09:09 - 2014-11-16 22:57 - 00011409 _____ () C:\Users\Stefan Möller\Desktop\FRST.txt
2014-11-16 09:09 - 2014-11-16 22:57 - 00000000 ____D () C:\FRST
2014-11-16 09:06 - 2014-11-16 09:23 - 00000522 _____ () C:\Users\Stefan Möller\Desktop\defogger_disable.log
2014-11-16 09:06 - 2014-11-16 09:06 - 00000188 _____ () C:\Users\Stefan Möller\defogger_reenable
2014-11-16 09:04 - 2014-11-16 09:04 - 00380416 _____ () C:\Users\Stefan Möller\Desktop\cesj47z0.exe
2014-11-16 09:03 - 2014-11-16 22:24 - 02117120 _____ (Farbar) C:\Users\Stefan Möller\Desktop\FRST64.exe
2014-11-16 09:02 - 2014-11-16 09:02 - 00050477 _____ () C:\Users\Stefan Möller\Desktop\Defogger.exe
2014-11-16 08:10 - 2014-11-16 08:11 - 14107296 _____ (Microsoft Corporation) C:\Users\Stefan Möller\Downloads\mseinstall(4).exe
2014-11-16 08:08 - 2014-11-16 08:08 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Stefan Möller\Downloads\mbam-clean-2.1.1.1001.exe
2014-11-16 07:51 - 2014-11-16 07:51 - 14107296 _____ (Microsoft Corporation) C:\Users\Stefan Möller\Downloads\mseinstall(3).exe
2014-11-16 07:36 - 2014-11-16 07:36 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Stefan Möller\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-16 07:27 - 2014-11-16 07:27 - 14107296 _____ (Microsoft Corporation) C:\Users\Stefan Möller\Downloads\mseinstall(2).exe
2014-11-15 10:26 - 2014-11-15 10:27 - 00000000 __SHD () C:\ProgramData\Realtek Audio
2014-11-14 09:06 - 2014-11-14 09:06 - 00000000 ____D () C:\Users\Stefan Möller\Desktop\Xpadder v2014 01 Multilingual - BRD
2014-11-14 09:05 - 2014-11-16 22:52 - 00136364 _____ () C:\Users\Stefan Möller\AppData\Roaming\msconfig.ini
2014-11-14 09:05 - 2014-11-14 09:05 - 00000000 __SHD () C:\Windows\SysWOW64\Realtek Audio
2014-11-13 13:37 - 2014-11-13 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-11-13 13:30 - 2014-11-13 13:30 - 00001849 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-11-13 13:30 - 2014-11-13 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-13 13:30 - 2014-11-13 13:30 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-13 07:44 - 2014-11-13 07:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-13 07:38 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-13 07:38 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-13 07:38 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-13 07:38 - 2014-10-27 21:32 - 17870336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 07:38 - 2014-10-27 21:13 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 07:38 - 2014-10-27 21:12 - 10921472 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 07:38 - 2014-10-27 21:07 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 07:38 - 2014-10-27 21:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 07:38 - 2014-10-27 21:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 07:38 - 2014-10-27 21:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-13 07:38 - 2014-10-27 21:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 07:38 - 2014-10-27 21:04 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 07:38 - 2014-10-27 21:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-13 07:38 - 2014-10-27 21:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 07:38 - 2014-10-27 21:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 07:38 - 2014-10-27 21:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 07:38 - 2014-10-27 21:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 07:38 - 2014-10-27 21:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 07:38 - 2014-10-27 21:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 07:38 - 2014-10-27 21:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 07:38 - 2014-10-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 07:38 - 2014-10-27 21:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-13 07:38 - 2014-10-27 21:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-13 07:38 - 2014-10-27 21:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-13 07:38 - 2014-10-27 20:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 07:38 - 2014-10-27 20:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 07:38 - 2014-10-27 20:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 07:38 - 2014-10-27 19:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 07:38 - 2014-10-27 19:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 07:38 - 2014-10-27 19:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 07:38 - 2014-10-27 19:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-13 07:38 - 2014-10-27 19:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 07:38 - 2014-10-27 19:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 07:38 - 2014-10-27 19:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-13 07:38 - 2014-10-27 19:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 07:38 - 2014-10-27 19:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 07:38 - 2014-10-27 19:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 07:38 - 2014-10-27 19:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 07:38 - 2014-10-27 19:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 07:38 - 2014-10-27 19:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 07:38 - 2014-10-27 19:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 07:38 - 2014-10-27 19:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-13 07:38 - 2014-10-27 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-13 07:38 - 2014-10-27 19:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-13 07:38 - 2014-10-27 19:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 07:38 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 07:38 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 07:38 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 07:38 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 07:38 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 07:38 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 07:38 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-13 07:38 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 07:38 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 07:38 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 07:38 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 07:38 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 07:38 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 07:38 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 07:38 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-13 07:37 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 07:37 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 07:37 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 07:37 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 07:37 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 07:37 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 07:37 