Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Telekom Abuse Team, Infektion: generic

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.02.2015, 21:12   #1
Kroko123
 
Telekom Abuse Team, Infektion: generic - Standard

Telekom Abuse Team, Infektion: generic



Hallo,

ich habe vor kurzem einen Brief sowie 2 Mails vom Telekom-Abuse-Team erhalten mit folgendem Text:
Code:
ATTFilter
Sehr geehrte Kundin,
sehr geehrter Kunde,

uns liegen Hinweise von Sicherheitsexperten vor, dass mindestens ein
Rechner, der sich über Ihren Internetzugang mit dem Internet verbindet,
mit einem Virus/Trojaner infiziert ist.

Die folgende IP-Adresse war zu dem genannten Zeitpunkt Ihnen zugeordnet:

IP-Adresse: XXXXXXXXXXXXX
Zeitangabe: 16.02.2015, 15:54:50 (MEZ)
Infektion: generic

Wir empfehlen Ihnen jetzt folgende Schritte:

1. Bitte stellen Sie sicher, dass Ihr Computer frei von Viren und
Trojanern ist. Verwenden Sie hierzu bitte eine Schutzsoftware Ihrer
Wahl.

2. Ändern Sie dann alle Passwörter:
- das 'Persönliche Kennwort' (für die Einwahl ins Internet)
- das 'Passwort' (für das E-Mail- und Kundencenter)
- das 'E-Mail-Passwort' (für E-Mail Programme, wie z.B. Microsoft
Outlook)
für die Dienste der Deutschen Telekom. Dies können Sie zentral im
Kundencenter unter
https://kundencenter.telekom.de/kundencenter/kundendaten/passwoerter
tätigen. Vergessen Sie nicht etwaige Passwörter für Onlinebanking,
eBay, Amazon, Paypal und so weiter, falls Sie solche Dienste nutzen.

3. Bitte prüfen Sie auch die Einstellungen Ihres Computers, ob das
Betriebssystem und die installierte Software aktuell sind.

Die Reihenfolge ist wichtig, da die neuen Passwörter sonst direkt
wieder von Dritten ausgelesen werden könnten, wenn eine vorhandene
Schadsoftware nicht zuvor entfernt wurde.

Wenn Sie hierbei Unterstützung benötigen, erreichen Sie uns von Montag
bis Freitag von 08:00 Uhr bis 18:00 Uhr direkt unter der kostenfreien
Rufnummer 0800 5544 300. Halten Sie hierzu Ihre Abuse-ID und
Zugangsnummer, welche Sie im Betreff finden, bereit.

Auf unserer Seite https://abusefaq.telekom.de haben wir Ihnen viele
hilfreiche Tipps und Links zum Thema "Sicherheit" zusammengestellt.

Wenn Sie Fragen zu unserer E-Mail haben, schreiben Sie uns an
abuse@telekom.de und geben Sie dabei Ihre im Betreff genannte
Zugangsnummer an.

Mit freundlichen Grüßen

Deutsche Telekom AG
SEC-CDM / Abuse-Team
T-Online-Allee 1
D-64295 Darmstadt
E-Mail: abuse@telekom.de

hxxp://www.t-online.de/abuse
hxxp://www.telekom.de

ERLEBEN, WAS VERBINDET.

Die gesetzlichen Pflichtangaben finden Sie unter:
www.telekom.com/pflichtangaben

Große Veränderungen fangen klein an - Ressourcen schonen und nicht jede
E-Mail drucken.

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
Informationen. Wenn Sie nicht der richtige Adressat sind oder diese
E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den
Absender und löschen Sie diese E-Mail. Das unerlaubte Kopieren sowie
die unbefugte Weitergabe dieser E-Mail und der darin enthaltenen
Informationen sind nicht gestattet.
         
Daraufhin habe ich bei den Mails erstmal geschaut, was ich zu den betreffenden Zeiten gemacht hatte. Ich war zu diesen Zeiten immer mit meinem Notebook im Internet. Sonst haben wir nur noch 2 Handy's, die in unserem Wlan ins Internet gehen. Also kann es vermutlich nur das Notebook sein, auf dem der Virus / Trojaner sitzt.

Auch habe ich noch an das Telekom-Abuse-Team geschrieben wg. weiteren Details und habe diese Antwort erhalten:

Code:
ATTFilter
So wurde die Schadsoftware entdeckt
-----------------------------------

Über Ihren Internetzugang wurde ein "Sinkhole" kontaktiert. Das ist ein
Server, der als Falle für durch Schadsoftware befallene Rechner dient,
indem er einen Command&Control-Server eines Botnets simuliert. Ein
Command&Control-Server ist ein Bestandteil eines Botnets, der zwischen
dem eigentlichen Verbrecher und seinen "Bots" vermittelt. Unter
hxxp://www.elektronik-kompendium.de/sites/net/1501041.htm finden Sie bei
Interesse eine gute Erklärung der Struktur eines Botnets sowie eine
schematische Darstellung.

Bei den beschwerdegegenständlichen Zugriffen handelt es sich nicht um
den Versand von E-Mails. Die Steuerung der Bots erfolgt über die Ports
80 (HTTP) und 443 (HTTPS), das ist die übliche Vorgehensweise der
Botnetzbetreiber, da es keine Internetzugänge gibt, bei denen diese
Ports gesperrt sind. Per HTTP(S) aktualisieren sich die Bots, liefern
gestohlene Login-Daten ab und holen sich ihre Aufgabenlisten ab: An
DoS-Attacken teilnehmen, rechtswidrige Inhalte verbreiten, Spam
versenden, usw.


Informationen zum detektierten Schädling
----------------------------------------

Leider liegen uns keine spezifischen Informationen dazu vor, welche
Schadsoftware für den Zugriff verantwortlich ist.

Aus den bisherigen Rückmeldungen anderer Kunden können wir (abgesehen
von den üblichen 'verseuchten' Windows-Rechnern) darauf schließen, dass
auch folgende Geräteklassen in Frage kommen:

- Geräte mit einer Android-Version < 4.4 (Elf Sicherheitslücken in
Systemkomponente WebView, die nicht gefixt werden, siehe
hxxp://ct.de/-2528130)

- Spezielle Geräte mit meist unixoiden OS, die einen Webserver
beinhalten. Die darauf installierte Software wird oft nicht gepflegt,
sodass veraltete Installationen (CMS, PHP, SQL, Apache, Bash, ntpd)
vorliegen, die Sicherheitslücken beinhalten. Sind diese Geräte von
außen erreichbar, kann man davon ausgehen, dass diese auch früher
oder später gefunden und missbraucht werden. In erster Linie betrifft
dies NAS (Netzwerkspeichersystem), aber auch IP-Kameras oder anderes
wären denkbar.

- Von außen erreichbare Server oder Gateways mit unixoiden OS
(betrifft insbesondere Linux und Mac OS)

Die beschwerdegegenständlichen Zugriffe fanden über die folgenden, Ihrem
Zugang zugewiesenen IP-Adressen zu den angegebenen Zeitpunkten statt,
die relevanten Zeitangaben aus den Beschwerden haben wir in die
jeweilige deutsche Zeitzone (MESZ/MEZ) umgerechnet:

| 217.238.145.154 Sa, 07.02.2015 14:56:22 MEZ
| 217.238.157.157 So, 08.02.2015 12:57:34 MEZ
| 217.238.136.124 Mo, 09.02.2015 07:04:55 MEZ
| 217.238.157.213 Di, 10.02.2015 19:56:01 MEZ
| 217.238.133.52 Mi, 11.02.2015 18:56:18 MEZ
| 217.238.138.7 Do, 12.02.2015 19:57:28 MEZ
| 217.238.132.122 Sa, 14.02.2015 15:57:30 MEZ
| 217.238.134.92 So, 15.02.2015 11:55:13 MEZ
| 217.238.131.95 Mo, 16.02.2015 15:54:50 MEZ
| 217.238.145.245 Di, 17.02.2015 14:57:00 MEZ
| 217.238.147.180 Mi, 18.02.2015 11:57:14 MEZ
| 217.238.142.157 Do, 19.02.2015 16:55:45 MEZ
| 217.238.141.103 Fr, 20.02.2015 13:55:33 MEZ
| 217.238.132.84 Sa, 21.02.2015 13:57:46 MEZ
         
Ich habe auf dem Notebook den Virenscanner AVG Antivirus Free Edition laufen. Der Virenscan hat logischerweise keine Probleme gebracht.

Entsprechend der Anleitung habe ich alle Scans schon durchgeführt.

Defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:59 on 23/02/2015 (Egerland)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2015
Ran by Egerland (administrator) on EGERLAND-PC on 23-02-2015 17:05:24
Running from C:\Users\Egerland\Downloads\Virenentfernung Trojaner-Board
Loaded Profiles: Egerland (Available profiles: Egerland & Administrator)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Lexware\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe
() C:\Program Files\GMX\LiveUpdate\m2LUTray.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(SAMSUNG ELECTRONICS) C:\Program Files\Samsung\EmoDio\SMSTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Corel, Inc.) C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\AVG Web TuneUp\vprot.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
() C:\Program Files\Power DVD Player\PowerDVDPlayer.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
() C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [LexwareInfoService] => C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [GMX Update] => C:\Program Files\GMX\LiveUpdate\m2LUTray.exe [2229632 2009-10-16] ()
HKLM\...\Run: [NeroFilterCheck] => C:\windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [185896 2006-09-28] (Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SMSTray] => C:\Program Files\Samsung\EmoDio\SMSTray.exe [479232 2009-04-16] (SAMSUNG ELECTRONICS)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe [106496 2005-08-02] (Corel, Inc.)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [3081752 2014-12-10] ()
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-12-02] (Western Digital Technologies, Inc.)
HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [4370976 2014-12-12] (Fitbit, Inc.)
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [Power DVD Player] => C:\Program Files\Power DVD Player\PowerDVDPlayer.exe [391168 2007-09-06] ()
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [AnyDVD] => C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [109480 2014-10-01] (SlySoft, Inc.)
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-06-10] (InstallShield Software Corporation)
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Egerland\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=cdc0da971bc747d19929d16d12f7d578-5ea248575a62144c5b04df843d51e7845d247983 /CMPID=1213b
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [4370976 2014-12-12] (Fitbit, Inc.)
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\MountPoints2: {10eddee7-cbd3-11de-b12f-002454133c8b} - F:\setup.exe AUTORUN=1
HKU\S-1-5-18\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-06-10] (InstallShield Software Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\Users\Egerland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ebay.de/sch/i.html?_odkw=siemens+defekt&_fspt=1&_sadis=100&_osacat=20710&LH_Distance=2&_from=R40&LH_PrefLoc=1&_fpos=83342&_trksid=p2045573.m570.l1313.TR6.TRC1.A0.H0.Xbosch+defekt&_nkw=bosch+defekt&_sacat=20710
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.ebay.de/sch/i.html?_odkw=siemens+defekt&_fspt=1&_sadis=100&_osacat=20710&LH_Distance=2&_from=R40&LH_PrefLoc=1&_fpos=83342&_trksid=p2045573.m570.l1313.TR6.TRC1.A0.H0.Xbosch+defekt&_nkw=bosch+defekt&_sacat=20710
https://www.google.de/
URLSearchHook: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 - (No Name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} -  No File
URLSearchHook: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 - (No Name) - {26647ca4-a2a7-4eac-8a72-761aa9141de7} -  No File
SearchScopes: HKLM -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2325506
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2325506
SearchScopes: HKU\.DEFAULT -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = 
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> DefaultScope {09C6AB88-402B-4371-B00B-750CA1B06199} URL = hxxp://search.softonic.com/MOY00009/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=cc4771f80000000000002eeee6aeaafc&toi=16081&r=710
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {09C6AB88-402B-4371-B00B-750CA1B06199} URL = hxxp://search.softonic.com/MOY00009/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=cc4771f80000000000002eeee6aeaafc&toi=16081&r=710
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {59005EF4-725A-4875-B03E-59C1BE9DCF52} URL = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {5D6E4CE3-E317-4473-BEDE-6B111D426BBD} URL = hxxp://go.gmx.net/suchbox/amazon/?keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {8F76D6BC-80B9-4027-9C3A-CFD0EAC6E23B} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={1A83451E-68B9-495B-B0CC-DB856FABA06D}&mid=cdc0da971bc747d19929d16d12f7d578-5ea248575a62144c5b04df843d51e7845d247983&lang=de&ds=AVG&coid=avgtbavg&cmpid=1214av&pr=fr&d=2014-12-10 16:40:13&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {A8EA1D37-CE39-4B3B-8728-7C93BCCBE5CA} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2325506
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {D6FAA450-51B8-4270-BAF0-ABCC34A41F04} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {F8B71535-AD50-4877-B331-3ECDD5EF90FA} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
BHO: Conduit Engine -> {30F9B915-B755-4826-820B-08FBA6BD249D} -> C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.0.5.7\AVG Web TuneUp.dll (AVG)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKU\.DEFAULT -> Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> No Name - {26647CA4-A2A7-4EAC-8A72-761AA9141DE7} -  No File
Toolbar: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
Handler: haufereader - No CLSID Value - 
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Egerland\AppData\Roaming\Mozilla\Firefox\Profiles\q5ajt1bs.default-1380970918604
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1131658597-4005637612-88016806-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Egerland\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Egerland\AppData\Roaming\Mozilla\Firefox\Profiles\q5ajt1bs.default-1380970918604\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Egerland\AppData\Roaming\Mozilla\Firefox\Profiles\q5ajt1bs.default-1380970918604\searchplugins\softonic.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF Extension: GMX MailCheck - C:\Users\Egerland\AppData\Roaming\Mozilla\Firefox\Profiles\q5ajt1bs.default-1380970918604\Extensions\toolbar@gmx.net [2014-12-17]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=48&cc=&mi=cc4771f80000000000002eeee6aeaafc&toi=16081"
CHR Profile: C:\Users\Egerland\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Egerland\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-12]
CHR Extension: (Google Wallet) - C:\Users\Egerland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-12]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files\Lexware\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [5738528 2014-12-12] (Fitbit, Inc.)
S2 gupdate1cacc505e5a502c; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [9728 2010-03-22] (Deutsche Telekom AG) [File not signed]
S4 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] ()
R2 vToolbarUpdater18.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe [1850392 2014-12-10] (AVG Secure Search)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-12-02] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\windows\System32\Drivers\AnyDVD.sys [121000 2014-04-24] (SlySoft, Inc.)
R1 Avgdiskx; C:\windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\windows\System32\DRIVERS\avgidsdriverx.sys [208152 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [43296 2014-12-10] (AVG Technologies)
R1 ElbyCDIO; C:\windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 17:04 - 2015-02-23 17:05 - 00000000 ____D () C:\FRST
2015-02-23 17:00 - 2015-02-23 17:05 - 00000000 ____D () C:\Users\Egerland\Downloads\Virenentfernung Trojaner-Board
2015-02-23 16:59 - 2015-02-23 16:59 - 00000000 _____ () C:\Users\Egerland\defogger_reenable
2015-02-23 16:57 - 2015-02-23 16:57 - 00000000 ____D () C:\Users\Egerland\Desktop\Virenanalyse
2015-02-23 15:17 - 2015-02-23 15:17 - 00000000 ___HD () C:\windows\AxInstSV
2015-02-22 13:57 - 2015-02-22 13:57 - 00000000 ____D () C:\Users\Egerland\Desktop\Referat
2015-02-22 11:45 - 2015-02-23 15:20 - 00008192 _____ () C:\windows\system32\WDPABKP.dat
2015-02-21 21:35 - 2015-02-21 21:35 - 00000000 ____D () C:\Users\Egerland\Documents\TAXMAN
2015-02-21 21:35 - 2015-02-21 21:35 - 00000000 ____D () C:\Users\Egerland\AppData\Local\HL
2015-02-21 21:29 - 2015-02-21 21:29 - 00000000 ____D () C:\ProgramData\AAV
2015-02-21 21:27 - 2015-02-21 21:32 - 00002017 _____ () C:\Users\Public\Desktop\TAXMAN 2015.lnk
2015-02-21 21:21 - 2015-02-21 21:21 - 00000000 ____D () C:\ProgramData\HL
2015-02-17 19:32 - 2015-02-17 19:44 - 00000000 ____D () C:\Users\Egerland\Desktop\Dorema Bergamo
2015-02-16 19:16 - 2015-02-16 19:18 - 00146192 _____ () C:\windows\Minidump\021615-77766-01.dmp
2015-02-11 19:07 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-11 19:07 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-10 19:39 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-10 19:39 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-10 19:39 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-10 19:39 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-10 19:39 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-10 19:39 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-10 19:39 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-10 19:39 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-10 19:39 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-10 19:39 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-10 19:39 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-10 19:39 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-10 19:39 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-02-10 19:39 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-10 19:39 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-10 19:39 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-10 19:39 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-10 19:39 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-10 19:38 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-02-10 19:38 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-10 19:38 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-02-10 19:38 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-10 19:38 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-10 19:38 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-10 19:38 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-10 19:38 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-10 19:38 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-10 19:38 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-10 19:38 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-10 19:38 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 19:38 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-10 19:38 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-10 19:38 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-10 19:38 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-10 19:37 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-10 19:37 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-10 19:37 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-10 19:37 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-10 19:37 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-10 19:37 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-10 19:37 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-10 19:37 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-10 19:37 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-10 19:37 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-10 19:37 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-10 19:37 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-10 19:37 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-10 19:37 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-10 19:37 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-10 19:37 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-10 19:36 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-10 19:36 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-10 19:36 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-10 19:36 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-02-10 19:36 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-02-07 17:00 - 2015-02-07 17:00 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-01 15:57 - 2015-02-01 16:03 - 00029184 _____ () C:\Users\Egerland\Downloads\kalorienwochenbudget(1).xls
2015-01-27 14:01 - 2015-01-27 14:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 20:04 - 2015-01-25 20:04 - 00001169 _____ () C:\Users\Egerland\Desktop\Fitbit Connect.lnk
2015-01-24 13:51 - 2015-02-18 21:11 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-24 13:51 - 2015-01-25 08:52 - 00000000 ____D () C:\ProgramData\FitbitConnect
2015-01-24 13:51 - 2015-01-24 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
2015-01-24 13:51 - 2015-01-24 13:51 - 00000000 ____D () C:\Program Files\Fitbit Connect
2015-01-24 13:13 - 2015-01-24 13:13 - 32688736 _____ (Fitbit Inc.) C:\Users\Egerland\Downloads\FitbitConnect_Win_20141212_2.0.0.6518.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 16:59 - 2009-11-07 13:35 - 00000000 ____D () C:\Users\Egerland
2015-02-23 16:53 - 2009-09-17 07:44 - 01317671 _____ () C:\windows\WindowsUpdate.log
2015-02-23 16:38 - 2012-11-16 21:07 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-23 16:25 - 2010-03-25 20:40 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-23 16:17 - 2011-12-13 19:57 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-23 15:31 - 2009-07-14 05:34 - 00023664 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-23 15:31 - 2009-07-14 05:34 - 00023664 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-23 15:25 - 2010-03-25 20:40 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-23 15:17 - 2013-01-21 20:13 - 00000342 _____ () C:\windows\Tasks\ROC_JAN2013_TB_rmv.job
2015-02-23 15:17 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-23 15:17 - 2009-07-14 05:39 - 00243979 _____ () C:\windows\setupact.log
2015-02-22 22:07 - 2012-11-16 20:33 - 00000000 ____D () C:\Users\Egerland\AppData\Roaming\BOM
2015-02-22 15:46 - 2014-08-09 15:50 - 00000000 ____D () C:\Users\Egerland\Desktop\Ralfs Lieblingsmusik
2015-02-22 15:45 - 2014-07-14 07:44 - 00000000 ____D () C:\Users\Egerland\AppData\Roaming\streamWriter
2015-02-22 15:35 - 2009-07-26 21:06 - 01427320 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-22 11:47 - 2009-11-07 13:46 - 00124808 _____ () C:\Users\Egerland\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-22 11:44 - 2009-07-14 05:33 - 00445376 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-22 11:41 - 2014-02-18 20:06 - 00000000 ____D () C:\Program Files\CDBurnerXP
2015-02-22 11:41 - 2009-09-17 08:19 - 00836386 _____ () C:\windows\PFRO.log
2015-02-21 21:32 - 2009-11-07 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2015-02-21 21:29 - 2009-11-07 19:41 - 00000000 ____D () C:\Program Files\Lexware
2015-02-21 20:59 - 2014-02-18 20:06 - 00001895 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2015-02-21 20:59 - 2014-02-18 20:06 - 00001845 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-02-21 20:58 - 2013-04-20 15:49 - 00000083 ___SH () C:\ProgramData\.zreglib
2015-02-20 19:27 - 2010-03-25 20:22 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-16 19:16 - 2011-03-02 14:44 - 341335862 _____ () C:\windows\MEMORY.DMP
2015-02-16 19:16 - 2011-03-02 14:44 - 00000000 ____D () C:\windows\Minidump
2015-02-14 20:08 - 2013-01-23 20:01 - 00000000 ____D () C:\Users\Egerland\Documents\My Digital Editions
2015-02-11 19:06 - 2013-02-01 21:06 - 00000000 ____D () C:\Users\Egerland\Documents\Calibre Bibliothek
2015-02-11 18:44 - 2014-12-10 17:48 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-11 18:44 - 2014-05-06 21:09 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-11 18:44 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\tracing
2015-02-11 18:44 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\de-DE
2015-02-10 21:15 - 2013-07-11 20:13 - 00000000 ____D () C:\windows\system32\MRT
2015-02-10 21:07 - 2009-11-10 21:27 - 113756392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-09 16:40 - 2013-02-01 20:07 - 00000000 ____D () C:\Users\Egerland\Documents\My Kindle Content
2015-02-08 18:35 - 2011-05-12 15:23 - 00000000 ____D () C:\Users\Egerland\Desktop\DVD-Filme
2015-02-07 17:01 - 2013-12-01 16:52 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-07 17:01 - 2009-11-07 19:37 - 00000000 ____D () C:\Program Files\Java
2015-02-07 17:00 - 2014-12-07 21:42 - 00096680 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2015-02-05 19:39 - 2012-11-16 21:07 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-02-05 19:39 - 2011-11-09 21:11 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-27 16:39 - 2012-05-05 16:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-27 14:18 - 2009-11-07 13:36 - 00000000 ____D () C:\Users\Egerland\AppData\Local\Adobe
2015-01-25 16:00 - 2015-01-10 18:39 - 00126464 _____ () C:\Users\Egerland\Desktop\kalorienwochenbudget.xls
2015-01-25 15:08 - 2012-05-07 18:22 - 00000000 ____D () C:\Users\Egerland\Documents\Turbo Lister Backup
2015-01-25 09:15 - 2014-10-19 11:47 - 00000951 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-25 09:15 - 2014-04-01 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-25 09:11 - 2014-12-10 16:40 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar

==================== Files in the root of some directories =======

2012-06-19 12:45 - 2015-01-19 17:26 - 0000564 _____ () C:\Users\Egerland\AppData\Roaming\mag33.ini
2012-09-13 07:55 - 2012-09-13 07:55 - 0027520 _____ () C:\Users\Egerland\AppData\Local\dt.dat
2012-01-24 19:55 - 2012-01-24 19:55 - 0000096 _____ () C:\Users\Egerland\AppData\Local\fusioncache.dat
2013-04-20 15:49 - 2015-02-21 20:58 - 0000083 ___SH () C:\ProgramData\.zreglib
2011-02-03 17:37 - 2011-02-03 17:37 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-11-07 13:40 - 2009-08-17 06:54 - 0131368 _____ () C:\ProgramData\FullRemove.exe

Some content of TEMP:
====================
C:\Users\Egerland\AppData\Local\Temp\AskSLib.dll
C:\Users\Egerland\AppData\Local\Temp\avguidx.dll
C:\Users\Egerland\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Egerland\AppData\Local\Temp\DivXSetup.exe
C:\Users\Egerland\AppData\Local\Temp\FileSystemView.dll
C:\Users\Egerland\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Egerland\AppData\Local\Temp\FP_PL_PFS_INSTALLER-1.exe
C:\Users\Egerland\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Egerland\AppData\Local\Temp\GLF6B54.tmp.ConduitEngineSetup.exe
C:\Users\Egerland\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Egerland\AppData\Local\Temp\InstallAX.exe
C:\Users\Egerland\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv_69d6064f.exe
C:\Users\Egerland\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Egerland\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Egerland\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Egerland\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Egerland\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Egerland\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Egerland\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Egerland\AppData\Local\Temp\msg3D00.exe
C:\Users\Egerland\AppData\Local\Temp\NEWFB40.tmp.exe
C:\Users\Egerland\AppData\Local\Temp\oi_{4824FC86-92EA-4F8D-976A-41FF091EC03F}.exe
C:\Users\Egerland\AppData\Local\Temp\oi_{B0F039F7-0F24-4293-8632-95A462B79841}.exe
C:\Users\Egerland\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\Egerland\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Egerland\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Egerland\AppData\Local\Temp\softonic-de3.exe
C:\Users\Egerland\AppData\Local\Temp\softonic_s_de3.exe
C:\Users\Egerland\AppData\Local\Temp\tbsoft.dll
C:\Users\Egerland\AppData\Local\Temp\tbwww..dll
C:\Users\Egerland\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Egerland\AppData\Local\Temp\Tsu24680825.dll
C:\Users\Egerland\AppData\Local\Temp\Tsu6B95603D.dll
C:\Users\Egerland\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Egerland\AppData\Local\Temp\VIS_DE-2013-12-13.exe
C:\Users\Egerland\AppData\Local\Temp\www.Freeware-download.com.exe
C:\Users\Egerland\AppData\Local\Temp\_is9990.exe
C:\Users\Egerland\AppData\Local\Temp\_isC13C.exe
C:\Users\Egerland\AppData\Local\Temp\_isDFD3.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-07 17:20

==================== End Of Log ============================
         
Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-02-2015
Ran by Egerland at 2015-02-23 17:06:34
Running from C:\Users\Egerland\Downloads\Virenentfernung Trojaner-Board
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
ACSI Camp Site Guide Europe 2012 (HKLM\...\InstallShield_{B69FBCB1-805A-458B-8850-E93EC2323933}) (Version: 1.00.0000 - Ihr Firmenname)
ACSI Camp Site Guide Europe 2012 (Version: 1.00.0000 - Ihr Firmenname) Hidden
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Amazon Kindle (HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Amazon Kindle) (Version:  - Amazon)
AnyDVD (HKLM\...\AnyDVD) (Version: 7.5.2.0 - SlySoft)
AnyPC Client (HKLM\...\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}) (Version: 1.0.0.12 - Doctorsoft)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5646 - AVG Technologies)
AVG 2015 (Version: 15.0.4293 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5646 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.0.5.7 - AVG Technologies)
BatteryLifeExtender (HKLM\...\{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}) (Version: 1.0.0 - Samsung)
Biet-O-Matic v2.14.10 (HKLM\...\Biet-O-Matic v2.14.10) (Version: 2.14.10 - BOM Development Team)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
calibre (HKLM\...\{C5670C59-8D82-47FF-90A1-FDAA41A7E9B2}) (Version: 1.34.0 - Kovid Goyal)
Canon CanoScan Toolbox 5.0 (HKLM\...\CanoScan Toolbox 5.0) (Version:  - )
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC) (Version: 8.10.1.19 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM\...\ImageBrowser EX) (Version: 1.3.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
CanoScan 4400F (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803) (Version:  - )
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
CloneDVD2 (HKLM\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conduit Engine (HKLM\...\conduitEngine) (Version: 6.2.3.0 - Conduit Ltd.) <==== ATTENTION
ContentSAFER for Wizmax (HKLM\...\{C19BE821-89B1-4A96-AC7C-873810C0CB5F}) (Version:  - )
Corel Paint Shop Pro X (HKLM\...\{1A15507A-8551-4626-915D-3D5FA095CC1B}) (Version: 10.01 - Corel Inc)
Corel Photo Album 6 (HKLM\...\{8A9B8148-DDD7-448F-BD6C-358386D32354}) (Version: 6.00 - Corel, Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dairy Dash (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Disc2Phone (HKLM\...\{6E65247F-58F9-41CA-BE69-0316F7907170}) (Version: 1.3.0.106 - Sony Media Software)
DVD2one V2.4.2 (HKLM\...\DVD2one V2) (Version: 2.4.2 - Eximius B.V.)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{A7581D39-EA20-4883-A480-80C21047052B}) (Version: 4.0.2 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.4 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.2 - Samsung)
EmoDio (HKLM\...\InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}) (Version: 1.0 - SAMSUNG)
EmoDio (Version: 1.0 - SAMSUNG) Hidden
Farm Frenzy 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
Firefox 3.6 GMX Edition (HKLM\...\Firefox 3.6 GMX Edition) (Version:  - GMX)
Firefox 3.6 GMX Edition (Version: 1.6 - GMX) Hidden
Fitbit Connect (HKLM\...\{08002BE6-6476-4012-8D4B-CF0AE7C71F29}) (Version: 2.0.0.6518 - Fitbit Inc.)
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Game Pack (HKLM\...\{63eafc52-b963-4297-a7eb-d412944e7065}_is1) (Version: 5.3.0.10 - Oberon Media, Inc.)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
GMX Update (HKLM\...\GMX Update) (Version:  - GMX)
GMX Update (Version: 1.0 - GMX) Hidden
Go-Go Gourmet (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}) (Version:  - Oberon Media)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Grundschule Lernspass mit Albert E. Deutsch Klasse 1+2 (HKLM\...\Grundschule Lernspass mit Albert E. Deutsch Klasse 1+2) (Version:  - )
Grundschule Lernspass mit Albert E. Mathematik Klasse 1+2 (HKLM\...\Grundschule Lernspass mit Albert E. Mathematik Klasse 1+2) (Version:  - )
Grundschule Lernspass mit Hexe Lilli Deutsch Klasse 3+4 (HKLM\...\Grundschule Lernspass mit Hexe Lilli Deutsch Klasse 3+4) (Version:  - )
Grundschule Lernspass mit Hexe Lilli Mathematik Klasse 3+4 (HKLM\...\Grundschule Lernspass mit Hexe Lilli Mathematik Klasse 3+4) (Version:  - )
Haufe iDesk-Browser (HKLM\...\{F48AAE0F-52F4-11DD-B1F7-0050560400B1}) (Version: 8.07.16.5590 - Haufe)
Haufe iDesk-Service (HKLM\...\{D5C8E140-6E6F-11DD-9AA9-0050560400B1}) (Version: 8.08.20.5622 - Haufe)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2082 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Klett Nussknacker 2 (HKLM\...\Klett Nussknacker 2) (Version:  - )
Kobo (HKLM\...\Kobo) (Version: 3.2.3 - Kobo Inc.)
Lexware Elster (HKLM\...\{C8E00BC8-D619-4081-813A-6B5BCC846534}) (Version: 9.10.00.0041 - Lexware GmbH & Co. KG)
Lexware financial office 2011 (HKLM\...\{757469A9-396B-45E7-B069-67297D08470E}) (Version: 15.40.00.0015 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (HKLM\...\{85BF9FDB-BD5B-407C-9CAE-3542E5164783}) (Version: 4.00.00.0075 - Haufe-Lexware GmbH & Co.KG)
Lexware reisekosten 2007 (HKLM\...\{17CB4D2C-109D-4141-8ABE-81734B6EE2A6}) (Version: 14.00 - Lexware)
Lexware reisekosten 2007 (Version: 14.00 - Lexware) Hidden
MABBLE Junior 1.3  (HKLM\...\MABBLE Junior) (Version: 1.3 - )
MATHEARBEIT G 4.5  (HKLM\...\MATHEARBEIT G) (Version: 4.5 - MA-Software)
MATHE-PROFI 3.5  (HKLM\...\MATHE-PROFI) (Version: 3.5 - MA-Software)
MATHETEXT G 1.2  (HKLM\...\MATHETEXT G) (Version: 1.2 - )
MetaTrader 4 - RoboForex (HKLM\...\MetaTrader 4 - RoboForex) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Netzmanager (HKLM\...\Netzmanager) (Version: 1.045 - Deutsche Telekom AG)
Netzmanager (Version: 1.045 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
PDF24 Creator 6.3.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PIXELA AAC LC CODEC (HKLM\...\PIXELA AAC LC CODEC) (Version: 1.1.0.1 - Canon Inc.)
Power DVD Player  (HKLM\...\Power DVD Player) (Version:  - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rasche`s Kartenspiele (HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Rasche`s Kartenspiele) (Version:  - )
Realtek Ethernet Controller  Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
RENESIS® Player Browser Plugins (HKLM\...\{62B7C52C-CAB6-48B1-8245-52356C141C92}) (Version: 1.1.1 - examotion® GmbH)
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.3 - Samsung)
Samsung Support Center (HKLM\...\{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}) (Version: 1.0.1 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
ScanSoft OmniPage SE 4.0 (HKLM\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
Schoener Fernsehen 0.0.0.2c (HKLM\...\Schoener Fernsehen) (Version: 0.0.0.2c - © schoener-fernsehen.com)
Servicepack Datumsaktualisierung (Version: 1.00.00.0005 - Haufe-Lexware) Hidden
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.2.7 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.2.7 - SmartSound Software Inc) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Steuer Update 14.01 (Version: 14.01 - Lexware) Hidden
Steuer Update 15.09 (Version: 15.09 - Lexware) Hidden
streamWriter (HKLM\...\streamWriter_is1) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)
TAXMAN 2008 (HKLM\...\{F331FBDC-7DCF-4598-9E7C-E11865677AB4}) (Version: 14.00 - Lexware)
TAXMAN 2008 (Version: 14.00 - Lexware) Hidden
TAXMAN 2009 (HKLM\...\{EFE38CC6-2592-4F93-B59B-CE4B69600890}) (Version: 15.00.00.0026 - Lexware)
TAXMAN 2009 (Version: 15.00.00.0026 - Lexware) Hidden
TAXMAN 2010 (HKLM\...\{5C5B0836-9648-4057-8044-2DF181E073E2}) (Version: 16.14.00.0002 - Haufe-Lexware GmbH & Co. KG)
TAXMAN 2011 spezial (HKLM\...\{D3898F55-9EF3-490F-8AF6-DD9EE5512BC0}) (Version: 17.08.00.0005 - Haufe-Lexware GmbH & Co.KG)
TAXMAN 2012 (HKLM\...\{FA3FDB06-3368-4579-B2F2-5AE8AD6E7871}) (Version: 18.10.00.0007 - Haufe-Lexware GmbH & Co.KG)
TAXMAN 2013 (HKLM\...\{F289D934-2224-473B-B57E-0040D2693F83}) (Version: 19.07.00.0004 - Haufe-Lexware GmbH & Co.KG)
TAXMAN 2014 (HKLM\...\{4A1C559D-38F6-49CF-BDA5-CF354FFE04E4}) (Version: 20.04.00.0003 - Haufe-Lexware GmbH & Co.KG)
TAXMAN 2015 (HKLM\...\{5613CAD3-71ED-4207-95A0-1BA0BF465E38}) (Version: 20.27.130 - Haufe-Lexware GmbH & Co.KG)
TAXMAN Bibliothek 2008 (HKLM\...\{1716D952-F601-4A07-8988-7FCFAEDE6FDC}) (Version: 14.0.0.0 - Haufe Mediengruppe)
TAXMAN Bibliothek 2009 (HKLM\...\{700C61BE-9424-4B20-9153-7A0C59722AF4}) (Version: 15.0.1.0 - Haufe Mediengruppe)
TELL ME MORE (HKLM\...\TMM90) (Version:  - )
TELL ME MORE (HKLM\...\TMM90bis) (Version:  - )
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Unity Web Player (HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
WD Quick View (HKLM\...\{C58994CF-D15D-41E3-A03B-587B39EAA903}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{752EC2DC-0313-435A-BF9A-9B02927C049A}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
WÖRTER-ZIRKUS 1.2  (HKLM\...\WÖRTER-ZIRKUS) (Version: 1.2 - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\InprocServer32 -> C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll (Mozilla Foundation)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Egerland\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\Egerland\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}\localserver32 -> C:\Users\Egerland\AppData\Local\Temp\{e9513610-f218-4dda-b954-2c7e6ba7cabb}\IDriver.NonElevated.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{B6BB720C-25CB-11E0-B4E5-23EBDED72085}\InprocServer32 -> C:\Users\Egerland\AppData\Local\ASKTOO~1\DOWNLO~1\NEROOE~1.DLL No File
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{B6CE1A28-A831-43E4-A81F-E2B429D66231}\InprocServer32 -> C:\Users\Egerland\AppData\Local\ASKTOO~1\DOWNLO~1\Nero.dll No File
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File

==================== Restore Points  =========================

21-02-2015 21:24:45 TAXMAN 2015 wurde installiert.
21-02-2015 21:28:10 Installed AAVUpdateManager.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {13EF8802-E98C-4044-841F-09939F00B4CA} - System32\Tasks\{610DCC01-61C0-4292-8C58-AA305922EB46} => C:\Program Files\Skype\\Phone\Skype.exe [2014-07-02] (Skype Technologies S.A.)
Task: {2EA70280-0F8B-494D-933F-B7BB03B14B87} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
Task: {367DECB2-BD37-4DB0-A698-8330E9C1C2EA} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe
Task: {3873F851-5E91-480B-92A7-AB8D1BFD922A} - System32\Tasks\Western Digital\SmartWare\____Volume_511e6cee_a3da_11de_8773_806e6f6e6963______Volume_a38d148b_ed08_11e0_b8a7_002454133c8b__ => C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe [2014-12-02] (Western Digital Technologies, Inc.)
Task: {4C651BF6-28CA-4682-8CB8-C231ACF5953E} - System32\Tasks\{46B3FD0C-BB4C-4212-93C8-E1AF8D5ECED4} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.113/en/abandoninstall?page=tsPlugin&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;systemlevelpresent
Task: {53BBBDF9-0E4C-464C-9193-2C582D60A182} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {5F5F4027-363A-43FD-8211-7A2BF4BF0E1B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6C26E75A-35C7-471F-AA49-1C8CE4E389CA} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-08-06] (SEC)
Task: {7A0D0A0B-DC9F-4A69-A646-1F963FCCE23E} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-08-12] (Samsung Electronics. Co. Ltd.)
Task: {B2A658A5-E557-4413-BADF-0003EB869DD5} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-09-07] (SAMSUNG Electronics)
Task: {B4A4B44D-DCB4-4BE9-8B6F-26007C2CD356} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {BB01EB0E-8B75-42D7-BE30-3BF9D69CF38B} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-08-23] (Samsung Electronics Co., Ltd.)
Task: {C5265011-C843-45D0-8F2B-0D9DE00A416F} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-09-08] (Samsung Electronics Co., Ltd.)
Task: {D26BCE6D-33D9-40F6-9B7B-44EDB866CD45} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-08-01] (SAMSUNG Electronics co., LTD.)
Task: {D3B61819-77A1-42CC-A171-783162CDF082} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {EB8E8B1F-9C02-4436-9CDE-3A17A4BED76E} - System32\Tasks\{16DAC1D2-1A99-42B1-B8F5-DE02D0130882} => pcalua.exe -a E:\SETUP.EXE -d E:\ -c /AUTORUN
Task: {F7F7FBF4-798E-49B7-887A-30D694F135D8} - System32\Tasks\{ED4D7821-B5CB-454A-9385-5C49C63DB51E} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsPlugin

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe

==================== Loaded Modules (whitelisted) ==============

2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files\Lexware\AAVUpdateManager\aavus.exe
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-22 15:40 - 2010-03-22 15:40 - 00011264 _____ () C:\Program Files\Netzmanager\NMInfraIS2\SoftPlugInterOp.dll
2014-12-10 16:40 - 2014-12-10 16:39 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe
2014-12-10 16:40 - 2014-12-10 16:39 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\log4cplusU.dll
2009-09-17 07:50 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2013-09-26 12:20 - 2013-09-26 12:20 - 00176168 _____ () C:\Program Files\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2013-09-26 12:20 - 2013-09-26 12:20 - 00043048 _____ () C:\Program Files\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll
2009-10-16 14:16 - 2009-10-16 14:16 - 02229632 _____ () C:\Program Files\GMX\LiveUpdate\m2LUTray.exe
2014-12-10 16:40 - 2014-12-10 16:39 - 01686552 _____ () C:\Program Files\AVG Web TuneUp\TBAPI.dll
2014-12-10 16:40 - 2014-12-10 16:39 - 03081752 _____ () C:\Program Files\AVG Web TuneUp\vprot.exe
2007-09-06 08:28 - 2007-09-06 08:28 - 00391168 _____ () C:\Program Files\Power DVD Player\PowerDVDPlayer.exe
2014-11-19 22:02 - 2014-11-19 22:02 - 40622592 ____R () C:\Program Files\Fitbit Connect\libcef.dll
2013-10-24 18:57 - 2013-05-15 09:10 - 00069120 _____ () C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
2013-10-24 18:57 - 2013-05-15 09:05 - 00112128 _____ () C:\Program Files\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:4CF61E54
AlternateDataStreams: C:\ProgramData\TEMP:A42A9F39
AlternateDataStreams: C:\ProgramData\TEMP:E1F04E8D

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Egerland\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1131658597-4005637612-88016806-500 - Administrator - Enabled) => C:\Users\Administrator.Egerland-PC
ASPNET (S-1-5-21-1131658597-4005637612-88016806-1009 - Limited - Enabled)
Egerland (S-1-5-21-1131658597-4005637612-88016806-1000 - Administrator - Enabled) => C:\Users\Egerland
Gast (S-1-5-21-1131658597-4005637612-88016806-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1131658597-4005637612-88016806-1007 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/22/2015 06:28:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1169415

Error: (02/22/2015 06:28:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1169415

Error: (02/22/2015 06:28:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/22/2015 06:28:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1168416

Error: (02/22/2015 06:28:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1168416

Error: (02/22/2015 06:28:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/22/2015 06:28:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1167418

Error: (02/22/2015 06:28:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1167418

Error: (02/22/2015 06:28:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/22/2015 06:28:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1166357


System errors:
=============
Error: (02/23/2015 05:06:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (02/23/2015 05:06:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (02/23/2015 05:06:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (02/23/2015 05:05:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (02/23/2015 05:05:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (02/23/2015 05:05:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (02/23/2015 05:04:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (02/23/2015 05:04:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (02/23/2015 05:04:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (02/23/2015 05:04:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058


Microsoft Office Sessions:
=========================
Error: (02/22/2015 06:28:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1169415

Error: (02/22/2015 06:28:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1169415

Error: (02/22/2015 06:28:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/22/2015 06:28:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1168416

Error: (02/22/2015 06:28:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1168416

Error: (02/22/2015 06:28:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/22/2015 06:28:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1167418

Error: (02/22/2015 06:28:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1167418

Error: (02/22/2015 06:28:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/22/2015 06:28:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1166357


CodeIntegrity Errors:
===================================
  Date: 2014-06-30 16:48:30.972
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-30 16:47:55.233
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-30 16:33:10.497
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-30 16:33:05.494
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-25 17:50:08.980
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-25 17:50:02.754
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-25 17:49:52.779
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-25 17:49:10.503
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-25 17:49:07.198
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-25 17:49:04.945
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 40%
Total physical RAM: 3004.61 MB
Available physical RAM: 1799.84 MB
Total Pagefile: 6005.46 MB
Available Pagefile: 4177.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.05 GB) (Free:76.12 GB) NTFS
Drive d: () (Fixed) (Total:50.94 GB) (Free:50.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 07A54FFB)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=50.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
GMR:

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-23 21:25:10
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Egerland\AppData\Local\Temp\pwdyqkob.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                 ZwNotifyChangeKey [0x933C06E0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                 ZwNotifyChangeMultipleKeys [0x933C0800]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                 ZwOpenProcess [0x933C0010]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                 ZwOpenThread [0x933C04D0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                 ZwSuspendProcess [0x933C0300]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                 ZwSuspendThread [0x933C03E0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                 ZwTerminateProcess [0x933C0120]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                 ZwTerminateThread [0x933C0210]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                 ZwWriteVirtualMemory [0x933C05E0]