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 07:37 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 07:37 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 07:37 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 07:37 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 07:37 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 07:37 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 07:37 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 07:37 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 07:37 - 2014-09-19 10:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-13 07:37 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 07:37 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 07:37 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 07:37 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 07:37 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 07:37 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 07:37 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-13 07:37 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 07:37 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 07:37 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 07:37 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-13 07:37 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 07:37 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-30 20:17 - 2014-10-30 20:17 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-30 20:17 - 2014-10-30 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-30 20:17 - 2014-10-30 20:17 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-30 20:17 - 2014-10-30 20:17 - 00000000 ____D () C:\Program Files\iTunes
2014-10-30 20:17 - 2014-10-30 20:17 - 00000000 ____D () C:\Program Files\iPod
2014-10-30 20:17 - 2014-10-30 20:17 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-25 11:10 - 2014-10-25 11:11 - 00000000 ____D () C:\Users\Stefan Möller\AppData\Local\{5E073B6A-9506-412A-84AA-9A87D7E5A3D8}
2014-10-25 11:04 - 2014-10-25 11:04 - 00000000 ____D () C:\Users\Stefan Möller\restore
2014-10-25 10:56 - 2014-11-16 13:38 - 00000000 ____D () C:\Program Files\Pixum
2014-10-25 10:55 - 2014-10-25 10:55 - 01631072 _____ () C:\Users\Stefan Möller\Downloads\setup_Pixum_Fotobuch.exe
2014-10-23 12:01 - 2014-10-25 11:15 - 00000000 ____D () C:\Users\Stefan Möller\Desktop\Fotos Mama
2014-10-23 08:48 - 2014-10-23 08:48 - 00770048 _____ () C:\Users\Stefan Möller\Documents\image.jpeg
2014-10-23 08:47 - 2014-10-23 08:47 - 00000000 ____D () C:\Users\Stefan Möller\AppData\Local\{05EE08F2-9514-40C8-8B37-FA80196225FE}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-16 22:57 - 2011-11-04 09:40 - 02315776 ___SH () C:\Users\Stefan Möller\Desktop\Thumbs.db
2014-11-16 22:56 - 2011-06-28 14:40 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-16 22:55 - 2009-07-14 05:51 - 00250906 _____ () C:\Windows\setupact.log
2014-11-16 22:54 - 2010-11-29 14:52 - 00355504 _____ () C:\Windows\PFRO.log
2014-11-16 22:52 - 2011-05-13 11:39 - 02060589 _____ () C:\Windows\WindowsUpdate.log
2014-11-16 22:51 - 2011-05-21 18:31 - 00000000 ____D () C:\Users\Stefan Möller\Documents\Outlook-Dateien
2014-11-16 21:59 - 2009-07-14 05:45 - 00018704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-16 21:59 - 2009-07-14 05:45 - 00018704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-16 21:57 - 2011-05-16 19:09 - 01648918 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-11-16 21:57 - 2010-11-25 17:28 - 00703108 _____ () C:\Windows\system32\perfh007.dat
2014-11-16 21:57 - 2010-11-25 17:28 - 00150692 _____ () C:\Windows\system32\perfc007.dat
2014-11-16 21:49 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-16 21:46 - 2012-08-07 23:50 - 00000000 ____D () C:\Program Files (x86)\ActiveTraderDE
2014-11-16 21:45 - 2009-07-14 03:34 - 19922944 _____ () C:\Windows\system32\config\system.bak
2014-11-16 21:45 - 2009-07-14 03:34 - 115081216 _____ () C:\Windows\system32\config\software.bak
2014-11-16 21:45 - 2009-07-14 03:34 - 01048576 _____ () C:\Windows\system32\config\default.bak
2014-11-16 21:45 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-11-16 21:45 - 2009-07-14 03:34 - 00024576 _____ () C:\Windows\system32\config\security.bak
2014-11-16 21:44 - 2013-03-24 15:36 - 00000000 ____D () C:\Windows\erdnt
2014-11-16 13:34 - 2010-11-26 17:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-16 10:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-16 09:06 - 2011-05-13 11:42 - 00000000 ____D () C:\Users\Stefan Möller
2014-11-16 08:13 - 2011-05-22 09:47 - 00002115 _____ () C:\Windows\epplauncher.mif
2014-11-14 21:39 - 2012-10-16 18:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-14 20:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 19:21 - 2011-08-14 06:05 - 00000000 ____D () C:\Users\Stefan Möller\AppData\Roaming\vlc
2014-11-14 12:24 - 2011-05-13 12:05 - 00000000 ____D () C:\Users\Stefan Möller\AppData\Roaming\UseNeXT
2014-11-14 12:23 - 2011-05-13 12:05 - 00000000 ___RD () C:\Users\Stefan Möller\Documents\UseNeXT
2014-11-14 09:06 - 2014-10-09 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xpadder
2014-11-14 09:06 - 2014-10-09 17:39 - 00000000 ____D () C:\Program Files (x86)\Xpadder
2014-11-14 09:05 - 2013-07-12 22:20 - 00001778 _____ () C:\Users\Stefan Möller\Desktop\Xpadder.ini
2014-11-14 08:57 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-14 08:57 - 2009-07-14 05:45 - 00449640 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 08:54 - 2014-05-06 22:15 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-14 01:59 - 2013-08-14 22:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-14 01:56 - 2010-11-26 18:57 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 16:22 - 2011-06-06 17:41 - 00000000 ____D () C:\Users\Stefan Möller\Desktop\Britta Carstensen (Dipl. Juristin)
2014-11-13 08:50 - 2012-05-03 17:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-12 13:39 - 2012-10-16 18:04 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 13:39 - 2012-04-09 09:09 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 13:39 - 2011-05-27 18:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-10 21:12 - 2011-06-27 20:27 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-11-10 21:10 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-08 05:51 - 2011-05-13 13:52 - 00000000 ____D () C:\Users\Stefan Möller\AppData\Local\Adobe
2014-10-30 20:17 - 2014-09-18 12:51 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-30 20:17 - 2014-04-17 07:42 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-30 12:25 - 2010-11-26 18:22 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-25 12:12 - 2013-08-02 12:25 - 00000000 ____D () C:\ProgramData\tmp
2014-10-25 10:59 - 2013-08-02 12:25 - 00000000 ____D () C:\ProgramData\hps
2014-10-21 09:31 - 2013-06-14 18:52 - 00000000 ____D () C:\Program Files\Microsoft Office 15