---- Kernel code sections - GMER 2.1 ----

.text           ntoskrnl.exe!ZwRequestWaitReplyPort + 1499                                                   83082995 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                       830A2612 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntoskrnl.exe!KeRemoveQueueEx + 161F                                                          830A9CE4 8 Bytes  [E0, 06, 3C, 93, 00, 08, 3C, ...] {LOOPNZ 0x8; CMP AL, 0x93; ADD [EAX], CL; CMP AL, 0x93}
.text           ntoskrnl.exe!KeRemoveQueueEx + 1667                                                          830A9D2C 4 Bytes  [10, 00, 3C, 93] {ADC [EAX], AL; CMP AL, 0x93}
.text           ntoskrnl.exe!KeRemoveQueueEx + 1687                                                          830A9D4C 4 Bytes  [D0, 04, 3C, 93] {ROL BYTE [ESP+EDI], 0x1; XCHG EBX, EAX}
.text           ntoskrnl.exe!KeRemoveQueueEx + 1927                                                          830A9FEC 8 Bytes  [00, 03, 3C, 93, E0, 03, 3C, ...] {ADD [EBX], AL; CMP AL, 0x93; LOOPNZ 0x9; CMP AL, 0x93}
.text           ntoskrnl.exe!KeRemoveQueueEx + 1937                                                          830A9FFC 8 Bytes  [20, 01, 3C, 93, 10, 02, 3C, ...] {AND [ECX], AL; CMP AL, 0x93; ADC [EDX], AL; CMP AL, 0x93}
.text           ...                                                                                          

---- User code sections - GMER 2.1 ----

.text           C:\windows\system32\ctfmon.exe[3680] ntdll.dll!NtWriteVirtualMemory                          773F6AD8 5 Bytes  JMP 5CBF1000 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\windows\system32\msiexec.exe[4396] ntdll.dll!NtWriteVirtualMemory                         773F6AD8 5 Bytes  JMP 5CBF1000 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\iPod\bin\iPodService.exe[4448] ntdll.dll!NtWriteVirtualMemory               773F6AD8 5 Bytes  JMP 5CBF1000 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\windows\system32\SearchIndexer.exe[4676] ntdll.dll!NtWriteVirtualMemory                   773F6AD8 5 Bytes  JMP 5CBF1000 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\windows\system32\igfxext.exe[4716] ntdll.dll!NtWriteVirtualMemory                         773F6AD8 5 Bytes  JMP 5CBF1000 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           ...                                                                                          
.text           C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[7472] ole32.dll!OleLoadFromStream     74956143 5 Bytes  JMP 01FD44C3 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                      Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                      Wdf01000.sys
AttachedDevice  \Driver\tdx \Device\Tcp                                                                      avgtdix.sys

Device          \Driver\iaStor \Device\Ide\iaStor0                                                           AnyDVD.sys
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                AnyDVD.sys
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-1                                                AnyDVD.sys

AttachedDevice  \Driver\tdx \Device\Udp                                                                      avgtdix.sys
AttachedDevice  \Driver\tdx \Device\RawIp                                                                    avgtdix.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active           
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@B266379E  2996

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                        unknown MBR code

---- EOF - GMER 2.1 ----
         
So, jetzt hoffe ich, dass ich alle Informationen zusammen getragen habe.

Vielen Dank schonmal für Eure Hilfe vorab

Viele Grüße
kroko123

Alt 24.02.2015, 05:14   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Telekom Abuse Team, Infektion: generic - Standard

Telekom Abuse Team, Infektion: generic



hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Conduit Engine


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 24.02.2015, 16:35   #3
Kroko123
 
Telekom Abuse Team, Infektion: generic - Standard

Telekom Abuse Team, Infektion: generic



Hallo Schrauber,

vielen Dank für die schnelle Antwort. Hier sind die Logfiles:

Mbar:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.02.24.03
  rootkit: v2015.02.22.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17633
Egerland :: EGERLAND-PC [administrator]

24.02.2015 15:27:46
mbar-log-2015-02-24 (15-27-46).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 475932
Time elapsed: 42 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
System-Log von Mbar

Code:
ATTFilter
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 11.0.9600.17633

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.094000 GHz
Memory total: 3150565376, free: 1305260032

Downloaded database version: v2015.02.24.03
Downloaded database version: v2015.02.22.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
     02/24/2015 15:27:32
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx86.sys
\SystemRoot\system32\DRIVERS\avglogx.sys
\SystemRoot\system32\DRIVERS\avgmfx86.sys
\SystemRoot\system32\DRIVERS\avgidshx.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\windows\system32\drivers\avgtpx86.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\??\C:\windows\system32\Drivers\SABI.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\system32\DRIVERS\avgdiskx.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athr.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt86win7.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\System32\Drivers\AnyDVD.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.02.24.03
  rootkit: v2015.02.22.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86d8f030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86d8fd10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86d8f030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85f39028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7A54FFB

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 31457280

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 31459328  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 31664128  Numsec = 486647808

    Partition 3 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 518311936  Numsec = 106827776

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
File "c:\programdata\avg2015\chjw\60cc47a3cc4771f8.dat:e2fff535-31d9-4a0c-9155-5d16f3ab2158" is sparse (flags = 32768)
File "c:\programdata\avg2015\chjw\8c82b57382b5627e.dat:07ca5e0b-b742-4e7c-9479-6b09a979005b" is sparse (flags = 32768)
File "c:\programdata\avg2015\chjw\d86645d76645b752.dat:7c3ba307-658c-414a-b29f-233ac6db4d2d" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2015\log\avgcore.log.1" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-31459328-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
         
Beim TddsKiller hatte ich versehentlich beim ersten Scannen den Report vergessen, daher habe ich es nochmal durchlaufen lassen. Er hat dann jedes Mal eine andere Datei gefunden. Ich habe daher den letzten Log angehängt und von den anderen Logs nur die gefundenen Dateien.