Files to move or delete:
====================
C:\Users\Stefan Möller\Civ5GDF.dll
C:\Users\Stefan Möller\CvGameCoreDLLFinal Release.dll
C:\Users\Stefan Möller\CvGameDatabaseWin32Final Release.dll
C:\Users\Stefan Möller\CvLocalizationWin32Final Release.dll
C:\Users\Stefan Möller\dbghelp.dll
C:\Users\Stefan Möller\libeay32.dll
C:\Users\Stefan Möller\lua51_Win32.dll
C:\Users\Stefan Möller\Mss32.dll
C:\Users\Stefan Möller\mss32midi.dll
C:\Users\Stefan Möller\ssleay32.dll
C:\Users\Stefan Möller\steam_api.dll
C:\Users\Stefan Möller\zlib1.dll
C:\Users\Stefan Möller\AppData\Roaming\msconfig.ini


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2014-11-08 18:48

==================== End Of Log ============================
         
--- --- ---

Alt 16.11.2014, 22:19   #13
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren - Standard

Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren



Schritt 1

Malwarebytes Antimalware
  • Download-Link
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
  • Poste mir den Inhalt der Logdatei (geht so...). Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 16.11.2014, 22:25   #14
BlueBall
 
Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren - Standard

Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren



Mir war es leider nicht möglich Schritt 1 durchzuführen. Es sind während der Installation mehrere Fehlermeldungen aufgetaucht....

Alt 16.11.2014, 22:26   #15
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren - Standard

Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren



Ok...