Code:
ATTFilter
17:03:00.0720 0x104c  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
17:03:09.0440 0x104c  ============================================================
17:03:09.0440 0x104c  Current date / time: 2015/02/24 17:03:09.0440
17:03:09.0440 0x104c  SystemInfo:
17:03:09.0440 0x104c  
17:03:09.0440 0x104c  OS Version: 6.1.7601 ServicePack: 1.0
17:03:09.0440 0x104c  Product type: Workstation
17:03:09.0440 0x104c  ComputerName: EGERLAND-PC
17:03:09.0440 0x104c  UserName: Egerland
17:03:09.0440 0x104c  Windows directory: C:\windows
17:03:09.0440 0x104c  System windows directory: C:\windows
17:03:09.0440 0x104c  Processor architecture: Intel x86
17:03:09.0440 0x104c  Number of processors: 2
17:03:09.0440 0x104c  Page size: 0x1000
17:03:09.0440 0x104c  Boot type: Normal boot
17:03:09.0440 0x104c  ============================================================
17:03:09.0580 0x104c  KLMD registered as C:\windows\system32\drivers\66759062.sys
17:03:09.0908 0x104c  System UUID: {59B0E7F4-4F9A-ABCF-545B-39660A5502C3}
17:03:10.0438 0x104c  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:03:10.0438 0x104c  ============================================================
17:03:10.0438 0x104c  \Device\Harddisk0\DR0:
17:03:10.0438 0x104c  MBR partitions:
17:03:10.0438 0x104c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
17:03:10.0438 0x104c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x1D01A800
17:03:10.0438 0x104c  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1EE4D000, BlocksNum 0x65E1000
17:03:10.0438 0x104c  ============================================================
17:03:10.0485 0x104c  C: <-> \Device\Harddisk0\DR0\Partition2
17:03:10.0548 0x104c  D: <-> \Device\Harddisk0\DR0\Partition3
17:03:10.0548 0x104c  ============================================================
17:03:10.0548 0x104c  Initialize success
17:03:10.0548 0x104c  ============================================================
17:03:24.0291 0x107c  ============================================================
17:03:24.0291 0x107c  Scan started
17:03:24.0291 0x107c  Mode: Manual; SigCheck; TDLFS; 
17:03:24.0291 0x107c  ============================================================
17:03:24.0291 0x107c  KSN ping started
17:03:38.0051 0x107c  KSN ping finished: true
17:03:38.0909 0x107c  ================ Scan system memory ========================
17:03:38.0909 0x107c  System memory - ok
17:03:38.0909 0x107c  ================ Scan services =============================
17:03:39.0143 0x107c  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
17:03:39.0221 0x107c  1394ohci - ok
17:03:39.0423 0x107c  [ 7EEB488346FBFA3731276C3EE8A8FD9E, 97D2E49C2E615E38E8176F1C1551BF452CC6A00787FF90845EFF27A4E6E20B1F ] AAV UpdateService C:\Program Files\Lexware\AAVUpdateManager\aavus.exe
17:03:39.0455 0x107c  AAV UpdateService - ok
17:03:39.0533 0x107c  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\windows\system32\drivers\ACPI.sys
17:03:39.0564 0x107c  ACPI - ok
17:03:39.0595 0x107c  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
17:03:39.0626 0x107c  AcpiPmi - ok
17:03:39.0813 0x107c  [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:03:39.0845 0x107c  AdobeARMservice - ok
17:03:39.0954 0x107c  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:03:39.0985 0x107c  AdobeFlashPlayerUpdateSvc - ok
17:03:40.0063 0x107c  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
17:03:40.0094 0x107c  adp94xx - ok
17:03:40.0125 0x107c  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
17:03:40.0141 0x107c  adpahci - ok
17:03:40.0157 0x107c  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
17:03:40.0188 0x107c  adpu320 - ok
17:03:40.0219 0x107c  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
17:03:40.0235 0x107c  AeLookupSvc - ok
17:03:40.0313 0x107c  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\windows\system32\drivers\afd.sys
17:03:40.0344 0x107c  AFD - ok
17:03:40.0406 0x107c  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\windows\system32\drivers\agp440.sys
17:03:40.0437 0x107c  agp440 - ok
17:03:40.0500 0x107c  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\windows\system32\DRIVERS\djsvs.sys
17:03:40.0531 0x107c  aic78xx - ok
17:03:40.0593 0x107c  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\windows\System32\alg.exe
17:03:40.0625 0x107c  ALG - ok
17:03:40.0671 0x107c  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\windows\system32\drivers\aliide.sys
17:03:40.0687 0x107c  aliide - ok
17:03:40.0703 0x107c  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\windows\system32\drivers\amdagp.sys
17:03:40.0718 0x107c  amdagp - ok
17:03:40.0749 0x107c  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\windows\system32\drivers\amdide.sys
17:03:40.0765 0x107c  amdide - ok
17:03:40.0827 0x107c  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
17:03:40.0859 0x107c  AmdK8 - ok
17:03:40.0874 0x107c  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
17:03:40.0890 0x107c  AmdPPM - ok
17:03:40.0952 0x107c  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\windows\system32\drivers\amdsata.sys
17:03:40.0983 0x107c  amdsata - ok
17:03:40.0999 0x107c  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
17:03:41.0015 0x107c  amdsbs - ok
17:03:41.0030 0x107c  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\windows\system32\drivers\amdxata.sys
17:03:41.0046 0x107c  amdxata - ok
17:03:41.0155 0x107c  [ 4B9828DB2CCDF6DBE82D42B2E9836759, B868910CDB5D1BA7AD2A2533380F95ED638409FFC83CE79003C135DEB1CFFBE3 ] AnyDVD          C:\windows\system32\Drivers\AnyDVD.sys
17:03:41.0186 0x107c  AnyDVD - ok
17:03:41.0249 0x107c  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\windows\system32\drivers\appid.sys
17:03:41.0295 0x107c  AppID - ok
17:03:41.0358 0x107c  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\windows\System32\appidsvc.dll
17:03:41.0405 0x107c  AppIDSvc - ok
17:03:41.0451 0x107c  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\windows\System32\appinfo.dll
17:03:41.0483 0x107c  Appinfo - ok
17:03:41.0576 0x107c  [ 608D6A90E989C6522F170E5526A64BF4, 36EDD07DF6BD2D20121F63CF720C289FCCF7C53574D37F99C2F9ED68298D655B ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:03:41.0592 0x107c  Apple Mobile Device - ok
17:03:41.0654 0x107c  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\windows\system32\DRIVERS\arc.sys
17:03:41.0670 0x107c  arc - ok
17:03:41.0685 0x107c  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
17:03:41.0701 0x107c  arcsas - ok
17:03:41.0857 0x107c  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:03:41.0888 0x107c  aspnet_state - ok
17:03:41.0935 0x107c  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
17:03:41.0966 0x107c  AsyncMac - ok
17:03:42.0029 0x107c  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\windows\system32\drivers\atapi.sys
17:03:42.0044 0x107c  atapi - ok
17:03:42.0185 0x107c  [ 49F17A2E79469BE6581D491706720671, C6D1497847286A0C63779B27F730526235250D2113B4BED66AF630DC1CF22527 ] athr            C:\windows\system32\DRIVERS\athr.sys
17:03:42.0263 0x107c  athr - ok
17:03:42.0341 0x107c  [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
17:03:42.0372 0x107c  AudioEndpointBuilder - ok
17:03:42.0387 0x107c  [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] Audiosrv        C:\windows\System32\Audiosrv.dll
17:03:42.0419 0x107c  Audiosrv - ok
17:03:42.0528 0x107c  [ CB2C2B24BD7E64CFB2B24D401FF5BBC0, F48ABD9F5BF91BF5F25E6D5EE02647F7DD8E1C1A11FEEE2C1C1B3BD34E3D0F85 ] Avgdiskx        C:\windows\system32\DRIVERS\avgdiskx.sys
17:03:42.0559 0x107c  Avgdiskx - ok
17:03:42.0996 0x107c  [ 2568C3B3A5B58D04CE89A37C12576B73, D7178D0E780071C9C8B2917B873F2ED105890DFB87472B377B5A8C2EC1E3F0D0 ] AVGIDSAgent     C:\Program Files\AVG\AVG2015\avgidsagent.exe
17:03:43.0105 0x107c  AVGIDSAgent - ok
17:03:43.0214 0x107c  [ EB1AA821F99D5D2DA05511AE8D4704C4, 68AE41B7DA35200B24E27733DC05D9DA1F2D4C98524531AB8F1BD2AB4AFC831C ] AVGIDSDriver    C:\windows\system32\DRIVERS\avgidsdriverx.sys
17:03:43.0245 0x107c  AVGIDSDriver - ok
17:03:43.0308 0x107c  [ D1663A0114691080C624D857A8343D5B, 8E7029A8FE7A62F4BED7687C54699D0709876D05D93CAA499B4BC69BF8C59091 ] AVGIDSHX        C:\windows\system32\DRIVERS\avgidshx.sys
17:03:43.0323 0x107c  AVGIDSHX - ok
17:03:43.0355 0x107c  [ 2429F7F025F63532B6B264D97E4ECA49, EDE2C88B3B4B2A3AC59A3AB0B2FEC1D2CC75AA8AFFF0F5011D07AB4F053390D9 ] AVGIDSShim      C:\windows\system32\DRIVERS\avgidsshimx.sys
17:03:43.0370 0x107c  AVGIDSShim - ok
17:03:43.0448 0x107c  [ 9AFD535116E986D49877B811F3665E8E, 6843415ED638BB26A17BE9AB7A49D36070A588088256D4D0D1B4789FBDA6730B ] Avgldx86        C:\windows\system32\DRIVERS\avgldx86.sys
17:03:43.0479 0x107c  Avgldx86 - ok
17:03:43.0526 0x107c  [ D94378757947E02AE9BC484DF196A44D, 91B711C07320EFFDB780356EF84D39A06673198C4E0B45EE1D1412B996CB9227 ] Avglogx         C:\windows\system32\DRIVERS\avglogx.sys
17:03:43.0542 0x107c  Avglogx - ok
17:03:43.0604 0x107c  [ 35DD83C14AA01F4817BA46A4D6B6A520, 563619CDFC2ACC061C2421091E3527CA3C6C5F595008C5E9E45CFBE954D45841 ] Avgmfx86        C:\windows\system32\DRIVERS\avgmfx86.sys
17:03:43.0635 0x107c  Avgmfx86 - ok
17:03:43.0682 0x107c  [ F016B95273E0B1961F204F7FD2FFD811, 9F89323177B68DEDE6B1F09790E6A978376B4FCBDC029283B297A3C4D9B242FF ] Avgrkx86        C:\windows\system32\DRIVERS\avgrkx86.sys
17:03:43.0698 0x107c  Avgrkx86 - ok
17:03:43.0760 0x107c  [ 5A22A7A67BFB67D3223B7A339FC97780, 1DADB75B30665866FC93DADDC1EC9F612CD8CE5EC8582BCAF2A527FFDAFF8DBE ] Avgtdix         C:\windows\system32\DRIVERS\avgtdix.sys
17:03:43.0776 0x107c  Avgtdix - ok
17:03:43.0854 0x107c  [ B63C803D00D231392BE12F317F56F833, AE6105A1B69AD7CF4A29974028D25C062ABE9480DC0C982EBF0597728166D20E ] avgtp           C:\windows\system32\drivers\avgtpx86.sys
17:03:43.0885 0x107c  avgtp - ok
17:03:43.0963 0x107c  [ 9B3B23AF6396FCC8899F0214A27EE49A, 187D8D2726891000702A4FAFDE9DFF1750F8B9C7EDE474547177E1213E0CCAF7 ] avgwd           C:\Program Files\AVG\AVG2015\avgwdsvc.exe
17:03:43.0994 0x107c  avgwd - ok
17:03:44.0072 0x107c  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\windows\System32\AxInstSV.dll
17:03:44.0103 0x107c  AxInstSV - ok
17:03:44.0181 0x107c  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\windows\system32\DRIVERS\bxvbdx.sys
17:03:44.0228 0x107c  b06bdrv - ok
17:03:44.0275 0x107c  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
17:03:44.0306 0x107c  b57nd60x - ok
17:03:44.0415 0x107c  [ 6163664C7E9CD110AF70180C126C3FDC, 9A801295CDE2BDE4EE0E96C610E4C01F6915DBDA2104D0E8873AFF1BC34A0FA1 ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
17:03:44.0431 0x107c  BcmSqlStartupSvc - ok
17:03:44.0478 0x107c  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\windows\System32\bdesvc.dll
17:03:44.0493 0x107c  BDESVC - ok
17:03:44.0509 0x107c  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\windows\system32\drivers\Beep.sys
17:03:44.0540 0x107c  Beep - ok
17:03:44.0618 0x107c  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\windows\System32\bfe.dll
17:03:44.0649 0x107c  BFE - ok
17:03:44.0712 0x107c  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\windows\System32\qmgr.dll
17:03:44.0759 0x107c  BITS - ok
17:03:44.0790 0x107c  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
17:03:44.0805 0x107c  blbdrive - ok
17:03:44.0915 0x107c  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:03:44.0946 0x107c  Bonjour Service - ok
17:03:44.0977 0x107c  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
17:03:45.0008 0x107c  bowser - ok
17:03:45.0039 0x107c  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
17:03:45.0055 0x107c  BrFiltLo - ok
17:03:45.0071 0x107c  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
17:03:45.0086 0x107c  BrFiltUp - ok
17:03:45.0133 0x107c  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\windows\System32\browser.dll
17:03:45.0149 0x107c  Browser - ok
17:03:45.0180 0x107c  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\windows\System32\Drivers\Brserid.sys
17:03:45.0211 0x107c  Brserid - ok
17:03:45.0242 0x107c  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
17:03:45.0258 0x107c  BrSerWdm - ok
17:03:45.0289 0x107c  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
17:03:45.0305 0x107c  BrUsbMdm - ok
17:03:45.0336 0x107c  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
17:03:45.0351 0x107c  BrUsbSer - ok
17:03:45.0398 0x107c  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
17:03:45.0429 0x107c  BTHMODEM - ok
17:03:45.0476 0x107c  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\windows\system32\bthserv.dll
17:03:45.0539 0x107c  bthserv - ok
17:03:45.0585 0x107c  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
17:03:45.0632 0x107c  cdfs - ok
17:03:45.0695 0x107c  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
17:03:45.0726 0x107c  cdrom - ok
17:03:45.0804 0x107c  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\windows\System32\certprop.dll
17:03:45.0835 0x107c  CertPropSvc - ok
17:03:45.0913 0x107c  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
17:03:45.0944 0x107c  circlass - ok
17:03:45.0975 0x107c  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\windows\system32\CLFS.sys
17:03:45.0991 0x107c  CLFS - ok
17:03:46.0053 0x107c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:03:46.0069 0x107c  clr_optimization_v2.0.50727_32 - ok
17:03:46.0147 0x107c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:03:46.0163 0x107c  clr_optimization_v4.0.30319_32 - ok
17:03:46.0178 0x107c  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
17:03:46.0194 0x107c  CmBatt - ok
17:03:46.0225 0x107c  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\windows\system32\drivers\cmdide.sys
17:03:46.0241 0x107c  cmdide - ok
17:03:46.0287 0x107c  [ F516F1167EFBBC5ABC90687C94497869, AD650D56241533439419EA00236ABE14AB6E50B768620211D1A44047A9FA14EC ] CNG             C:\windows\system32\Drivers\cng.sys
17:03:46.0303 0x107c  CNG - ok
17:03:46.0350 0x107c  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
17:03:46.0381 0x107c  Compbatt - ok
17:03:46.0443 0x107c  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
17:03:46.0475 0x107c  CompositeBus - ok
17:03:46.0506 0x107c  COMSysApp - ok
17:03:46.0537 0x107c  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
17:03:46.0553 0x107c  crcdisk - ok
17:03:46.0631 0x107c  [ 623E143F2DF17C0106A9988F5D7DC878, 9DA30262FF22FA9F1DB247CB3B4A2892D79730EF0ECC9589D399D24B4F58E565 ] CryptSvc        C:\windows\system32\cryptsvc.dll
17:03:46.0662 0x107c  CryptSvc - ok
17:03:46.0724 0x107c  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\windows\system32\rpcss.dll
17:03:46.0771 0x107c  DcomLaunch - ok
17:03:46.0818 0x107c  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\windows\System32\defragsvc.dll
17:03:46.0849 0x107c  defragsvc - ok
17:03:46.0880 0x107c  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
17:03:46.0927 0x107c  DfsC - ok
17:03:47.0005 0x107c  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\windows\system32\dhcpcore.dll
17:03:47.0036 0x107c  Dhcp - ok
17:03:47.0052 0x107c  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\windows\system32\drivers\discache.sys
17:03:47.0083 0x107c  discache - ok
17:03:47.0130 0x107c  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\windows\system32\DRIVERS\disk.sys
17:03:47.0145 0x107c  Disk - ok
17:03:47.0177 0x107c  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\windows\System32\dnsrslvr.dll
17:03:47.0208 0x107c  Dnscache - ok
17:03:47.0239 0x107c  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\windows\System32\dot3svc.dll
17:03:47.0286 0x107c  dot3svc - ok
17:03:47.0348 0x107c  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\windows\system32\dps.dll
17:03:47.0379 0x107c  DPS - ok
17:03:47.0442 0x107c  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
17:03:47.0473 0x107c  drmkaud - ok
17:03:47.0551 0x107c  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
17:03:47.0598 0x107c  DXGKrnl - ok
17:03:47.0645 0x107c  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\windows\System32\eapsvc.dll
17:03:47.0691 0x107c  EapHost - ok
17:03:47.0879 0x107c  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\windows\system32\DRIVERS\evbdx.sys
17:03:47.0972 0x107c  ebdrv - ok
17:03:48.0019 0x107c  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] EFS             C:\windows\System32\lsass.exe
17:03:48.0050 0x107c  EFS - ok
17:03:48.0144 0x107c  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\windows\ehome\ehRecvr.exe
17:03:48.0175 0x107c  ehRecvr - ok
17:03:48.0222 0x107c  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\windows\ehome\ehsched.exe
17:03:48.0237 0x107c  ehSched - ok
17:03:48.0300 0x107c  [ B83BDCCBACB65BAA9E20888DD0083A16, A38B29C768DF9153E704C92A410663A8CFFB29BDB5E6622881DEB7FFFEF0CB38 ] ElbyCDIO        C:\windows\system32\Drivers\ElbyCDIO.sys
17:03:48.0315 0x107c  ElbyCDIO - ok
17:03:48.0409 0x107c  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
17:03:48.0440 0x107c  elxstor - ok
17:03:48.0471 0x107c  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\windows\system32\drivers\errdev.sys
17:03:48.0487 0x107c  ErrDev - ok
17:03:48.0549 0x107c  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\windows\system32\es.dll
17:03:48.0581 0x107c  EventSystem - ok
17:03:48.0612 0x107c  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\windows\system32\drivers\exfat.sys
17:03:48.0643 0x107c  exfat - ok
17:03:48.0674 0x107c  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\windows\system32\drivers\fastfat.sys
17:03:48.0705 0x107c  fastfat - ok
17:03:48.0768 0x107c  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\windows\system32\fxssvc.exe
17:03:48.0799 0x107c  Fax - ok
17:03:48.0861 0x107c  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\windows\system32\DRIVERS\fdc.sys
17:03:48.0893 0x107c  fdc - ok
17:03:48.0908 0x107c  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\windows\system32\fdPHost.dll
17:03:48.0939 0x107c  fdPHost - ok
17:03:48.0971 0x107c  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\windows\system32\fdrespub.dll
17:03:49.0002 0x107c  FDResPub - ok
17:03:49.0017 0x107c  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
17:03:49.0033 0x107c  FileInfo - ok
17:03:49.0049 0x107c  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
17:03:49.0080 0x107c  Filetrace - ok
17:03:49.0423 0x107c  [ 65A89589DD9FE02F6F71F8F3CCA51E7A, 65D2FE2553BA7B8B249AA9F389EE4ACBB547C2586C7DA99AEE140A2AA6021820 ] Fitbit Connect  C:\Program Files\Fitbit Connect\FitbitConnectService.exe
17:03:49.0579 0x107c  Fitbit Connect - ok
17:03:49.0626 0x107c  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
17:03:49.0641 0x107c  flpydisk - ok
17:03:49.0719 0x107c  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
17:03:49.0735 0x107c  FltMgr - ok
17:03:49.0829 0x107c  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\windows\system32\FntCache.dll
17:03:49.0860 0x107c  FontCache - ok
17:03:49.0922 0x107c  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:03:49.0953 0x107c  FontCache3.0.0.0 - ok
17:03:49.0969 0x107c  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
17:03:49.0985 0x107c  FsDepends - ok
17:03:50.0047 0x107c  [ 2B3BF55BA74EB8118F67AB2B450B8EA9, 6D09D75105FE374E0865A2E5C1F9460AF938B6F62604F0C97B31ED9ADD4AFF4E ] fssfltr         C:\windows\system32\DRIVERS\fssfltr.sys
17:03:50.0078 0x107c  fssfltr - ok
17:03:50.0250 0x107c  [ B6AB40819ECEC4BA07266EC0EBBC85A7, 71D385043720B622305FD64BD1187C6FFD7191C30794F95629CF6BFDC0A25BA2 ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
17:03:50.0297 0x107c  fsssvc - ok
17:03:50.0343 0x107c  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
17:03:50.0359 0x107c  Fs_Rec - ok
17:03:50.0421 0x107c  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
17:03:50.0437 0x107c  fvevol - ok
17:03:50.0484 0x107c  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
17:03:50.0499 0x107c  gagp30kx - ok
17:03:50.0562 0x107c  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
17:03:50.0593 0x107c  GEARAspiWDM - ok
17:03:50.0671 0x107c  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\windows\System32\gpsvc.dll
17:03:50.0702 0x107c  gpsvc - ok
17:03:50.0858 0x107c  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate1cacc505e5a502c C:\Program Files\Google\Update\GoogleUpdate.exe
17:03:50.0874 0x107c  gupdate1cacc505e5a502c - ok
17:03:50.0921 0x107c  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
17:03:50.0936 0x107c  gupdatem - ok
17:03:50.0999 0x107c  [ CC839E8D766CC31A7710C9F38CF3E375, 327D57F18B4A2D1CB06C5682D3364097ECD3CF40C2719AA1F41D0B49A26003E4 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:03:51.0030 0x107c  gusvc - ok
17:03:51.0061 0x107c  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
17:03:51.0077 0x107c  hcw85cir - ok
17:03:51.0155 0x107c  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
17:03:51.0186 0x107c  HdAudAddService - ok
17:03:51.0233 0x107c  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
17:03:51.0248 0x107c  HDAudBus - ok
17:03:51.0279 0x107c  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
17:03:51.0295 0x107c  HidBatt - ok
17:03:51.0326 0x107c  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
17:03:51.0357 0x107c  HidBth - ok
17:03:51.0404 0x107c  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
17:03:51.0420 0x107c  HidIr - ok
17:03:51.0467 0x107c  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\windows\system32\hidserv.dll
17:03:51.0498 0x107c  hidserv - ok
17:03:51.0545 0x107c  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
17:03:51.0576 0x107c  HidUsb - ok
17:03:51.0623 0x107c  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\windows\system32\kmsvc.dll
17:03:51.0654 0x107c  hkmsvc - ok
17:03:51.0716 0x107c  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\windows\system32\ListSvc.dll
17:03:51.0747 0x107c  HomeGroupListener - ok
17:03:51.0794 0x107c  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\windows\system32\provsvc.dll
17:03:51.0825 0x107c  HomeGroupProvider - ok
17:03:51.0888 0x107c  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
17:03:51.0903 0x107c  HpSAMD - ok
17:03:51.0981 0x107c  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\windows\system32\drivers\HTTP.sys
17:03:52.0028 0x107c  HTTP - ok
17:03:52.0059 0x107c  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
17:03:52.0091 0x107c  hwpolicy - ok
17:03:52.0153 0x107c  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
17:03:52.0184 0x107c  i8042prt - ok
17:03:52.0262 0x107c  [ D483687EACE0C065EE772481A96E05F5, A22200E90C78DFE73FE0FBEED5331AB43CD7133651FD125595C4DB604AD71B29 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
17:03:52.0293 0x107c  iaStor - ok
17:03:52.0340 0x107c  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
17:03:52.0371 0x107c  iaStorV - ok
17:03:52.0496 0x107c  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:03:52.0512 0x107c  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
17:03:55.0039 0x107c  Detect skipped due to KSN trusted
17:03:55.0039 0x107c  IDriverT - ok
17:03:55.0133 0x107c  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:03:55.0164 0x107c  idsvc - ok
17:03:55.0195 0x107c  IEEtwCollectorService - ok
17:03:55.0554 0x107c  [ DCE0B53570703CCE580D066F89EF58CD, C5C2C4F51F2DB2BB6E7F1218472AEAAD996514AB99EA84946A473CB7A64D9E15 ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
17:03:55.0803 0x107c  igfx - ok
17:03:55.0897 0x107c  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
17:03:55.0928 0x107c  iirsp - ok
17:03:56.0022 0x107c  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\windows\System32\ikeext.dll
17:03:56.0053 0x107c  IKEEXT - ok
17:03:56.0256 0x107c  [ 5CEEF2CCCB4FE00D3FFBFEB12BCFA07F, D5533A7BA7BE65D5D5CE137795419E6C49B51B15B7450C319EE0EA9A83AC73E0 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
17:03:56.0334 0x107c  IntcAzAudAddService - ok
17:03:56.0396 0x107c  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\windows\system32\drivers\intelide.sys
17:03:56.0412 0x107c  intelide - ok
17:03:56.0459 0x107c  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
17:03:56.0490 0x107c  intelppm - ok
17:03:56.0521 0x107c  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\windows\system32\ipbusenum.dll
17:03:56.0552 0x107c  IPBusEnum - ok
17:03:56.0583 0x107c  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
17:03:56.0615 0x107c  IpFilterDriver - ok
17:03:56.0693 0x107c  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
17:03:56.0724 0x107c  iphlpsvc - ok
17:03:56.0755 0x107c  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
17:03:56.0786 0x107c  IPMIDRV - ok
17:03:56.0802 0x107c  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
17:03:56.0849 0x107c  IPNAT - ok
17:03:56.0942 0x107c  [ 781ABA6C29AD40259602703A328DAEC6, 2DB936C8DE6D4424C6A10D4200F3D7F97A3A129A3B1064A83AB9846C3A828BE0 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:03:56.0973 0x107c  iPod Service - ok
17:03:57.0020 0x107c  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\windows\system32\drivers\irenum.sys
17:03:57.0051 0x107c  IRENUM - ok
17:03:57.0067 0x107c  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\windows\system32\drivers\isapnp.sys
17:03:57.0098 0x107c  isapnp - ok
17:03:57.0145 0x107c  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
17:03:57.0176 0x107c  iScsiPrt - ok
17:03:57.0223 0x107c  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
17:03:57.0239 0x107c  kbdclass - ok
17:03:57.0270 0x107c  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
17:03:57.0285 0x107c  kbdhid - ok
17:03:57.0317 0x107c  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] KeyIso          C:\windows\system32\lsass.exe
17:03:57.0332 0x107c  KeyIso - ok
17:03:57.0379 0x107c  [ EF88BAC2B489D9C46F4E41ACF0219CD0, BF0FAF51BB6D0E588E53E483EF48D8D96B33544113892CC723CDEFAE7E5FB97A ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
17:03:57.0410 0x107c  KSecDD - ok
17:03:57.0441 0x107c  [ 49D70660EE8266988C1F99A0297A1430, D17B7A3118DB42358DEA80D8A21C5F1B0CC33BF74F6570676D4708B36BB91FD4 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
17:03:57.0457 0x107c  KSecPkg - ok
17:03:57.0504 0x107c  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\windows\system32\msdtckrm.dll
17:03:57.0535 0x107c  KtmRm - ok
17:03:57.0582 0x107c  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\windows\system32\srvsvc.dll
17:03:57.0613 0x107c  LanmanServer - ok
17:03:57.0644 0x107c  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
17:03:57.0675 0x107c  LanmanWorkstation - ok
17:03:57.0722 0x107c  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
17:03:57.0753 0x107c  lltdio - ok
17:03:57.0800 0x107c  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\windows\System32\lltdsvc.dll
17:03:57.0831 0x107c  lltdsvc - ok
17:03:57.0847 0x107c  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\windows\System32\lmhsvc.dll
17:03:57.0878 0x107c  lmhosts - ok
17:03:57.0925 0x107c  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
17:03:57.0956 0x107c  LSI_FC - ok
17:03:57.0972 0x107c  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
17:03:57.0987 0x107c  LSI_SAS - ok
17:03:58.0003 0x107c  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
17:03:58.0019 0x107c  LSI_SAS2 - ok
17:03:58.0034 0x107c  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
17:03:58.0050 0x107c  LSI_SCSI - ok
17:03:58.0081 0x107c  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\windows\system32\drivers\luafv.sys
17:03:58.0128 0x107c  luafv - ok
17:03:58.0175 0x107c  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
17:03:58.0206 0x107c  Mcx2Svc - ok
17:03:58.0237 0x107c  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
17:03:58.0253 0x107c  megasas - ok
17:03:58.0284 0x107c  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
17:03:58.0315 0x107c  MegaSR - ok
17:03:58.0346 0x107c  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\windows\system32\mmcss.dll
17:03:58.0377 0x107c  MMCSS - ok
17:03:58.0393 0x107c  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\windows\system32\drivers\modem.sys
17:03:58.0424 0x107c  Modem - ok
17:03:58.0455 0x107c  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
17:03:58.0487 0x107c  monitor - ok
17:03:58.0533 0x107c  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
17:03:58.0565 0x107c  mouclass - ok
17:03:58.0596 0x107c  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
17:03:58.0611 0x107c  mouhid - ok
17:03:58.0658 0x107c  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
17:03:58.0674 0x107c  mountmgr - ok
17:03:58.0814 0x107c  [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:03:58.0830 0x107c  MozillaMaintenance - ok
17:03:58.0861 0x107c  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\windows\system32\drivers\mpio.sys
17:03:58.0892 0x107c  mpio - ok
17:03:58.0955 0x107c  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
17:03:58.0986 0x107c  mpsdrv - ok
17:03:59.0033 0x107c  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\windows\system32\mpssvc.dll
17:03:59.0095 0x107c  MpsSvc - ok
17:03:59.0142 0x107c  [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
17:03:59.0173 0x107c  MRxDAV - ok
17:03:59.0235 0x107c  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
17:03:59.0267 0x107c  mrxsmb - ok
17:03:59.0313 0x107c  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
17:03:59.0360 0x107c  mrxsmb10 - ok
17:03:59.0376 0x107c  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
17:03:59.0407 0x107c  mrxsmb20 - ok
17:03:59.0438 0x107c  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\windows\system32\drivers\msahci.sys
17:03:59.0454 0x107c  msahci - ok
17:03:59.0485 0x107c  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\windows\system32\drivers\msdsm.sys
17:03:59.0501 0x107c  msdsm - ok
17:03:59.0532 0x107c  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\windows\System32\msdtc.exe
17:03:59.0563 0x107c  MSDTC - ok
17:03:59.0610 0x107c  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\windows\system32\drivers\Msfs.sys
17:03:59.0641 0x107c  Msfs - ok
17:03:59.0672 0x107c  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
17:03:59.0703 0x107c  mshidkmdf - ok
17:03:59.0735 0x107c  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
17:03:59.0750 0x107c  msisadrv - ok
17:03:59.0813 0x107c  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\windows\system32\iscsiexe.dll
17:03:59.0859 0x107c  MSiSCSI - ok
17:03:59.0859 0x107c  msiserver - ok
17:03:59.0891 0x107c  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
17:03:59.0922 0x107c  MSKSSRV - ok
17:03:59.0937 0x107c  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
17:03:59.0969 0x107c  MSPCLOCK - ok
17:03:59.0984 0x107c  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
17:04:00.0015 0x107c  MSPQM - ok
17:04:00.0047 0x107c  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
17:04:00.0062 0x107c  MsRPC - ok
17:04:00.0078 0x107c  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
17:04:00.0093 0x107c  mssmbios - ok
17:04:00.0187 0x107c  MSSQL$MSSMLBIZ - ok
17:04:00.0234 0x107c  [ 1D89EB4E2A99CABD4E81225F4F4C4B25, B9C4D956E3F74CB463A1A14287F4B550381FBB3E4B2DF9418E041E02A159E31E ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:04:00.0249 0x107c  MSSQLServerADHelper - ok
17:04:00.0265 0x107c  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
17:04:00.0296 0x107c  MSTEE - ok
17:04:00.0312 0x107c  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
17:04:00.0327 0x107c  MTConfig - ok
17:04:00.0343 0x107c  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\windows\system32\Drivers\mup.sys
17:04:00.0359 0x107c  Mup - ok
17:04:00.0390 0x107c  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\windows\system32\qagentRT.dll
17:04:00.0437 0x107c  napagent - ok
17:04:00.0499 0x107c  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
17:04:00.0546 0x107c  NativeWifiP - ok
17:04:00.0639 0x107c  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\windows\system32\drivers\ndis.sys
17:04:00.0671 0x107c  NDIS - ok
17:04:00.0686 0x107c  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
17:04:00.0717 0x107c  NdisCap - ok
17:04:00.0764 0x107c  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
17:04:00.0795 0x107c  NdisTapi - ok
17:04:00.0858 0x107c  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
17:04:00.0905 0x107c  Ndisuio - ok
17:04:00.0951 0x107c  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
17:04:00.0998 0x107c  NdisWan - ok
17:04:01.0045 0x107c  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
17:04:01.0076 0x107c  NDProxy - ok
17:04:01.0123 0x107c  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
17:04:01.0170 0x107c  NetBIOS - ok
17:04:01.0217 0x107c  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
17:04:01.0248 0x107c  NetBT - ok
17:04:01.0295 0x107c  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] Netlogon        C:\windows\system32\lsass.exe
17:04:01.0310 0x107c  Netlogon - ok
17:04:01.0357 0x107c  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\windows\System32\netman.dll
17:04:01.0404 0x107c  Netman - ok
17:04:01.0482 0x107c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:04:01.0513 0x107c  NetMsmqActivator - ok
17:04:01.0544 0x107c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:04:01.0560 0x107c  NetPipeActivator - ok
17:04:01.0575 0x107c  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\windows\System32\netprofm.dll
17:04:01.0622 0x107c  netprofm - ok
17:04:01.0638 0x107c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:04:01.0653 0x107c  NetTcpActivator - ok
17:04:01.0653 0x107c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:04:01.0685 0x107c  NetTcpPortSharing - ok
17:04:01.0794 0x107c  [ 450D0D2062C54DDA23583A78C0EB63D9, CEFB192B635222A2C5ADE8C0778E8228B3200DA94ECF870B9AC330557298E709 ] Netzmanager Service C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
17:04:01.0809 0x107c  Netzmanager Service - detected UnsignedFile.Multi.Generic ( 1 )
17:04:04.0352 0x107c  Detect skipped due to KSN trusted
17:04:04.0352 0x107c  Netzmanager Service - ok
17:04:04.0415 0x107c  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
17:04:04.0446 0x107c  nfrd960 - ok
17:04:04.0493 0x107c  [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc          C:\windows\System32\nlasvc.dll
17:04:04.0508 0x107c  NlaSvc - ok
17:04:04.0555 0x107c  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\windows\system32\drivers\Npfs.sys
17:04:04.0586 0x107c  Npfs - ok
17:04:04.0617 0x107c  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\windows\system32\nsisvc.dll
17:04:04.0649 0x107c  nsi - ok
17:04:04.0664 0x107c  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
17:04:04.0695 0x107c  nsiproxy - ok
17:04:04.0789 0x107c  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
17:04:04.0836 0x107c  Ntfs - ok
17:04:04.0867 0x107c  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\windows\system32\drivers\Null.sys
17:04:04.0898 0x107c  Null - ok
17:04:04.0961 0x107c  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\windows\system32\drivers\nvraid.sys
17:04:04.0976 0x107c  nvraid - ok
17:04:05.0007 0x107c  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\windows\system32\drivers\nvstor.sys
17:04:05.0023 0x107c  nvstor - ok
17:04:05.0054 0x107c  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
17:04:05.0085 0x107c  nv_agp - ok
17:04:05.0163 0x107c  [ B5D5DA8230D3D3525839D939A9196C3E, 32058E8D55D55D3E0EA31AFC37548B8F904A946D97E5E5FBC079AB1AD1650A60 ] OberonGameConsoleService C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
17:04:05.0195 0x107c  OberonGameConsoleService - ok
17:04:05.0226 0x107c  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
17:04:05.0257 0x107c  ohci1394 - ok
17:04:05.0351 0x107c  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:04:05.0366 0x107c  ose - ok
17:04:05.0429 0x107c  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
17:04:05.0460 0x107c  p2pimsvc - ok
17:04:05.0507 0x107c  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\windows\system32\p2psvc.dll
17:04:05.0538 0x107c  p2psvc - ok
17:04:05.0569 0x107c  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\windows\system32\DRIVERS\parport.sys
17:04:05.0585 0x107c  Parport - ok
17:04:05.0616 0x107c  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\windows\system32\drivers\partmgr.sys
17:04:05.0631 0x107c  partmgr - ok
17:04:05.0647 0x107c  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\windows\system32\DRIVERS\parvdm.sys
17:04:05.0663 0x107c  Parvdm - ok
17:04:05.0694 0x107c  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\windows\System32\pcasvc.dll
17:04:05.0709 0x107c  PcaSvc - ok
17:04:05.0741 0x107c  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\windows\system32\drivers\pci.sys
17:04:05.0772 0x107c  pci - ok
17:04:05.0787 0x107c  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\windows\system32\drivers\pciide.sys
17:04:05.0803 0x107c  pciide - ok
17:04:05.0834 0x107c  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
17:04:05.0850 0x107c  pcmcia - ok
17:04:05.0881 0x107c  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\windows\system32\drivers\pcw.sys
17:04:05.0897 0x107c  pcw - ok
17:04:05.0943 0x107c  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\windows\system32\drivers\peauth.sys
17:04:06.0006 0x107c  PEAUTH - ok
17:04:06.0115 0x107c  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\windows\system32\pla.dll
17:04:06.0193 0x107c  pla - ok
17:04:06.0255 0x107c  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\windows\system32\umpnpmgr.dll
17:04:06.0302 0x107c  PlugPlay - ok
17:04:06.0318 0x107c  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
17:04:06.0333 0x107c  PNRPAutoReg - ok
17:04:06.0365 0x107c  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
17:04:06.0396 0x107c  PNRPsvc - ok
17:04:06.0458 0x107c  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
17:04:06.0521 0x107c  PolicyAgent - ok
17:04:06.0567 0x107c  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\windows\system32\umpo.dll
17:04:06.0614 0x107c  Power - ok
17:04:06.0661 0x107c  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
17:04:06.0708 0x107c  PptpMiniport - ok
17:04:06.0723 0x107c  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\windows\system32\DRIVERS\processr.sys
17:04:06.0739 0x107c  Processor - ok
17:04:06.0801 0x107c  [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc         C:\windows\system32\profsvc.dll
17:04:06.0833 0x107c  ProfSvc - ok
17:04:06.0848 0x107c  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] ProtectedStorage C:\windows\system32\lsass.exe
17:04:06.0879 0x107c  ProtectedStorage - ok
17:04:06.0926 0x107c  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
17:04:06.0973 0x107c  Psched - ok
17:04:07.0051 0x107c  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E, 20ABD8372B242FD356AC143E7EB56F93CFEA4988ED1B0C4434CB64C387D7F66C ] PxHelp20        C:\windows\system32\Drivers\PxHelp20.sys
17:04:07.0067 0x107c  PxHelp20 - ok
17:04:07.0145 0x107c  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
17:04:07.0191 0x107c  ql2300 - ok
17:04:07.0223 0x107c  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
17:04:07.0254 0x107c  ql40xx - ok
17:04:07.0285 0x107c  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\windows\system32\qwave.dll
17:04:07.0316 0x107c  QWAVE - ok
17:04:07.0347 0x107c  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
17:04:07.0363 0x107c  QWAVEdrv - ok
17:04:07.0379 0x107c  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
17:04:07.0410 0x107c  RasAcd - ok
17:04:07.0472 0x107c  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
17:04:07.0519 0x107c  RasAgileVpn - ok
17:04:07.0535 0x107c  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\windows\System32\rasauto.dll
17:04:07.0581 0x107c  RasAuto - ok
17:04:07.0597 0x107c  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
17:04:07.0628 0x107c  Rasl2tp - ok
17:04:07.0675 0x107c  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\windows\System32\rasmans.dll
17:04:07.0722 0x107c  RasMan - ok
17:04:07.0737 0x107c  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
17:04:07.0769 0x107c  RasPppoe - ok
17:04:07.0784 0x107c  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
17:04:07.0815 0x107c  RasSstp - ok
17:04:07.0862 0x107c  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
17:04:07.0909 0x107c  rdbss - ok
17:04:07.0925 0x107c  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
17:04:07.0956 0x107c  rdpbus - ok
17:04:07.0971 0x107c  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
17:04:08.0003 0x107c  RDPCDD - ok
17:04:08.0049 0x107c  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
17:04:08.0081 0x107c  RDPENCDD - ok
17:04:08.0096 0x107c  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
17:04:08.0127 0x107c  RDPREFMP - ok
17:04:08.0252 0x107c  [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
17:04:08.0283 0x107c  RdpVideoMiniport - ok
17:04:08.0330 0x107c  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
17:04:08.0346 0x107c  RDPWD - ok
17:04:08.0408 0x107c  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
17:04:08.0439 0x107c  rdyboost - ok
17:04:08.0486 0x107c  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\windows\System32\mprdim.dll
17:04:08.0517 0x107c  RemoteAccess - ok
17:04:08.0564 0x107c  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\windows\system32\regsvc.dll
17:04:08.0595 0x107c  RemoteRegistry - ok
17:04:08.0642 0x107c  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
17:04:08.0689 0x107c  RpcEptMapper - ok
17:04:08.0705 0x107c  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\windows\system32\locator.exe
17:04:08.0720 0x107c  RpcLocator - ok
17:04:08.0767 0x107c  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\windows\system32\rpcss.dll
17:04:08.0798 0x107c  RpcSs - ok
17:04:08.0829 0x107c  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
17:04:08.0861 0x107c  rspndr - ok
17:04:08.0907 0x107c  [ 6465166DD9B2F841DABAD16ABDADBE98, C5E93E9739A14375A8242D11F3661A2D069DC0F88DD13C869F525E19808A362E ] RTL8167         C:\windows\system32\DRIVERS\Rt86win7.sys
17:04:08.0939 0x107c  RTL8167 - ok
17:04:08.0985 0x107c  [ 6E5FBB7CBAEC47038B945D5E9B144A64, B2AA2F39DAA841FCA470846CC07C580464E2F07C3EFAA64AF783144718F09C13 ] SABI            C:\windows\system32\Drivers\SABI.sys
17:04:09.0017 0x107c  SABI - ok
17:04:09.0063 0x107c  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] SamSs           C:\windows\system32\lsass.exe
17:04:09.0079 0x107c  SamSs - ok
17:04:09.0157 0x107c  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
17:04:09.0173 0x107c  sbp2port - ok
17:04:09.0219 0x107c  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\windows\System32\SCardSvr.dll
17:04:09.0251 0x107c  SCardSvr - ok
17:04:09.0266 0x107c  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
17:04:09.0313 0x107c  scfilter - ok
17:04:09.0391 0x107c  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\windows\system32\schedsvc.dll
17:04:09.0438 0x107c  Schedule - ok
17:04:09.0469 0x107c  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\windows\System32\certprop.dll
17:04:09.0516 0x107c  SCPolicySvc - ok
17:04:09.0547 0x107c  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\windows\System32\SDRSVC.dll
17:04:09.0563 0x107c  SDRSVC - ok
17:04:09.0625 0x107c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\windows\system32\drivers\secdrv.sys
17:04:09.0672 0x107c  secdrv - ok
17:04:09.0687 0x107c  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\windows\system32\seclogon.dll
17:04:09.0719 0x107c  seclogon - ok
17:04:09.0734 0x107c  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\windows\System32\sens.dll
17:04:09.0765 0x107c  SENS - ok
17:04:09.0812 0x107c  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\windows\system32\sensrsvc.dll
17:04:09.0843 0x107c  SensrSvc - ok
17:04:09.0890 0x107c  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
17:04:09.0906 0x107c  Serenum - ok
17:04:09.0953 0x107c  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\windows\system32\DRIVERS\serial.sys
17:04:09.0984 0x107c  Serial - ok
17:04:09.0999 0x107c  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
17:04:10.0031 0x107c  sermouse - ok
17:04:10.0077 0x107c  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\windows\system32\sessenv.dll
17:04:10.0109 0x107c  SessionEnv - ok
17:04:10.0140 0x107c  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
17:04:10.0171 0x107c  sffdisk - ok
17:04:10.0187 0x107c  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
17:04:10.0202 0x107c  sffp_mmc - ok
17:04:10.0218 0x107c  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
17:04:10.0233 0x107c  sffp_sd - ok
17:04:10.0265 0x107c  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
17:04:10.0296 0x107c  sfloppy - ok
17:04:10.0358 0x107c  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\windows\System32\ipnathlp.dll
17:04:10.0405 0x107c  SharedAccess - ok
17:04:10.0436 0x107c  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\windows\System32\shsvcs.dll
17:04:10.0467 0x107c  ShellHWDetection - ok
17:04:10.0499 0x107c  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\windows\system32\drivers\sisagp.sys
17:04:10.0514 0x107c  sisagp - ok
17:04:10.0561 0x107c  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
17:04:10.0577 0x107c  SiSRaid2 - ok
17:04:10.0608 0x107c  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
17:04:10.0623 0x107c  SiSRaid4 - ok
17:04:10.0623 0x107c  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\windows\system32\DRIVERS\smb.sys
17:04:10.0655 0x107c  Smb - ok
17:04:10.0717 0x107c  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
17:04:10.0733 0x107c  SNMPTRAP - ok
17:04:10.0779 0x107c  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\windows\system32\drivers\spldr.sys
17:04:10.0795 0x107c  spldr - ok
17:04:10.0842 0x107c  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\windows\System32\spoolsv.exe
17:04:10.0857 0x107c  Spooler - ok
17:04:11.0013 0x107c  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\windows\system32\sppsvc.exe
17:04:11.0138 0x107c  sppsvc - ok
17:04:11.0185 0x107c  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\windows\system32\sppuinotify.dll
17:04:11.0232 0x107c  sppuinotify - ok
17:04:11.0279 0x107c  [ 86EBD8B1F23E743AAD21F4D5B4D40985, 8FA4DFDAE15712266B878C364FEFDB63CB30A3DCC25F83CDFE8C8AB3AE864BE6 ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:04:11.0294 0x107c  SQLBrowser - ok
17:04:11.0357 0x107c  [ D89083C4EB02DACA8F944B0E05E57F9D, F96416B5877C280B4EE088A83956E0202F82DC5EACDEEFF06D5979FFFAA9FA74 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:04:11.0357 0x107c  SQLWriter - ok
17:04:11.0419 0x107c  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\windows\system32\DRIVERS\srv.sys
17:04:11.0435 0x107c  srv - ok
17:04:11.0466 0x107c  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
17:04:11.0481 0x107c  srv2 - ok
17:04:11.0497 0x107c  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
17:04:11.0513 0x107c  srvnet - ok
17:04:11.0559 0x107c  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
17:04:11.0606 0x107c  SSDPSRV - ok
17:04:11.0637 0x107c  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\windows\system32\sstpsvc.dll
17:04:11.0669 0x107c  SstpSvc - ok
17:04:11.0700 0x107c  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
17:04:11.0715 0x107c  stexstor - ok
17:04:11.0762 0x107c  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\windows\System32\wiaservc.dll
17:04:11.0793 0x107c  StiSvc - ok
17:04:11.0840 0x107c  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\windows\system32\drivers\swenum.sys
17:04:11.0856 0x107c  swenum - ok
17:04:11.0887 0x107c  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\windows\System32\swprv.dll
17:04:11.0934 0x107c  swprv - ok
17:04:12.0012 0x107c  [ 7A9025D8F7852B06D6D08ED536135E7E, 814153517841D316AA44D59F31B3C6DAD09DE688AF6B946D9B0970EAE815CAAD ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
17:04:12.0027 0x107c  SynTP - ok
17:04:12.0090 0x107c  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\windows\system32\sysmain.dll
17:04:12.0152 0x107c  SysMain - ok
17:04:12.0199 0x107c  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\windows\System32\TabSvc.dll
17:04:12.0215 0x107c  TabletInputService - ok
17:04:12.0261 0x107c  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\windows\System32\tapisrv.dll
17:04:12.0308 0x107c  TapiSrv - ok
17:04:12.0339 0x107c  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\windows\System32\tbssvc.dll
17:04:12.0371 0x107c  TBS - ok
17:04:12.0480 0x107c  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
17:04:12.0527 0x107c  Tcpip - ok
17:04:12.0589 0x107c  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
17:04:12.0636 0x107c  TCPIP6 - ok
17:04:12.0683 0x107c  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
17:04:12.0714 0x107c  tcpipreg - ok
17:04:12.0761 0x107c  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
17:04:12.0792 0x107c  TDPIPE - ok
17:04:12.0823 0x107c  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
17:04:12.0854 0x107c  TDTCP - ok
17:04:12.0885 0x107c  [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx             C:\windows\system32\DRIVERS\tdx.sys
17:04:12.0901 0x107c  tdx - ok
17:04:12.0932 0x107c  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\windows\system32\drivers\termdd.sys
17:04:12.0948 0x107c  TermDD - ok
17:04:13.0010 0x107c  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\windows\System32\termsrv.dll
17:04:13.0041 0x107c  TermService - ok
17:04:13.0088 0x107c  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\windows\system32\themeservice.dll
17:04:13.0119 0x107c  Themes - ok
17:04:13.0151 0x107c  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\windows\system32\mmcss.dll
17:04:13.0182 0x107c  THREADORDER - ok
17:04:13.0213 0x107c  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\windows\System32\trkwks.dll
17:04:13.0260 0x107c  TrkWks - ok
17:04:13.0322 0x107c  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
17:04:13.0369 0x107c  TrustedInstaller - ok
17:04:13.0416 0x107c  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
17:04:13.0431 0x107c  tssecsrv - ok
17:04:13.0463 0x107c  [ 9CE253214ACAA5A7D323327D2055EFAA, 15E7DB578EDF36DD2FD5BA960C3941B2353037323B6B96702CDCDC07588EA724 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
17:04:13.0478 0x107c  TsUsbFlt - ok
17:04:13.0541 0x107c  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
17:04:13.0587 0x107c  tunnel - ok
17:04:13.0619 0x107c  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
17:04:13.0634 0x107c  uagp35 - ok
17:04:13.0665 0x107c  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
17:04:13.0697 0x107c  udfs - ok
17:04:13.0743 0x107c  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\windows\system32\UI0Detect.exe
17:04:13.0759 0x107c  UI0Detect - ok
17:04:13.0837 0x107c  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
17:04:13.0853 0x107c  uliagpkx - ok
17:04:13.0915 0x107c  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\windows\system32\drivers\umbus.sys
17:04:13.0946 0x107c  umbus - ok
17:04:13.0977 0x107c  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
17:04:13.0993 0x107c  UmPass - ok
17:04:14.0024 0x107c  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\windows\System32\upnphost.dll
17:04:14.0071 0x107c  upnphost - ok
17:04:14.0149 0x107c  [ EC1C23779BB41A8B2AB2AA6FCE308BDE, D027A2B472CAE97AECB16F69BE52E06CB61E1C61AE196C22662050B711C1C72D ] USBAAPL         C:\windows\system32\Drivers\usbaapl.sys
17:04:14.0165 0x107c  USBAAPL - ok
17:04:14.0211 0x107c  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
17:04:14.0227 0x107c  usbccgp - ok
17:04:14.0274 0x107c  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\windows\system32\drivers\usbcir.sys
17:04:14.0305 0x107c  usbcir - ok
17:04:14.0352 0x107c  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
17:04:14.0367 0x107c  usbehci - ok
17:04:14.0445 0x107c  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
17:04:14.0461 0x107c  usbhub - ok
17:04:14.0477 0x107c  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\windows\system32\drivers\usbohci.sys
17:04:14.0492 0x107c  usbohci - ok
17:04:14.0555 0x107c  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
17:04:14.0570 0x107c  usbprint - ok
17:04:14.0664 0x107c  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\windows\system32\drivers\usbscan.sys
17:04:14.0695 0x107c  usbscan - ok
17:04:14.0711 0x107c  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
17:04:14.0742 0x107c  USBSTOR - ok
17:04:14.0757 0x107c  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\windows\system32\DRIVERS\usbuhci.sys
17:04:14.0773 0x107c  usbuhci - ok
17:04:14.0835 0x107c  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
17:04:14.0867 0x107c  usbvideo - ok
17:04:14.0898 0x107c  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\windows\System32\uxsms.dll
17:04:14.0929 0x107c  UxSms - ok
17:04:14.0960 0x107c  [ BF08DE8E4FA1F143D41B3241F7FCE5F6, 4140BE0ECE0D4B8FDD413DBA120F5D7EF6F94628224320EDA2A85E50BEFDA638 ] VaultSvc        C:\windows\system32\lsass.exe
17:04:14.0991 0x107c  VaultSvc - ok
17:04:15.0038 0x107c  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
17:04:15.0069 0x107c  vdrvroot - ok
17:04:15.0116 0x107c  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\windows\System32\vds.exe
17:04:15.0163 0x107c  vds - ok
17:04:15.0194 0x107c  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
17:04:15.0210 0x107c  vga - ok
17:04:15.0241 0x107c  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\windows\System32\drivers\vga.sys
17:04:15.0272 0x107c  VgaSave - ok
17:04:15.0335 0x107c  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
17:04:15.0366 0x107c  vhdmp - ok
17:04:15.0413 0x107c  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\windows\system32\drivers\viaagp.sys
17:04:15.0428 0x107c  viaagp - ok
17:04:15.0444 0x107c  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\windows\system32\DRIVERS\viac7.sys
17:04:15.0475 0x107c  ViaC7 - ok
17:04:15.0506 0x107c  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\windows\system32\drivers\viaide.sys
17:04:15.0522 0x107c  viaide - ok
17:04:15.0537 0x107c  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\windows\system32\drivers\volmgr.sys
17:04:15.0553 0x107c  volmgr - ok
17:04:15.0584 0x107c  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
17:04:15.0631 0x107c  volmgrx - ok
17:04:15.0647 0x107c  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\windows\system32\drivers\volsnap.sys
17:04:15.0678 0x107c  volsnap - ok
17:04:15.0740 0x107c  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
17:04:15.0756 0x107c  vsmraid - ok
17:04:15.0834 0x107c  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\windows\system32\vssvc.exe
17:04:15.0896 0x107c  VSS - ok
17:04:16.0130 0x107c  [ D47AD4C199EB4F298597BF2EB5305DC3, 7D0E32499AF581C82D5EE0C366AFB6C388F8C4FFCCCE9C0E46162F3C27A96F32 ] vToolbarUpdater18.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe
17:04:16.0177 0x107c  vToolbarUpdater18.2.0 - ok
17:04:16.0208 0x107c  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
17:04:16.0224 0x107c  vwifibus - ok
17:04:16.0255 0x107c  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
17:04:16.0286 0x107c  vwififlt - ok
17:04:16.0317 0x107c  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
17:04:16.0349 0x107c  vwifimp - ok
17:04:16.0380 0x107c  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\windows\system32\w32time.dll
17:04:16.0427 0x107c  W32Time - ok
17:04:16.0458 0x107c  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
17:04:16.0473 0x107c  WacomPen - ok
17:04:16.0536 0x107c  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
17:04:16.0567 0x107c  WANARP - ok
17:04:16.0567 0x107c  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
17:04:16.0598 0x107c  Wanarpv6 - ok
17:04:16.0692 0x107c  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\windows\system32\wbengine.exe
17:04:16.0739 0x107c  wbengine - ok
17:04:16.0770 0x107c  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
17:04:16.0785 0x107c  WbioSrvc - ok
17:04:16.0848 0x107c  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\windows\System32\wcncsvc.dll
17:04:16.0910 0x107c  wcncsvc - ok
17:04:16.0926 0x107c  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
17:04:16.0957 0x107c  WcsPlugInService - ok
17:04:16.0988 0x107c  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\windows\system32\DRIVERS\wd.sys
17:04:17.0004 0x107c  Wd - ok
17:04:17.0191 0x107c  [ 502FA6BD01D9141D34C2FCA8F8726E3F, 078D88854404F989445725B3693F1B22B8C25F5DCCD9AD5B15AE0E6521FB04D7 ] WDBackup        C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
17:04:17.0238 0x107c  WDBackup - ok
17:04:17.0300 0x107c  [ D6EFAF429FD30C5DF613D220E344CCE7, 807D4563E8AD4073688691078EB13AF240E14BA5E0C8506A48B3060A20B90082 ] WDC_SAM         C:\windows\system32\DRIVERS\wdcsam.sys
17:04:17.0316 0x107c  WDC_SAM - ok
17:04:17.0409 0x107c  [ 28E0104D77501C8576BC4F32BB73CE9F, 120E0C17443CB687A538D0EA75D5CAC8F8E44A70FADCAF9B2395C061D817B695 ] WDDriveService  C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
17:04:17.0441 0x107c  WDDriveService - ok
17:04:17.0503 0x107c  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
17:04:17.0534 0x107c  Wdf01000 - ok
17:04:17.0597 0x107c  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost  C:\windows\system32\wdi.dll
17:04:17.0628 0x107c  WdiServiceHost - ok
17:04:17.0628 0x107c  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost   C:\windows\system32\wdi.dll
17:04:17.0659 0x107c  WdiSystemHost - ok
17:04:17.0706 0x107c  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\windows\System32\webclnt.dll
17:04:17.0737 0x107c  WebClient - ok
17:04:17.0768 0x107c  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\windows\system32\wecsvc.dll
17:04:17.0799 0x107c  Wecsvc - ok
17:04:17.0831 0x107c  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\windows\System32\wercplsupport.dll
17:04:17.0862 0x107c  wercplsupport - ok
17:04:17.0893 0x107c  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\windows\System32\WerSvc.dll
17:04:17.0924 0x107c  WerSvc - ok
17:04:17.0971 0x107c  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
17:04:18.0033 0x107c  WfpLwf - ok
17:04:18.0049 0x107c  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\windows\system32\drivers\wimmount.sys
17:04:18.0049 0x107c  WIMMount - ok
17:04:18.0143 0x107c  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
17:04:18.0174 0x107c  WinDefend - ok
17:04:18.0221 0x107c  WinHttpAutoProxySvc - ok
17:04:18.0267 0x107c  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
17:04:18.0314 0x107c  Winmgmt - ok
17:04:18.0392 0x107c  [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM           C:\windows\system32\WsmSvc.dll
17:04:18.0455 0x107c  WinRM - ok
17:04:18.0548 0x107c  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
17:04:18.0579 0x107c  WinUsb - ok
17:04:18.0657 0x107c  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\windows\System32\wlansvc.dll
17:04:18.0689 0x107c  Wlansvc - ok
17:04:18.0876 0x107c  [ 5E7C103F8475C4289847D15E129C20F7, C6325D3557545FA1DA26B0B1EA9A1C95AED1FA84A93BE29A771DAD9ECB00768B ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:04:18.0938 0x107c  wlidsvc - ok
17:04:18.0969 0x107c  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
17:04:18.0985 0x107c  WmiAcpi - ok
17:04:19.0016 0x107c  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
17:04:19.0032 0x107c  wmiApSrv - ok
17:04:19.0157 0x107c  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
17:04:19.0203 0x107c  WMPNetworkSvc - ok
17:04:19.0235 0x107c  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\windows\System32\wpcsvc.dll
17:04:19.0266 0x107c  WPCSvc - ok
17:04:19.0297 0x107c  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
17:04:19.0313 0x107c  WPDBusEnum - ok
17:04:19.0359 0x107c  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
17:04:19.0391 0x107c  ws2ifsl - ok
17:04:19.0406 0x107c  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\windows\System32\wscsvc.dll
17:04:19.0437 0x107c  wscsvc - ok
17:04:19.0437 0x107c  WSearch - ok
17:04:19.0562 0x107c  [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv        C:\windows\system32\wuaueng.dll
17:04:19.0625 0x107c  wuauserv - ok
17:04:19.0687 0x107c  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
17:04:19.0718 0x107c  WudfPf - ok
17:04:19.0765 0x107c  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
17:04:19.0796 0x107c  WUDFRd - ok
17:04:19.0827 0x107c  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\windows\System32\WUDFSvc.dll
17:04:19.0859 0x107c  wudfsvc - ok
17:04:19.0905 0x107c  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\windows\System32\wwansvc.dll
17:04:19.0921 0x107c  WwanSvc - ok
17:04:19.0968 0x107c  ================ Scan global ===============================
17:04:19.0999 0x107c  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\windows\system32\basesrv.dll
17:04:20.0030 0x107c  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\windows\system32\winsrv.dll
17:04:20.0046 0x107c  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\windows\system32\winsrv.dll
17:04:20.0093 0x107c  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\windows\system32\sxssrv.dll
17:04:20.0124 0x107c  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\windows\system32\services.exe
17:04:20.0139 0x107c  [ Global ] - ok
17:04:20.0139 0x107c  ================ Scan MBR ==================================
17:04:20.0155 0x107c  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
17:04:20.0623 0x107c  \Device\Harddisk0\DR0 - ok
17:04:20.0623 0x107c  ================ Scan VBR ==================================
17:04:20.0639 0x107c  [ F19731E6FE94B6AE3E1F3E18BD062D9A ] \Device\Harddisk0\DR0\Partition1
17:04:20.0639 0x107c  \Device\Harddisk0\DR0\Partition1 - ok
17:04:20.0670 0x107c  [ 039F31F2E9940BD683EF2C7CBAFDFD80 ] \Device\Harddisk0\DR0\Partition2
17:04:20.0670 0x107c  \Device\Harddisk0\DR0\Partition2 - ok
17:04:20.0701 0x107c  [ 4B236011C4DBD5465D8A22A621C526D4 ] \Device\Harddisk0\DR0\Partition3
17:04:20.0701 0x107c  \Device\Harddisk0\DR0\Partition3 - ok
17:04:20.0701 0x107c  ================ Scan generic autorun ======================
17:04:21.0029 0x107c  [ F50CA00F1929D9294FE01894D0168A7F, 197B7402215422B05837439E6973FD76F8C052A089DB61AA75CF8082A8389344 ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
17:04:21.0247 0x107c  RtHDVCpl - ok
17:04:21.0356 0x107c  [ 934DE0EDBED59940A2725050DA13A066, CB231A76001E380EDEDE8DE3A1713CC87D95D96EF7E757D18C6B6B209C215C6F ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
17:04:21.0403 0x107c  SynTPEnh - ok
17:04:21.0497 0x107c  [ 1CEB6E00AEDDAE46BF52DD4741DD80BA, 60266CBB61F73AF3A143C65F5907897B4522D905AA25C2FBAD40EB6CDEF4E65E ] C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe
17:04:21.0528 0x107c  LexwareInfoService - ok
17:04:21.0621 0x107c  [ 2E3E50D717026B41219435A6C649D80D, D1FB5E2EA97F6C0ED7E1EE785D44AD4F7951792BD45969C3E98142A0B66DE860 ] C:\Program Files\GMX\LiveUpdate\m2LUTray.exe
17:04:21.0699 0x107c  GMX Update - ok
17:04:21.0746 0x107c  [ 3E4C03CEFAD8DE135263236B61A49C90, 243201B64F4B60D55CDB1A3BF4B9AA60BC22EB8ACA88E95042EE48AC5DF5F397 ] C:\windows\system32\NeroCheck.exe
17:04:21.0762 0x107c  NeroFilterCheck - detected UnsignedFile.Multi.Generic ( 1 )
17:04:24.0273 0x107c  Detect skipped due to KSN trusted
17:04:24.0273 0x107c  NeroFilterCheck - ok
17:04:24.0305 0x107c  [ 5CA1626C5FC942EDE31F2FF31E9632E2, 270A528B310CDC82E4246259967FE9E38BCAB8BE84B272A1991258C6ACCB55B5 ] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
17:04:24.0336 0x107c  SSBkgdUpdate - ok
17:04:24.0383 0x107c  [ 8A6ECE22270BD9D4CFD4553E26B5C69A, 5718B0E7ECF55A81EC5E8E6C8B4835F8DB99C3DA54F9A5E6AF86AC5C4EEC2D4A ] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
17:04:24.0398 0x107c  OpwareSE4 - ok
17:04:24.0476 0x107c  [ 583B7D111304BE63D7D9CB65482D2187, BD9618C9EFED73BC0EB1029502FE0AE0AECD8B0ABA506797C78327E71FF0FC0F ] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
17:04:24.0492 0x107c  ISUSScheduler - detected UnsignedFile.Multi.Generic ( 1 )
17:04:27.0440 0x107c  Detect skipped due to KSN trusted
17:04:27.0440 0x107c  ISUSScheduler - ok
17:04:27.0487 0x107c  [ 2C1B1E9174D94E9F6EE3CF373ABAB7DD, 729D283DF70F727824EBCA223D5E5B27D16E3E2B5312B1B34CAE1E763192D7B5 ] C:\windows\system32\igfxtray.exe
17:04:27.0503 0x107c  IgfxTray - ok
17:04:27.0518 0x107c  [ 87D78CF6365BDDACBE9D34B60FE0E23B, 4561DE7171FD9035FEDF7EEA059859732996A5E72364D0D9F230563A1A6AE3D4 ] C:\windows\system32\hkcmd.exe
17:04:27.0534 0x107c  HotKeysCmds - ok
17:04:27.0565 0x107c  [ 89D3DE5E2C77DCD99C56F0E46310AEA0, 02E1B2353E5D5F65D7968698AFE079A4DF11C230F6213C07D128F47147BACA29 ] C:\windows\system32\igfxpers.exe
17:04:27.0581 0x107c  Persistence - ok
17:04:27.0627 0x107c  [ 545676F48851A5C65A38CAE5B5518C95, F7CD893B8198AA22347CB96A61C258217FA0A1B1CC1733784B5FD84A7B208264 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
17:04:27.0643 0x107c  APSDaemon - ok
17:04:27.0768 0x107c  [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
17:04:27.0815 0x107c  Adobe ARM - ok
17:04:27.0939 0x107c  [ 63C7C530B77CD57473582CEE538E49AE, 08C84B9ECB934DF46A0DA4769757791DF9A15846E8E9A1B229512D0E0260FF52 ] C:\Program Files\Samsung\EmoDio\SMSTray.exe
17:04:27.0971 0x107c  SMSTray - detected UnsignedFile.Multi.Generic ( 1 )
17:04:30.0482 0x107c  Detect skipped due to KSN trusted
17:04:30.0482 0x107c  SMSTray - ok
17:04:30.0935 0x107c  [ 9DB4F8D6F900D0511CC216783C7F7D48, 63FD23A41C26186302104B9752EFEC91FDCB7AEF68ECC4956809F5009B6A65C5 ] C:\Program Files\AVG\AVG2015\avgui.exe
17:04:31.0028 0x107c  AVG_UI - ok
17:04:31.0122 0x107c  [ 3CD5FBD8B1EA8F5B51DE894A881C0092, C23B4F9DD68B0C58E39407F2F05BB1079AA6C4E33C9DFB8E21571E303284EBEC ] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
17:04:31.0122 0x107c  Corel Photo Downloader - detected UnsignedFile.Multi.Generic ( 1 )
17:04:33.0696 0x107c  Detect skipped due to KSN trusted
17:04:33.0696 0x107c  Corel Photo Downloader - ok
17:04:33.0774 0x107c  [ DDEFF7E98629203E66BB4298FABC5983, 59CBE0A49AAA93898831B1D64FFB1D0809736CABB4D19843DB2E99C2650D1AD9 ] C:\Program Files\PDF24\pdf24.exe
17:04:33.0789 0x107c  PDFPrint - ok
17:04:33.0867 0x107c  [ 08E7173D1B74095335052459200CB1EA, 5B6EB8A65B5F451BF6115EB7CD1355E5870E6D764F22D767D13216BF17C5668F ] C:\Program Files\QuickTime\QTTask.exe
17:04:33.0883 0x107c  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
17:04:36.0395 0x107c  Detect skipped due to KSN trusted
17:04:36.0395 0x107c  QuickTime Task - ok
17:04:36.0473 0x107c  [ D88B2D487439305A2EC308A6796C3044, 79DF0A41ECB08D5BEB3393B2BA15E6C88AD626803E1734EFBA0DBE4ECF7274D7 ] C:\Program Files\iTunes\iTunesHelper.exe
17:04:36.0488 0x107c  iTunesHelper - ok
17:04:36.0722 0x107c  [ 63997A29C8DA4000D7C651B46517E6B2, CCF942AE01D2E0AF8F854C88849AD54CAD2C8C3BA57C88007E4A49E05148197D ] C:\Program Files\AVG Web TuneUp\vprot.exe
17:04:36.0816 0x107c  vProt - ok
17:04:37.0097 0x107c  [ 36CD605A0DDAFCBC3882B3B3152D5564, 0CD799F2E534D63B6D93D2A7534AD078FE14714F923D158DFEF74C4DD0E5021E ] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
17:04:37.0237 0x107c  WD Quick View - ok
17:04:37.0502 0x107c  [ 3B95D79E0342130CCC2704E0DC4CF306, A7D5D9485931FA2F1F9554E11453DF8EDEC54D445644C2184C1F34B5AE9CA01D ] C:\Program Files\Fitbit Connect\Fitbit Connect.exe
17:04:37.0627 0x107c  Fitbit Connect - ok
17:04:37.0736 0x107c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
17:04:37.0783 0x107c  Sidebar - ok
17:04:37.0830 0x107c  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
17:04:37.0861 0x107c  mctadmin - ok
17:04:37.0892 0x107c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
17:04:37.0939 0x107c  Sidebar - ok
17:04:37.0955 0x107c  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
17:04:37.0970 0x107c  mctadmin - ok
17:04:38.0001 0x107c  [ 58EDDFEC65B6AA166FC7FF4A442CC4B5, 3808ECE0F7CE34F42ABEF38547F6423D637FEA8C3C585283EE5B26C0E068CE05 ] C:\Program Files\Power DVD Player\PowerDVDPlayer.exe
17:04:38.0017 0x107c  Power DVD Player - detected UnsignedFile.Multi.Generic ( 1 )
17:04:48.0110 0x107c  Power DVD Player ( UnsignedFile.Multi.Generic ) - warning
17:04:48.0110 0x107c  Force sending object to P2P due to detect: C:\Program Files\Power DVD Player\PowerDVDPlayer.exe
17:05:00.0746 0x107c  Object send P2P result: true
17:05:03.0351 0x107c  [ 85458A400758C8533A0CE732B06E5BA1, A4C90E8E98F6B0C27188B089A9789234DE9E8CE6FA2CA64C4D376BB98B1729B6 ] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
17:05:03.0367 0x107c  AnyDVD - ok
17:05:03.0414 0x107c  [ 9E109B03018763FDCB075CE74547BE22, 7321873E646F24B63B7C88B6BC9F4BE5D4DAB60284A9C2E9F0EB895A9E90231B ] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
17:05:03.0414 0x107c  ISUSPM Startup - detected UnsignedFile.Multi.Generic ( 1 )
17:05:05.0941 0x107c  Detect skipped due to KSN trusted
17:05:05.0941 0x107c  ISUSPM Startup - ok
17:05:06.0035 0x107c  AVG-Secure-Search-Update_1213b - ok
17:05:06.0237 0x107c  [ 3B95D79E0342130CCC2704E0DC4CF306, A7D5D9485931FA2F1F9554E11453DF8EDEC54D445644C2184C1F34B5AE9CA01D ] C:\Program Files\Fitbit Connect\Fitbit Connect.exe
17:05:06.0347 0x107c  Fitbit Connect - ok
17:05:06.0425 0x107c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
17:05:06.0471 0x107c  Sidebar - ok
17:05:06.0503 0x107c  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
17:05:06.0534 0x107c  mctadmin - ok
17:05:06.0534 0x107c  Waiting for KSN requests completion. In queue: 1
17:05:07.0548 0x107c  Waiting for KSN requests completion. In queue: 1
17:05:08.0577 0x107c  AV detected via SS2: AVG AntiVirus Free Edition 2015, C:\Program Files\AVG\AVG2015\avgwsc.exe ( 15.0.0.5646 ), 0x41000 ( enabled : updated )
17:05:08.0577 0x107c  Win FW state via NFP2: enabled
17:05:11.0042 0x107c  ============================================================
17:05:11.0042 0x107c  Scan finished
17:05:11.0042 0x107c  ============================================================
17:05:11.0058 0x1578  Detected object count: 1
17:05:11.0058 0x1578  Actual detected object count: 1
17:05:32.0087 0x1578  Power DVD Player ( UnsignedFile.Multi.Generic ) - skipped by user
17:05:32.0087 0x1578  Power DVD Player ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:05:43.0319 0x0c9c  Deinitialize success
         