Dann das als Schritt 1:

Lade Dir bitte von hier Emsisoft Emergency Kit Download Emsisoft Emergency Kit herunter.
  • Bitte installiere das Programm in den vorgegebenen Pfad.
  • Starte das Programm durch Doppelklick der Desktopverknüpfung.
  • Das EEK ist nach dem Laden der Malwaresignaturen für den Scan bereit.
  • Folge nun bitte der bebilderten Bildanleitung zu Emergency Kit, entferne alle Funde und poste am Ende des Scans bzw. der Bereinigung das Log.

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Antwort

Themen zu Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren
adware.win32.gaspacade, application.adreg, application.win32.installext, application.win32.ytool, fehlercode 0x3, fehlercode 0x40000015, fehlercode 0x80070656, fehlercode 0xc0000005, fehlercode 22, fehlercode 24, fehlercode: 0x80070656, gen:variant.application.bitcoinminer.5, js/securitydisabler.a.gen, nqij.exe, setting.disableregistrytools, this device is disabled. (code 22), trojan-ransom.urausy, trojan.generic.9052288, trojan.generic.9057554, trojan.generickd.1920524, trojan.generickd.1921821, trojan.generickd.1967317, win32/downloadsponsor.a, win32/toolbar.widgi



Ähnliche Themen: Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren


  1. AntiViren Programme lassen sich nicht starten/installieren. Und beim MicrosoftSecurityCenter kann ich den EchtzeitSchutz nicht aktivieren!
    Plagegeister aller Art und deren Bekämpfung - 24.06.2015 (41)
  2. Programme lassen sich nicht mehr starten
    Plagegeister aller Art und deren Bekämpfung - 17.04.2015 (11)
  3. Avira Antivir lässt sich nicht mehr installieren/ Programme lassen sich nicht öffnen
    Antiviren-, Firewall- und andere Schutzprogramme - 23.03.2015 (10)
  4. Nach Installation von DVDstyler kein Internet mehr und Programme lassen sich nicht starten
    Plagegeister aller Art und deren Bekämpfung - 27.01.2015 (13)
  5. Antivirenprogramme lassen sich nicht installieren/starten
    Plagegeister aller Art und deren Bekämpfung - 29.10.2013 (7)
  6. Programmdateien im Explorer verschwunden, Programme lassen sich nicht mehr starten
    Log-Analyse und Auswertung - 05.06.2012 (10)
  7. nach gewisser zeit lassen sich programme nicht mehr starten, windows xp...
    Plagegeister aller Art und deren Bekämpfung - 04.02.2012 (1)
  8. Nur noch Verknüpfungen und viele Programme lassen sich nicht mehr starten..
    Plagegeister aller Art und deren Bekämpfung - 09.01.2012 (3)
  9. Antivieren-,Programme und Spiele lassen sich nicht Installieren
    Log-Analyse und Auswertung - 14.03.2011 (4)
  10. Installierte Programme lassen sich nicht mehr starten
    Plagegeister aller Art und deren Bekämpfung - 19.11.2010 (7)
  11. Defense Center, nach Entfernen lassen sich Programme nicht mehr starten
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (7)
  12. MS Office Programme lassen sich nicht mehr starten
    Alles rund um Windows - 31.01.2010 (9)
  13. Firefox Google Crash, Programme lassen sich nicht mehr starten.
    Log-Analyse und Auswertung - 11.11.2009 (1)
  14. bitte überprüfen, programme lassen sich nicht mehr installieren...
    Log-Analyse und Auswertung - 13.12.2007 (2)
  15. Programme verschwinden / lassen sich nicht mehr starten
    Log-Analyse und Auswertung - 15.06.2007 (1)
  16. Hilfe!!!! Programme lassen sich nicht mehr starten nach registry cleaner!
    Alles rund um Windows - 25.09.2006 (3)
  17. Nach kurzen Internetbesuch lassen sich diverse Programme nicht mehr starten
    Plagegeister aller Art und deren Bekämpfung - 28.09.2005 (2)

Zum Thema Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren - Hallo Cummunity, mir ist heute Morgen beim Start des Rechners aufgefallen, dass Microsoft Security Essentials nicht in der Taskleiste erschienen ist. Ein manueller Start bzw. Neuinstallationen waren erfolglos. Auch andere - Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren...
Archiv
Du betrachtest: Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.