Code:
ATTFilter
16:49:03.0128 0x0478  Detected object count: 1
16:49:03.0128 0x0478  Actual detected object count: 1
16:49:15.0873 0x0478  QuickTime Task ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:15.0873 0x0478  QuickTime Task ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:49:23.0065 0x174c  Deinitialize success
         
Code:
ATTFilter
16:44:53.0321 0x1414  Detected object count: 1
16:44:53.0321 0x1414  Actual detected object count: 1
16:45:13.0445 0x1414  NeroFilterCheck ( UnsignedFile.Multi.Generic ) - skipped by user
16:45:13.0445 0x1414  NeroFilterCheck ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:46:48.0965 0x0d4c  Deinitialize success
         
Code:
ATTFilter
16:35:05.0179 0x0c00  Detected object count: 1
16:35:05.0179 0x0c00  Actual detected object count: 1
16:35:14.0776 0x0c00  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:35:14.0776 0x0c00  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:35:20.0999 0x1964  Deinitialize success
         
Viele Grüße
kroko123
__________________

Alt 25.02.2015, 06:04   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Telekom Abuse Team, Infektion: generic - Standard

Telekom Abuse Team, Infektion: generic



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.02.2015, 20:54   #5
Kroko123
 
Telekom Abuse Team, Infektion: generic - Standard

Telekom Abuse Team, Infektion: generic



Hi Schrauber,

hier ist mein Log von Combofix:

Code:
ATTFilter
ComboFix 15-02-16.01 - Egerland 25.02.2015  19:19:16.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3005.1782 [GMT 1:00]
ausgeführt von:: c:\users\Egerland\Desktop\Virenanalyse\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Egerland\AppData\Roaming\.#
c:\windows\IsUn0407.exe
c:\windows\tmp
c:\windows\tmp\AVG_TB_DumpLog.txt
c:\windows\tmp\dd_vcredistMSI619A.txt
c:\windows\tmp\dd_vcredistMSI7654.txt
c:\windows\tmp\dd_vcredistUI619D.txt
c:\windows\tmp\dd_vcredistUI7654.txt
c:\windows\tmp\qtsingleapp-koboex-f4a6-1-lockfile
c:\windows\tmp\toolbar_log.txt
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-01-25 bis 2015-02-25  ))))))))))))))))))))))))))))))
.
.
2015-02-25 20:04 . 2015-02-25 20:04	--------	d-----w-	c:\users\TEMP\AppData\Local\temp
2015-02-25 20:04 . 2015-02-25 20:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-02-25 20:04 . 2015-02-25 20:04	--------	d-----w-	c:\users\Administrator.Egerland-PC\AppData\Local\temp
2015-02-25 14:00 . 2015-02-25 14:00	--------	d-----w-	c:\programdata\Avg_Update_0215tb
2015-02-25 13:55 . 2015-02-25 13:55	--------	d--h--w-	c:\windows\AxInstSV
2015-02-24 14:27 . 2015-02-24 14:27	--------	d-----w-	c:\programdata\Malwarebytes
2015-02-24 14:27 . 2015-02-24 15:12	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-02-24 14:27 . 2015-02-24 14:27	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-24 14:26 . 2015-02-24 14:26	92888	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-02-24 14:12 . 2015-02-24 14:12	--------	d-----w-	c:\program files\VS Revo Group
2015-02-23 20:06 . 2015-02-23 20:06	104960	----a-w-	C:\pwdyqkob.sys
2015-02-23 16:04 . 2015-02-23 16:07	--------	d-----w-	C:\FRST
2015-02-21 20:35 . 2015-02-21 20:35	--------	d-----w-	c:\users\Egerland\AppData\Local\HL
2015-02-21 20:29 . 2015-02-21 20:29	--------	d-----w-	c:\programdata\AAV
2015-02-21 20:21 . 2015-02-21 20:21	--------	d-----w-	c:\programdata\HL
2015-02-11 18:07 . 2015-01-23 03:43	620032	----a-w-	c:\windows\system32\jscript9diag.dll
2015-02-11 18:07 . 2015-01-23 03:17	4300800	----a-w-	c:\windows\system32\jscript9.dll
2015-02-10 18:38 . 2014-11-26 03:32	571904	----a-w-	c:\windows\system32\oleaut32.dll
2015-02-10 18:37 . 2015-01-12 02:21	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2015-02-10 18:36 . 2014-12-12 05:07	1174528	----a-w-	c:\windows\system32\crypt32.dll
2015-02-10 18:36 . 2014-07-07 01:40	179200	----a-w-	c:\windows\system32\wintrust.dll
2015-02-10 18:36 . 2014-07-07 01:40	143872	----a-w-	c:\windows\system32\cryptsvc.dll
2015-02-10 18:36 . 2014-12-08 02:46	308224	----a-w-	c:\windows\system32\scesrv.dll
2015-02-10 18:36 . 2015-01-13 02:49	1230336	----a-w-	c:\windows\system32\WindowsCodecs.dll
2015-02-07 16:00 . 2015-02-07 16:00	--------	d-----w-	c:\program files\Common Files\Java
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-25 14:12 . 2014-12-09 12:38	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-02-07 16:00 . 2014-12-07 20:42	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2015-02-05 18:39 . 2012-11-16 20:07	701616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-02-05 18:39 . 2011-11-09 20:11	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-19 02:43 . 2015-01-15 12:52	164864	----a-w-	c:\windows\system32\profsvc.dll
2014-12-19 01:34 . 2015-01-15 12:52	116224	----a-w-	c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-15 12:52	56320	----a-w-	c:\windows\system32\TSWbPrxy.exe
2014-12-10 15:39 . 2014-12-10 15:40	43296	----a-w-	c:\windows\system32\drivers\avgtpx86.sys
2014-12-08 20:25 . 2014-12-08 20:25	208152	----a-w-	c:\windows\system32\drivers\avgidsdriverx.sys
2014-12-06 03:50 . 2015-01-15 12:52	242688	----a-w-	c:\windows\system32\nlasvc.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-12-10 15:39	2395160	----a-w-	c:\program files\AVG Web TuneUp\4.0.5.7\AVG Web TuneUp.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power DVD Player"="c:\program files\Power DVD Player\PowerDVDPlayer.exe" [2007-09-06 391168]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2014-10-01 109480]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"Fitbit Connect"="c:\program files\Fitbit Connect\Fitbit Connect.exe" [2014-12-12 4370976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"LexwareInfoService"="c:\program files\Lexware\Update Manager\LxUpdateManager.exe" [2013-10-08 208424]
"GMX Update"="c:\program files\GMX\LiveUpdate\m2LUTray.exe" [2009-10-16 2229632]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"SMSTray"="c:\program files\Samsung\EmoDio\SMSTray.exe" [2009-04-16 479232]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2015-01-06 3674576]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-02 106496]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2014-02-06 189480]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-09-01 152392]
"vProt"="c:\program files\AVG Web TuneUp\vprot.exe" [2014-12-10 3081752]
"WD Quick View"="c:\program files\Western Digital\WD Quick View\WDDMStatus.exe" [2014-12-02 5562736]
"Fitbit Connect"="c:\program files\Fitbit Connect\Fitbit Connect.exe" [2014-12-12 4370976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
.
c:\users\Egerland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Netzmanager.lnk - c:\program files\Netzmanager\netzmanager.exe /Autostart [2010-3-22 1540096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageBrowser EX Agent.lnk - c:\program files\Canon\ImageBrowser EX\MFManager.exe [2013-10-24 69120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [2015-01-06 3440080]
R2 gupdate1cacc505e5a502c;Google Update Service (gupdate1cacc505e5a502c);c:\program files\Google\Update\GoogleUpdate.exe [2014-10-24 107912]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-01-12 102912]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R4 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-11-18 154904]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-07-18 230680]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-06-18 27416]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-18 121624]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2014-12-08 208152]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-06-18 21272]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-08-28 192792]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-10-10 200984]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-12-10 43296]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Lexware\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [2015-01-06 309232]
S2 Fitbit Connect;Fitbit Connect Service;c:\program files\Fitbit Connect\FitbitConnectService.exe [2014-12-12 5738528]
S2 vToolbarUpdater18.2.0;vToolbarUpdater18.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe [2014-12-10 1850392]
S2 WDBackup;WD Backup;c:\program files\Western Digital\WD SmartWare\WDBackupEngine.exe [2014-12-02 1042808]
S2 WDDriveService;WD Drive Manager;c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe [2014-12-02 296312]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-20 18:25	1084744	----a-w-	c:\program files\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-16 18:39]
.
2015-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 11:07]
.
2015-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 11:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.ebay.de/sch/i.html?_odkw=siemens+defekt&_fspt=1&_sadis=100&_osacat=20710&LH_Distance=2&_from=R40&LH_PrefLoc=1&_fpos=83342&_trksid=p2045573.m570.l1313.TR6.TRC1.A0.H0.Xbosch+defekt&_nkw=bosch+defekt&_sacat=20710
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://go.gmx.net/suchbox/gmxsuche?su=%s
IE: Hinzufügen zu Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security Special Ferrari Edition\ie_banner_deny.htm
IE: Send Image to Photo Library - file://c:\programme\Broderbund\Photo Pro\Temp\MGI00000.html
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Egerland\AppData\Roaming\Mozilla\Firefox\Profiles\q5ajt1bs.default-1380970918604\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - user.js: extensions.Softonic.hpOld0 - 
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=1&cc=&mi=cc4771f80000000000002eeee6aeaafc&toi=16081&q=
FF - user.js: extensions.Softonic.id - cc4771f80000000000002eeee6aeaafc
FF - user.js: extensions.Softonic.appId - {7ABBFE1C-E485-44AA-8F36-353751B4124D}
FF - user.js: extensions.Softonic.instlDay - 16081
FF - user.js: extensions.Softonic.vrsn - 1.8.29.3
FF - user.js: extensions.Softonic.vrsni - 1.8.29.3
FF - user.js: extensions.Softonic.vrsnTs - 1.8.29.320:30
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - 2013desingbrand
FF - user.js: extensions.Softonic.instlRef - MOY00009
FF - user.js: extensions.Softonic.dfltLng - de
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.ffxUnstlRst - false
FF - user.js: extensions.Softonic.admin - false
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic.rvrt - false
FF - user.js: extensions.Softonic.hmpg - true
FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=13&cc=&mi=cc4771f80000000000002eeee6aeaafc&toi=16081
FF - user.js: extensions.Softonic.dfltSrch - true
FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.Softonic.kw_url - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=2&cc=&mi=cc4771f80000000000002eeee6aeaafc&toi=16081&q=
FF - user.js: extensions.Softonic.dnsErr - true
FF - user.js: extensions.Softonic.newTab - true
FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MOY00009/tb_v1/?SearchSource=15&cc=&mi=cc4771f80000000000002eeee6aeaafc&toi=16081
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
URLSearchHooks-{26647ca4-a2a7-4eac-8a72-761aa9141de7} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - (no file)
HKCU-Run-AVG-Secure-Search-Update_1213b - c:\users\Egerland\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
   34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
   91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
   38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
   ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}"=hex:51,66,7a,6c,4c,1d,38,12,90,71,5e,
   cc,4f,af,fb,04,c4,32,35,80,2b,70,38,5a
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d8,e6,a6,53,3e,26,cd,01
.
[HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f3,61,da,99,8b,17,b1,44,a5,5a,67,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f3,61,da,99,8b,17,b1,44,a5,5a,67,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-02-25  21:12:43
ComboFix-quarantined-files.txt  2015-02-25 20:12
.
Vor Suchlauf: 14 Verzeichnis(se), 80.064.974.848 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 90.183.258.112 Bytes frei
.
- - End Of File - - 3C29570FBAE2E5D89B6D8D9A4B0CBD64
2E5DEBB2116B3417023E0D6562D7ED07
         
Zwischendrin habe ich zwei mal diese Fehlermeldung bekommen:

PEV.exe funktioniert nicht mehr.
Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und Sie werden benachrichtigt, wenn eine Lösung verfügbar ist.

Ich hab jeweils immer ok geklickt und es ging dann normal weiter.

Viele Grüße
kroko 123


Alt 26.02.2015, 12:07   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Telekom Abuse Team, Infektion: generic - Standard

Telekom Abuse Team, Infektion: generic



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Telekom Abuse Team, Infektion: generic

Alt 26.02.2015, 20:10   #7
Kroko123
 
Telekom Abuse Team, Infektion: generic - Standard

Telekom Abuse Team, Infektion: generic



Hallo Schrauber,

von Malwarebytes habe ich leider keine Log-Datei bekommen. Es kam die Meldung „Suchlauf beendet – Nicht Malware-Programme entdeckt.“
Diese habe ich dann auch in die Quarantäne verschoben.

Nach dem ersten Suchlauf kam folgender Log:

Debug
Code:
ATTFilter
[02:26/17:28:29] pipe error: 232
         
Oder hätte ich irgendwas noch anders einstellen müssen?

Ich hab die anderen Programme trotzdem durchlaufen lassen.

AdwCleaner:

Code:
ATTFilter
# AdwCleaner v4.111 - Bericht erstellt 26/02/2015 um 20:31:08
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-02-18.3 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x86)
# Benutzername : Egerland - EGERLAND-PC
# Gestarted von : C:\Users\Egerland\Downloads\AdwCleaner_4.111.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : vToolbarUpdater18.2.0

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\AVG Security Toolbar
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Users\Egerland\AppData\Local\iLivid
Ordner Gelöscht : C:\Users\Egerland\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Egerland\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Egerland\AppData\Roaming\Mozilla\Firefox\Profiles\5wvv71gq.default\Extensions\Avg@toolbar
Datei Gelöscht : C:\Users\Egerland\AppData\Roaming\Mozilla\Firefox\Profiles\q5ajt1bs.default-1380970918604\invalidprefs.js
Datei Gelöscht : C:\Users\Egerland\AppData\Roaming\Mozilla\Firefox\Profiles\5wvv71gq.default\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Users\Egerland\AppData\Roaming\Mozilla\Firefox\Profiles\q5ajt1bs.default-1380970918604\user.js
Datei Gelöscht : C:\Program Files\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\f
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2325506
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2EBBFB4D-D6A8-4602-B2BC-EE9BE9B6A08A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5EBF305B-8036-4379-B6AE-FC355BFF9464}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{09C6AB88-402B-4371-B00B-750CA1B06199}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\AVG Secure Search
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v35.0.1 (x86 de)

[5q2fhcqa.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.admin", false);
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.aflt", "SD");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.dfltLng", "de");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.dfltSrch", true);
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.dnsErr", true);
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.excTlbr", false);
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.ffxUnstlRst", false);
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.hmpg", true);
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=13&cc=&mi=cc4771f80000000000002eeee6aeaafc&toi=16081");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.hpOld0", "");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.id", "cc4771f80000000000002eeee6aeaafc");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.instlDay", "16081");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.instlRef", "MOY00009");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.kw_url", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=2&cc=&mi=cc4771f80000000000002eeee6aeaafc&toi=16081&q=");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.newTab", true);
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00009/tb_v1/?SearchSource=15&cc=&mi=cc4771f80000000000002eeee6aeaafc&toi=16081");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.rvrt", "false");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.smplGrp", "none");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.tlbrId", "2013desingbrand");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=1&cc=&mi=cc4771f80000000000002eeee6aeaafc&toi=16081&q=");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.vrsn", "1.8.29.3");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.8.29.320:30:27");
[q5ajt1bs.default-1380970918604\prefs.js] - Zeile Gelöscht : user_pref("extensions.S
oftonic.vrsni", "1.8.29.3");

-\\ Google Chrome v40.0.2214.115


*************************

AdwCleaner[R0].txt - [10331 Bytes] - [26/02/2015 20:27:06]
AdwCleaner[S0].txt - [10522 Bytes] - [26/02/2015 20:31:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10582  Bytes] ##########
         
Junkware Removal Tool:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x86
Ran by Egerland on 26.02.2015 at 20:45:15,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Egerland\AppData\Roaming\getrighttogo"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Egerland\AppData\Roaming\mozilla\firefox\profiles\q5ajt1bs.default-1380970918604\extensions\toolbar@gmx.net
Emptied folder: C:\Users\Egerland\AppData\Roaming\mozilla\firefox\profiles\q5ajt1bs.default-1380970918604\minidumps [340 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.02.2015 at 20:48:28,72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Und ein frisches FRST:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-02-2015 01
Ran by Egerland (administrator) on EGERLAND-PC on 26-02-2015 20:51:14
Running from C:\Users\Egerland\Desktop\Virenanalyse
Loaded Profiles: Egerland (Available profiles: Egerland & Administrator)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Lexware\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\GMX\LiveUpdate\m2LUTray.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SAMSUNG ELECTRONICS) C:\Program Files\Samsung\EmoDio\SMSTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Corel, Inc.) C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
() C:\Program Files\Power DVD Player\PowerDVDPlayer.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
() C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [LexwareInfoService] => C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [GMX Update] => C:\Program Files\GMX\LiveUpdate\m2LUTray.exe [2229632 2009-10-16] ()
HKLM\...\Run: [NeroFilterCheck] => C:\windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [185896 2006-09-28] (Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SMSTray] => C:\Program Files\Samsung\EmoDio\SMSTray.exe [479232 2009-04-16] (SAMSUNG ELECTRONICS)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe [106496 2005-08-02] (Corel, Inc.)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-12-02] (Western Digital Technologies, Inc.)
HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [4370976 2014-12-12] (Fitbit, Inc.)
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [Power DVD Player] => C:\Program Files\Power DVD Player\PowerDVDPlayer.exe [391168 2007-09-06] ()
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [AnyDVD] => C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [109480 2014-10-01] (SlySoft, Inc.)
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-06-10] (InstallShield Software Corporation)
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [4370976 2014-12-12] (Fitbit, Inc.)
HKU\S-1-5-18\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-06-10] (InstallShield Software Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\Users\Egerland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1131658597-4005637612-88016806-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ebay.de/sch/i.html?_odkw=siemens+defekt&_fspt=1&_sadis=100&_osacat=20710&LH_Distance=2&_from=R40&LH_PrefLoc=1&_fpos=83342&_trksid=p2045573.m570.l1313.TR6.TRC1.A0.H0.Xbosch+defekt&_nkw=bosch+defekt&_sacat=20710
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {59005EF4-725A-4875-B03E-59C1BE9DCF52} URL = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {5D6E4CE3-E317-4473-BEDE-6B111D426BBD} URL = hxxp://go.gmx.net/suchbox/amazon/?keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {8F76D6BC-80B9-4027-9C3A-CFD0EAC6E23B} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {A8EA1D37-CE39-4B3B-8728-7C93BCCBE5CA} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {D6FAA450-51B8-4270-BAF0-ABCC34A41F04} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {F8B71535-AD50-4877-B331-3ECDD5EF90FA} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
Handler: haufereader - No CLSID Value - 
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Egerland\AppData\Roaming\Mozilla\Firefox\Profiles\q5ajt1bs.default-1380970918604
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1131658597-4005637612-88016806-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Egerland\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: No Name - C:\Users\Egerland\AppData\Roaming\Mozilla\Firefox\Profiles\q5ajt1bs.default-1380970918604\extensions\toolbar@gmx.net [Not Found]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=48&cc=&mi=cc4771f80000000000002eeee6aeaafc&toi=16081"
CHR Profile: C:\Users\Egerland\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Egerland\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-12]
CHR Extension: (Google Wallet) - C:\Users\Egerland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-12]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files\Lexware\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [5738528 2014-12-12] (Fitbit, Inc.)
S2 gupdate1cacc505e5a502c; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [9728 2010-03-22] (Deutsche Telekom AG) [File not signed]
S4 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] ()
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-12-02] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\windows\System32\Drivers\AnyDVD.sys [121000 2014-04-24] (SlySoft, Inc.)
R1 Avgdiskx; C:\windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\windows\System32\DRIVERS\avgidsdriverx.sys [217568 2015-02-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\windows\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\windows\System32\DRIVERS\avgmfx86.sys [107488 2015-01-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\windows\System32\DRIVERS\avgtdix.sys [210400 2015-01-16] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [43296 2014-12-10] (AVG Technologies)
R1 ElbyCDIO; C:\windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Egerland\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-26 20:42 - 2015-02-26 20:43 - 01388274 _____ (Thisisu) C:\Users\Egerland\Downloads\JRT.exe
2015-02-26 20:33 - 2015-02-26 20:33 - 00000000 ___HD () C:\windows\AxInstSV
2015-02-26 20:26 - 2015-02-26 20:31 - 00000000 ____D () C:\AdwCleaner
2015-02-26 20:21 - 2015-02-26 20:21 - 02126848 _____ () C:\Users\Egerland\Downloads\AdwCleaner_4.111.exe
2015-02-26 16:58 - 2015-02-26 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-26 16:58 - 2015-02-26 16:58 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-02-26 16:58 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-26 16:58 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-26 15:43 - 2015-02-26 20:45 - 00008192 _____ () C:\windows\system32\WDPABKP.dat
2015-02-25 22:38 - 2015-01-09 00:44 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-25 21:12 - 2015-02-25 21:12 - 00017319 _____ () C:\ComboFix.txt
2015-02-25 19:15 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-02-25 19:15 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-02-25 19:15 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-02-25 19:15 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-02-25 19:15 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-02-25 19:15 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-02-25 19:15 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-02-25 19:15 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-02-25 19:14 - 2015-02-25 21:12 - 00000000 ____D () C:\Qoobox
2015-02-25 19:14 - 2015-02-25 21:10 - 00000000 ____D () C:\windows\erdnt
2015-02-25 15:00 - 2015-02-25 15:00 - 00000000 ____D () C:\ProgramData\Avg_Update_0215tb
2015-02-24 15:27 - 2015-02-26 20:16 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-24 15:27 - 2015-02-26 16:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-24 15:27 - 2015-02-24 16:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-24 15:26 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-24 15:12 - 2015-02-24 15:12 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-02-23 21:06 - 2015-02-23 21:06 - 00104960 _____ (GMER) C:\pwdyqkob.sys
2015-02-23 17:04 - 2015-02-26 20:51 - 00000000 ____D () C:\FRST
2015-02-23 16:59 - 2015-02-23 16:59 - 00000000 _____ () C:\Users\Egerland\defogger_reenable
2015-02-23 16:57 - 2015-02-26 20:51 - 00000000 ____D () C:\Users\Egerland\Desktop\Virenanalyse
2015-02-22 13:57 - 2015-02-22 13:57 - 00000000 ____D () C:\Users\Egerland\Desktop\Referat
2015-02-21 21:35 - 2015-02-21 21:35 - 00000000 ____D () C:\Users\Egerland\Documents\TAXMAN
2015-02-21 21:35 - 2015-02-21 21:35 - 00000000 ____D () C:\Users\Egerland\AppData\Local\HL
2015-02-21 21:29 - 2015-02-21 21:29 - 00000000 ____D () C:\ProgramData\AAV
2015-02-21 21:27 - 2015-02-21 21:32 - 00002017 _____ () C:\Users\Public\Desktop\TAXMAN 2015.lnk
2015-02-21 21:21 - 2015-02-21 21:21 - 00000000 ____D () C:\ProgramData\HL
2015-02-19 21:28 - 2015-02-19 21:28 - 00217568 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdriverx.sys
2015-02-17 19:32 - 2015-02-17 19:44 - 00000000 ____D () C:\Users\Egerland\Desktop\Dorema Bergamo
2015-02-16 19:16 - 2015-02-16 19:18 - 00146192 _____ () C:\windows\Minidump\021615-77766-01.dmp
2015-02-11 19:07 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-11 19:07 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-10 19:39 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-10 19:39 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-10 19:39 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-10 19:39 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-10 19:39 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-10 19:39 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-10 19:39 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-10 19:39 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-10 19:39 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-10 19:39 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-10 19:39 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-10 19:39 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-10 19:39 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-02-10 19:39 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-10 19:39 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-10 19:39 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-10 19:39 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-10 19:39 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-10 19:38 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-02-10 19:38 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-10 19:38 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-02-10 19:38 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-10 19:38 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-10 19:38 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-10 19:38 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-10 19:38 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-10 19:38 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-10 19:38 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-10 19:38 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-10 19:38 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 19:38 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-10 19:38 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-10 19:38 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-10 19:38 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-10 19:37 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-10 19:37 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-10 19:37 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-10 19:37 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-10 19:37 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-10 19:37 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-10 19:37 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-10 19:37 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-10 19:37 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-10 19:37 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-10 19:37 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-10 19:37 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-10 19:37 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-10 19:37 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-10 19:37 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-10 19:37 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-10 19:36 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-10 19:36 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-10 19:36 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-10 19:36 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-02-10 19:36 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-02-07 17:00 - 2015-02-07 17:00 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-03 10:47 - 2015-02-03 10:47 - 00265184 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avglogx.sys
2015-02-01 15:57 - 2015-02-01 16:03 - 00029184 _____ () C:\Users\Egerland\Downloads\kalorienwochenbudget(1).xls
2015-01-27 14:01 - 2015-01-27 14:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-26 20:42 - 2009-07-14 05:34 - 00023664 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-26 20:42 - 2009-07-14 05:34 - 00023664 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-26 20:38 - 2012-11-16 21:07 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-26 20:34 - 2010-03-25 20:40 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-26 20:33 - 2009-09-17 08:19 - 00904576 _____ () C:\windows\PFRO.log
2015-02-26 20:33 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-26 20:33 - 2009-07-14 05:39 - 00244651 _____ () C:\windows\setupact.log
2015-02-26 20:31 - 2009-09-17 07:44 - 01529921 _____ () C:\windows\WindowsUpdate.log
2015-02-26 20:25 - 2010-03-25 20:40 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-26 20:10 - 2010-01-08 20:22 - 00000000 ____D () C:\windows\SQL9_KB970892_ENU
2015-02-26 18:14 - 2009-11-07 13:44 - 00000000 ____D () C:\windows\PCHEALTH
2015-02-26 16:45 - 2011-12-13 19:57 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-26 15:51 - 2014-10-19 11:47 - 00000951 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-02-26 15:51 - 2014-04-01 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-02-25 22:04 - 2013-04-20 15:49 - 00000083 ___SH () C:\ProgramData\.zreglib
2015-02-25 21:12 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-02-25 21:12 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-02-25 21:07 - 2009-07-14 03:04 - 00000215 _____ () C:\windows\system.ini
2015-02-25 15:01 - 2014-12-10 16:40 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
2015-02-24 19:09 - 2009-07-26 21:06 - 01427320 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-23 17:44 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\rescache
2015-02-23 16:59 - 2009-11-07 13:35 - 00000000 ____D () C:\Users\Egerland
2015-02-22 22:07 - 2012-11-16 20:33 - 00000000 ____D () C:\Users\Egerland\AppData\Roaming\BOM
2015-02-22 15:46 - 2014-08-09 15:50 - 00000000 ____D () C:\Users\Egerland\Desktop\Ralfs Lieblingsmusik
2015-02-22 15:45 - 2014-07-14 07:44 - 00000000 ____D () C:\Users\Egerland\AppData\Roaming\streamWriter
2015-02-22 11:47 - 2009-11-07 13:46 - 00124808 _____ () C:\Users\Egerland\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-22 11:44 - 2009-07-14 05:33 - 00445376 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-22 11:41 - 2014-02-18 20:06 - 00000000 ____D () C:\Program Files\CDBurnerXP
2015-02-21 21:32 - 2009-11-07 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2015-02-21 21:29 - 2009-11-07 19:41 - 00000000 ____D () C:\Program Files\Lexware
2015-02-21 20:59 - 2014-02-18 20:06 - 00001895 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2015-02-21 20:59 - 2014-02-18 20:06 - 00001845 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-02-20 19:27 - 2010-03-25 20:22 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-18 21:11 - 2015-01-24 13:51 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-02-16 19:16 - 2011-03-02 14:44 - 341335862 _____ () C:\windows\MEMORY.DMP
2015-02-16 19:16 - 2011-03-02 14:44 - 00000000 ____D () C:\windows\Minidump
2015-02-14 20:08 - 2013-01-23 20:01 - 00000000 ____D () C:\Users\Egerland\Documents\My Digital Editions
2015-02-11 19:06 - 2013-02-01 21:06 - 00000000 ____D () C:\Users\Egerland\Documents\Calibre Bibliothek
2015-02-11 18:44 - 2014-12-10 17:48 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-11 18:44 - 2014-05-06 21:09 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-11 18:44 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\tracing
2015-02-11 18:44 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\de-DE
2015-02-10 21:15 - 2013-07-11 20:13 - 00000000 ____D () C:\windows\system32\MRT
2015-02-10 21:07 - 2009-11-10 21:27 - 113756392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-09 16:40 - 2013-02-01 20:07 - 00000000 ____D () C:\Users\Egerland\Documents\My Kindle Content
2015-02-08 18:35 - 2011-05-12 15:23 - 00000000 ____D () C:\Users\Egerland\Desktop\DVD-Filme
2015-02-07 17:01 - 2013-12-01 16:52 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-07 17:01 - 2009-11-07 19:37 - 00000000 ____D () C:\Program Files\Java
2015-02-07 17:00 - 2014-12-07 21:42 - 00096680 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2015-02-05 19:39 - 2012-11-16 21:07 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-02-05 19:39 - 2011-11-09 21:11 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-27 16:39 - 2012-05-05 16:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-27 14:18 - 2009-11-07 13:36 - 00000000 ____D () C:\Users\Egerland\AppData\Local\Adobe

==================== Files in the root of some directories =======

2012-06-19 12:45 - 2015-01-19 17:26 - 0000564 _____ () C:\Users\Egerland\AppData\Roaming\mag33.ini
2012-09-13 07:55 - 2012-09-13 07:55 - 0027520 _____ () C:\Users\Egerland\AppData\Local\dt.dat
2012-01-24 19:55 - 2012-01-24 19:55 - 0000096 _____ () C:\Users\Egerland\AppData\Local\fusioncache.dat
2013-04-20 15:49 - 2015-02-25 22:04 - 0000083 ___SH () C:\ProgramData\.zreglib
2011-02-03 17:37 - 2011-02-03 17:37 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-11-07 13:40 - 2009-08-17 06:54 - 0131368 _____ () C:\ProgramData\FullRemove.exe

Some content of TEMP:
====================
C:\Users\Egerland\AppData\Local\Temp\Quarantine.exe
C:\Users\Egerland\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 17:31

==================== End Of Log ============================
         
--- --- ---

--- --- ---



Viele Grüße
Kroko123

Alt 27.02.2015, 06:25   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Telekom Abuse Team, Infektion: generic - Standard

Telekom Abuse Team, Infektion: generic




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.02.2015, 20:55   #9
Kroko123
 
Telekom Abuse Team, Infektion: generic - Standard

Telekom Abuse Team, Infektion: generic



Hallo Schrauber,

Eset Online Scanner:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d7df9c3f29f44a40a673556362e82d4e
# engine=22677
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-27 07:35:51
# local_time=2015-02-27 08:35:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus Free Edition 2015'
# compatibility_mode=1055 16777213 100 100 24307 112199735 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 39918895 176696942 0 0
# scanned=391802
# found=2
# cleaned=0
# scan_time=17420
sh=457335C7D7CF3B76BDA5156BDFC9D2E55F5EB26E ft=1 fh=733834ea60493ef0 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Egerland\Documents\Downloads\Integrated_CT2325506.exe"
sh=1E90306E14443B76B4DDAFA620D42B1A18D319E8 ft=1 fh=ee978b914a64ce5d vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Egerland\Downloads\Schoener Fernsehen - CHIP-Installer.exe"
         
SecurityCheck:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
AVG AntiVirus Free Edition 2015   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 AVG Web TuneUp   
 Java 8 Update 31  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 	16.0.0.305  
 Adobe Reader 9 Adobe Reader out of Date! 
 Adobe Reader 10.1.13 Adobe Reader out of Date!  
 Mozilla Firefox (GMX.) 
 Google Chrome (40.0.2214.111) 
 Google Chrome (40.0.2214.115) 
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Und noch ein frisches FRST:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-02-2015 01
Ran by Egerland (administrator) on EGERLAND-PC on 27-02-2015 21:12:41
Running from C:\Users\Egerland\Desktop\Virenanalyse\FRST-OlderVersion
Loaded Profiles: Egerland (Available profiles: Egerland & Administrator)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Lexware\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\GMX\LiveUpdate\m2LUTray.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SAMSUNG ELECTRONICS) C:\Program Files\Samsung\EmoDio\SMSTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Corel, Inc.) C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
() C:\Program Files\Power DVD Player\PowerDVDPlayer.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
() C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [LexwareInfoService] => C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [GMX Update] => C:\Program Files\GMX\LiveUpdate\m2LUTray.exe [2229632 2009-10-16] ()
HKLM\...\Run: [NeroFilterCheck] => C:\windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [185896 2006-09-28] (Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SMSTray] => C:\Program Files\Samsung\EmoDio\SMSTray.exe [479232 2009-04-16] (SAMSUNG ELECTRONICS)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe [106496 2005-08-02] (Corel, Inc.)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-12-02] (Western Digital Technologies, Inc.)
HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [4370976 2014-12-12] (Fitbit, Inc.)
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [Power DVD Player] => C:\Program Files\Power DVD Player\PowerDVDPlayer.exe [391168 2007-09-06] ()
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [AnyDVD] => C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [109480 2014-10-01] (SlySoft, Inc.)
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-06-10] (InstallShield Software Corporation)
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [4370976 2014-12-12] (Fitbit, Inc.)
HKU\S-1-5-18\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-06-10] (InstallShield Software Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\Users\Egerland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1131658597-4005637612-88016806-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ebay.de/sch/i.html?_odkw=siemens+defekt&_fspt=1&_sadis=100&_osacat=20710&LH_Distance=2&_from=R40&LH_PrefLoc=1&_fpos=83342&_trksid=p2045573.m570.l1313.TR6.TRC1.A0.H0.Xbosch+defekt&_nkw=bosch+defekt&_sacat=20710
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {59005EF4-725A-4875-B03E-59C1BE9DCF52} URL = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {5D6E4CE3-E317-4473-BEDE-6B111D426BBD} URL = hxxp://go.gmx.net/suchbox/amazon/?keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {8F76D6BC-80B9-4027-9C3A-CFD0EAC6E23B} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {A8EA1D37-CE39-4B3B-8728-7C93BCCBE5CA} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {D6FAA450-51B8-4270-BAF0-ABCC34A41F04} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {F8B71535-AD50-4877-B331-3ECDD5EF90FA} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
Handler: haufereader - No CLSID Value - 
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Egerland\AppData\Roaming\Mozilla\Firefox\Profiles\q5ajt1bs.default-1380970918604
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1131658597-4005637612-88016806-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Egerland\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=48&cc=&mi=cc4771f80000000000002eeee6aeaafc&toi=16081"
CHR Profile: C:\Users\Egerland\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Egerland\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-12]
CHR Extension: (Google Wallet) - C:\Users\Egerland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-12]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files\Lexware\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [5738528 2014-12-12] (Fitbit, Inc.)
S2 gupdate1cacc505e5a502c; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [9728 2010-03-22] (Deutsche Telekom AG) [File not signed]
S4 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] ()
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-12-02] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\windows\System32\Drivers\AnyDVD.sys [121000 2014-04-24] (SlySoft, Inc.)
R1 Avgdiskx; C:\windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\windows\System32\DRIVERS\avgidsdriverx.sys [217568 2015-02-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\windows\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\windows\System32\DRIVERS\avgmfx86.sys [107488 2015-01-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\windows\System32\DRIVERS\avgtdix.sys [210400 2015-01-16] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [43296 2014-12-10] (AVG Technologies)
R1 ElbyCDIO; C:\windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Egerland\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-27 20:55 - 2015-02-27 20:55 - 00852594 _____ () C:\Users\Egerland\Downloads\SecurityCheck.exe
2015-02-27 15:43 - 2015-02-27 15:43 - 00000000 ____D () C:\Program Files\ESET
2015-02-27 15:03 - 2015-02-27 15:03 - 02347384 _____ (ESET) C:\Users\Egerland\Downloads\esetsmartinstaller_deu.exe
2015-02-26 20:42 - 2015-02-26 20:43 - 01388274 _____ (Thisisu) C:\Users\Egerland\Downloads\JRT.exe
2015-02-26 20:26 - 2015-02-26 20:31 - 00000000 ____D () C:\AdwCleaner
2015-02-26 20:21 - 2015-02-26 20:21 - 02126848 _____ () C:\Users\Egerland\Downloads\AdwCleaner_4.111.exe
2015-02-26 16:58 - 2015-02-26 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-26 16:58 - 2015-02-26 16:58 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-02-26 16:58 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-26 16:58 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-26 15:43 - 2015-02-27 14:48 - 00008192 _____ () C:\windows\system32\WDPABKP.dat
2015-02-25 22:38 - 2015-01-09 00:44 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-25 21:12 - 2015-02-25 21:12 - 00017319 _____ () C:\ComboFix.txt
2015-02-25 19:15 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-02-25 19:15 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-02-25 19:15 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-02-25 19:15 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-02-25 19:15 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-02-25 19:15 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-02-25 19:15 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-02-25 19:15 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-02-25 19:14 - 2015-02-25 21:12 - 00000000 ____D () C:\Qoobox
2015-02-25 19:14 - 2015-02-25 21:10 - 00000000 ____D () C:\windows\erdnt
2015-02-25 15:00 - 2015-02-25 15:00 - 00000000 ____D () C:\ProgramData\Avg_Update_0215tb
2015-02-24 15:27 - 2015-02-26 20:16 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-24 15:27 - 2015-02-26 16:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-24 15:27 - 2015-02-24 16:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-24 15:26 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-24 15:12 - 2015-02-24 15:12 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-02-23 21:06 - 2015-02-23 21:06 - 00104960 _____ (GMER) C:\pwdyqkob.sys
2015-02-23 17:04 - 2015-02-27 21:12 - 00000000 ____D () C:\FRST
2015-02-23 16:59 - 2015-02-23 16:59 - 00000000 _____ () C:\Users\Egerland\defogger_reenable
2015-02-23 16:57 - 2015-02-27 21:05 - 00000000 ____D () C:\Users\Egerland\Desktop\Virenanalyse
2015-02-22 13:57 - 2015-02-22 13:57 - 00000000 ____D () C:\Users\Egerland\Desktop\Referat
2015-02-21 21:35 - 2015-02-21 21:35 - 00000000 ____D () C:\Users\Egerland\Documents\TAXMAN
2015-02-21 21:35 - 2015-02-21 21:35 - 00000000 ____D () C:\Users\Egerland\AppData\Local\HL
2015-02-21 21:29 - 2015-02-21 21:29 - 00000000 ____D () C:\ProgramData\AAV
2015-02-21 21:27 - 2015-02-21 21:32 - 00002017 _____ () C:\Users\Public\Desktop\TAXMAN 2015.lnk
2015-02-21 21:21 - 2015-02-21 21:21 - 00000000 ____D () C:\ProgramData\HL
2015-02-19 21:28 - 2015-02-19 21:28 - 00217568 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdriverx.sys
2015-02-17 19:32 - 2015-02-17 19:44 - 00000000 ____D () C:\Users\Egerland\Desktop\Dorema Bergamo
2015-02-16 19:16 - 2015-02-16 19:18 - 00146192 _____ () C:\windows\Minidump\021615-77766-01.dmp
2015-02-11 19:07 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-11 19:07 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-10 19:39 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-10 19:39 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-10 19:39 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-10 19:39 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-10 19:39 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-10 19:39 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-10 19:39 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-10 19:39 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-10 19:39 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-10 19:39 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-10 19:39 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-10 19:39 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-10 19:39 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-02-10 19:39 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-10 19:39 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-10 19:39 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-10 19:39 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-10 19:39 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-10 19:38 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-02-10 19:38 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-10 19:38 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-02-10 19:38 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-10 19:38 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-10 19:38 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-10 19:38 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-10 19:38 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-10 19:38 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-10 19:38 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-10 19:38 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-10 19:38 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 19:38 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-10 19:38 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-10 19:38 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-10 19:38 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-10 19:37 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-10 19:37 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-10 19:37 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-10 19:37 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-10 19:37 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-10 19:37 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-10 19:37 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-10 19:37 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-10 19:37 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-10 19:37 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-10 19:37 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-10 19:37 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-10 19:37 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-10 19:37 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-10 19:37 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-10 19:37 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-10 19:36 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-10 19:36 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-10 19:36 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-10 19:36 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-02-10 19:36 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-02-07 17:00 - 2015-02-07 17:00 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-03 10:47 - 2015-02-03 10:47 - 00265184 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avglogx.sys
2015-02-01 15:57 - 2015-02-01 16:03 - 00029184 _____ () C:\Users\Egerland\Downloads\kalorienwochenbudget(1).xls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-27 20:38 - 2012-11-16 21:07 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-27 20:25 - 2010-03-25 20:40 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-27 19:32 - 2009-09-17 07:44 - 01565232 _____ () C:\windows\WindowsUpdate.log
2015-02-27 15:25 - 2010-03-25 20:40 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-27 15:07 - 2015-01-27 14:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-27 15:03 - 2009-07-26 21:06 - 01427320 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-27 14:56 - 2009-07-14 05:34 - 00023664 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-27 14:56 - 2009-07-14 05:34 - 00023664 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-27 14:51 - 2011-12-13 19:57 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-27 14:46 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-27 14:46 - 2009-07-14 05:39 - 00244707 _____ () C:\windows\setupact.log
2015-02-26 21:17 - 2013-04-20 15:49 - 00000083 ___SH () C:\ProgramData\.zreglib
2015-02-26 20:33 - 2009-09-17 08:19 - 00904576 _____ () C:\windows\PFRO.log
2015-02-26 20:10 - 2010-01-08 20:22 - 00000000 ____D () C:\windows\SQL9_KB970892_ENU
2015-02-26 18:14 - 2009-11-07 13:44 - 00000000 ____D () C:\windows\PCHEALTH
2015-02-26 15:51 - 2014-10-19 11:47 - 00000951 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-02-26 15:51 - 2014-04-01 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-02-25 21:12 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-02-25 21:12 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-02-25 21:07 - 2009-07-14 03:04 - 00000215 _____ () C:\windows\system.ini
2015-02-25 15:01 - 2014-12-10 16:40 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
2015-02-23 17:44 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\rescache
2015-02-23 16:59 - 2009-11-07 13:35 - 00000000 ____D () C:\Users\Egerland
2015-02-22 22:07 - 2012-11-16 20:33 - 00000000 ____D () C:\Users\Egerland\AppData\Roaming\BOM
2015-02-22 15:46 - 2014-08-09 15:50 - 00000000 ____D () C:\Users\Egerland\Desktop\Ralfs Lieblingsmusik
2015-02-22 15:45 - 2014-07-14 07:44 - 00000000 ____D () C:\Users\Egerland\AppData\Roaming\streamWriter
2015-02-22 11:47 - 2009-11-07 13:46 - 00124808 _____ () C:\Users\Egerland\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-22 11:44 - 2009-07-14 05:33 - 00445376 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-22 11:41 - 2014-02-18 20:06 - 00000000 ____D () C:\Program Files\CDBurnerXP
2015-02-21 21:32 - 2009-11-07 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2015-02-21 21:29 - 2009-11-07 19:41 - 00000000 ____D () C:\Program Files\Lexware
2015-02-21 20:59 - 2014-02-18 20:06 - 00001895 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2015-02-21 20:59 - 2014-02-18 20:06 - 00001845 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-02-20 19:27 - 2010-03-25 20:22 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-18 21:11 - 2015-01-24 13:51 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-02-16 19:16 - 2011-03-02 14:44 - 341335862 _____ () C:\windows\MEMORY.DMP
2015-02-16 19:16 - 2011-03-02 14:44 - 00000000 ____D () C:\windows\Minidump
2015-02-14 20:08 - 2013-01-23 20:01 - 00000000 ____D () C:\Users\Egerland\Documents\My Digital Editions
2015-02-11 19:06 - 2013-02-01 21:06 - 00000000 ____D () C:\Users\Egerland\Documents\Calibre Bibliothek
2015-02-11 18:44 - 2014-12-10 17:48 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-11 18:44 - 2014-05-06 21:09 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-11 18:44 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\tracing
2015-02-11 18:44 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\de-DE
2015-02-10 21:15 - 2013-07-11 20:13 - 00000000 ____D () C:\windows\system32\MRT
2015-02-10 21:07 - 2009-11-10 21:27 - 113756392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-09 16:40 - 2013-02-01 20:07 - 00000000 ____D () C:\Users\Egerland\Documents\My Kindle Content
2015-02-08 18:35 - 2011-05-12 15:23 - 00000000 ____D () C:\Users\Egerland\Desktop\DVD-Filme
2015-02-07 17:01 - 2013-12-01 16:52 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-07 17:01 - 2009-11-07 19:37 - 00000000 ____D () C:\Program Files\Java
2015-02-07 17:00 - 2014-12-07 21:42 - 00096680 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2015-02-05 19:39 - 2012-11-16 21:07 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-02-05 19:39 - 2011-11-09 21:11 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2012-06-19 12:45 - 2015-01-19 17:26 - 0000564 _____ () C:\Users\Egerland\AppData\Roaming\mag33.ini
2012-09-13 07:55 - 2012-09-13 07:55 - 0027520 _____ () C:\Users\Egerland\AppData\Local\dt.dat
2012-01-24 19:55 - 2012-01-24 19:55 - 0000096 _____ () C:\Users\Egerland\AppData\Local\fusioncache.dat
2013-04-20 15:49 - 2015-02-26 21:17 - 0000083 ___SH () C:\ProgramData\.zreglib
2011-02-03 17:37 - 2011-02-03 17:37 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-11-07 13:40 - 2009-08-17 06:54 - 0131368 _____ () C:\ProgramData\FullRemove.exe

Some content of TEMP:
====================
C:\Users\Egerland\AppData\Local\Temp\Quarantine.exe
C:\Users\Egerland\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 17:31

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Viele Grüße
kroko123

Alt 28.02.2015, 09:58   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Telekom Abuse Team, Infektion: generic - Standard

Telekom Abuse Team, Infektion: generic



Java und Adobe updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Egerland\Documents\Downloads\Integrated_CT2325506.exe

C:\Users\Egerland\Downloads\Schoener Fernsehen - CHIP-Installer.exe
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.02.2015, 19:24   #11
Kroko123
 
Telekom Abuse Team, Infektion: generic - Standard

Telekom Abuse Team, Infektion: generic



Hallo Schrauber,

Java wollte ich aktualisieren, aber ich bekomme die Meldung, dass die neueste Version 8 Update 31 schon auf meinem PC installiert ist.

Vom Adobe Reader habe ich ein Update auf Adobe XI gemacht.

Fixlog:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-02-2015 01
Ran by Egerland at 2015-02-28 19:54:02 Run:1
Running from C:\Users\Egerland\Desktop\Virenanalyse\FRST-OlderVersion
Loaded Profiles: Egerland (Available profiles: Egerland & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\Egerland\Documents\Downloads\Integrated_CT2325506.exe

C:\Users\Egerland\Downloads\Schoener Fernsehen - CHIP-Installer.exe
Emptytemp:
         
*****************

C:\Users\Egerland\Documents\Downloads\Integrated_CT2325506.exe => Moved successfully.
C:\Users\Egerland\Downloads\Schoener Fernsehen - CHIP-Installer.exe => Moved successfully.
EmptyTemp: => Removed 504.2 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 19:55:59 ====
         
Jetzt hab ich nur noch eine kleine Frage: Sollte ich jetzt vorsichtshalber alle Passwörter ändern? Um ganz sicher zu sein, vermutlich ja, oder?
War es jetzt eigentlich wirklich so ein gefährlicher Virus bzw. Trojaner, auf den mich das Telekom Abuse Team aufmerksam gemacht hat?

Für die Zukunft werde ich mir ein kostenpflichtiges Antivirusprogramm zulegen. Ich hoffe, dass ich dann besser geschützt bin. Dein Favorit ist ja Emsisoft, oder? Reicht Emsisoft Anti Malware oder besser Emsisoft Internet Security? Würdest Du dann auch gleich noch Emsisoft Mobile Security für mein Handy empfehlen? Denn da habe ich bisher auch einen kostenlosen Virenscanner.

Ich möchte mich nochmal ganz herzlich für deine Hilfe bedanken. Es ist wirklich toll, dass es so ein Forum gibt. Eine Spende ist an Euch natürlich auch schon unterwegs. Vielen, vielen Dank.

Viele Grüße
kroko123

Alt 01.03.2015, 11:17   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Telekom Abuse Team, Infektion: generic - Standard

Telekom Abuse Team, Infektion: generic



Immer Passwörter ändern bei Befall. Hier war überwiegend Adware drauf, aber auch die kann das verursachen.

Gibt es noch andere Windows Rechner im Netz?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.03.2015, 11:36   #13
Kroko123
 
Telekom Abuse Team, Infektion: generic - Standard

Telekom Abuse Team, Infektion: generic



Nein, das ist der einzige Windows-Rechner im Netz. Sonst gibts nur noch 2 Handy's, die übers Wlan ins Internet gehen.

Viele Grüße
Kroko123

Alt 01.03.2015, 15:22   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Telekom Abuse Team, Infektion: generic - Standard

Telekom Abuse Team, Infektion: generic



Dann passt das
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Telekom Abuse Team, Infektion: generic
adware, antivirus, autorun, bonjour, browser, cid, computer, cpu, desktop, device driver, downloader, ebanking, flash player, frage, home, homepage, karte, mozilla, msiexec.exe, realtek, registry, scan, secure search, security, svchost.exe, udp, usb, viren, vtoolbarupdater, wlan



Ähnliche Themen: Telekom Abuse Team, Infektion: generic


  1. Email vom Abuse-Team der Telekom
    Plagegeister aller Art und deren Bekämpfung - 11.08.2015 (14)
  2. Bedep , Skinhole, Meldung Telekom Abuse Team
    Log-Analyse und Auswertung - 31.07.2015 (21)
  3. Brief von Telekom-Abuse-Team (Sinkhole)
    Log-Analyse und Auswertung - 01.07.2015 (7)
  4. Telekom Abuse Team - generic Trojaner/Virus
    Log-Analyse und Auswertung - 03.06.2015 (37)
  5. Deutsche Telekom Abuse-Team - Infektion: generic
    Plagegeister aller Art und deren Bekämpfung - 25.04.2015 (19)
  6. Telekom Abuse Team - generic Trojaner/Virus
    Alles rund um Windows - 25.02.2015 (27)
  7. Telekom Abuse Team - generic Trojaner/Virus
    Alles rund um Mac OSX & Linux - 20.02.2015 (9)
  8. Telekom Abuse Team E-Mail - generic Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.02.2015 (9)
  9. Sicherheitswarnung Telekom Abuse Team
    Log-Analyse und Auswertung - 10.02.2015 (13)
  10. Telekom Abuse Team Sicherheitswarnung: Spam-Mails
    Plagegeister aller Art und deren Bekämpfung - 09.01.2015 (23)
  11. Telekom Abuse Team warnt vor Bedrohung.
    Plagegeister aller Art und deren Bekämpfung - 31.12.2014 (13)
  12. Trojaner "generic" auf Android -- Infobrief der Telekom und deren Abuse-Team
    Smartphone, Tablet & Handy Security - 15.12.2014 (5)
  13. Brief von Telekom Abuse Team wegen Verdachts auf Hacking
    Log-Analyse und Auswertung - 14.07.2013 (24)
  14. Brief von Telekom Abuse Team erhalten- Spamversand.
    Plagegeister aller Art und deren Bekämpfung - 06.07.2013 (18)
  15. Email von Telekom-Abuse-Team | Log-File anbei
    Log-Analyse und Auswertung - 14.02.2013 (11)
  16. Telekom Brief von Abuse-Team
    Plagegeister aller Art und deren Bekämpfung - 05.11.2012 (9)
  17. Telekom Brief (per Post) vom Abuse Team - PC 1
    Log-Analyse und Auswertung - 26.10.2012 (8)

Zum Thema Telekom Abuse Team, Infektion: generic - Hallo, ich habe vor kurzem einen Brief sowie 2 Mails vom Telekom-Abuse-Team erhalten mit folgendem Text: Code: Alles auswählen Aufklappen ATTFilter Sehr geehrte Kundin, sehr geehrter Kunde, uns liegen Hinweise - Telekom Abuse Team, Infektion: generic...
Archiv
Du betrachtest: Telekom Abuse Team, Infektion: generic auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.